Continuous trust: why access management alone is no longer enough

Following Matt Hornsey’s presentation on behalf of Ditto at the KuppingerCole European Identity and Cloud Conference, Adam Smith, Global Marketing Lead, summarises the identity expert’s perspective on trust in the digital world.

At EIC 2026, the conversation around digital identity moved beyond a familiar question: “Can this user get in?”

The better question is: “Can this interaction be trusted, right now, with the least data possible?”

That shift matters. For too long, the industry has treated access as trust. MFA. KYC. SSO. Session cookies. Orchestration layers. All useful checkpoints. None enough on their own.

They prove a moment. Then, that moment passes.

In the real world, trust builds over time. You recognise your neighbour, your colleague, the shopkeeper, because every interaction adds context. Online, the opposite often happens. Every login can feel like starting again with a stranger.

So organisations collect more data. Add more steps. Ask more questions. And still rely on brittle signals like passwords, email recovery, bearer tokens and knowledge-based answers.

Digital identity needs a stronger foundation.

Continuous digital trust verifies the user or agent, device, application and transaction across the full customer lifecycle. Not once. Not at the edge. Across every meaningful interaction.

That means rethinking the journey from start to finish. At sign-up, identity proofing should not become a one-off data harvest. During routine use, trust should not be assumed because a session is active. At high-risk moments — payments, transfers, signatures — intent and legitimacy needs to be proven, not guessed. And during recovery, organisations cannot fall back to the weakest link in the chain.

A modern model connects identity verification, device-bound authentication, runtime app protection, signed transactions and shared risk signals. Wallet credentials enable privacy-preserving linkage. Zero Trust principles enforce assurance per request, not per session. Device threat signals add context. Post-quantum cryptography gives the trust layer durability for the threats still to come.

This is where Ditto fits.

Ditto unifies onboarding, authentication and mobile threat defence through a cryptographically secured platform that protects every interaction from start to finish. It helps organisations move beyond shared secrets, long-lived bearer tokens and replay-vulnerable authentication, replacing them with proof-based interactions that are private, resilient and friction-lite or low-friction

For customers, that means fewer repeat requests and simpler journeys.

For enterprises, it means stronger fraud posture , clearer compliance and a trust model that extends across people, devices, services and AI agents.

And for regulated industries preparing for wallet-bound identity, EUDI orchestration creates a practical path to interoperable, privacy-preserving verification without rebuilding the entire identity stack.

The takeaway Ditto provided to EIC is simple: the problem is not access. It is continuity.

Trust has to survive the hand-offs between onboarding, login, transaction, recovery and future cryptographic change.

Organisations that want to reduce fraud without increasing friction need to retire yesterday’s assumptions and rebuild around proof.

Explore quantum-resistant authentication, application and device security and signal-driven trust with Ditto.