Search Menu

Digital identity is one of the most valuable assets for both individuals and businesses

Our colleague Clara Vélez, from the Identity Management team within Cybersecurity Operations at Telefónica Cybersecurity & Cloud Tech, gives us details in this interview about concepts such as digital identity and Identity and Access Management.

interviews101-clara-velez

Clara Vélez

Reading time: 5 min

Tell us a little about yourself. What does your job at Telefónica involve?

My name is Clara Vélez and I am part of the Identity Management team within Cybersecurity Operations at Telefónica Cybersecurity & Cloud Tech. My role ranges from technical implementation to project management, working with advanced tools such as CyberArk, a leading identity security platform.

Subscribe to Telefónica’s blog and find out before anyone else.





CyberArk protects privileged access, manages credentials and applies Zero Trust principles to ensure security in hybrid and multi-cloud environments. It’s like having a digital safe that only opens with the right key.

My academic career began at the Carlos III University of Madrid, where I graduated as a telecommunications engineer and am currently completing my master’s degree in cybersecurity, which has given me a very comprehensive view of the world of digital threats.

I was also lucky enough to start as an intern thanks to the Talentum Scholarships, and from my first day at Telefónica Tech, I felt that my work had a real impact. There is nothing

more motivating than knowing that what you do helps protect companies and people.

How do the different branches of cybersecurity differ?

Cybersecurity is a broad and diverse field, where each branch focuses on protecting a specific aspect of the digital environment. These are some of the main areas:

  • Network security.
  • Identity and access management (IAM). This deals with controlling who can access what resources within an organisation. It is like managing a system of digital keys, ensuring that each person has access only to what they need to do their job.
  • Application security. Its goal is to ensure that applications are secure from the design stage, preventing vulnerabilities that could be exploited by attackers.
  • Incident response. This team acts as the firefighters of the digital world. When a security incident occurs, they spring into action to mitigate the impact, investigate what happened and prevent future problems.

Although each branch has its own speciality, they all work together to create a more secure digital environment.

What is identity security?

The main purpose of Identity Security is to protect users’ digital credentials and access, ensuring that only authorised persons can access sensitive systems and data. In other words, it is about ensuring that ‘you are you’ in the digital world.

My team is responsible for managing privileged access and protecting critical identities within an organisation, applying principles such as ‘least privilege’. This means that each user has access only to what is necessary to do their job, reducing unnecessary risks.

Why is it important?

Digital identity is one of the most valuable assets for both individuals and businesses, and protecting it has become a strategic priority in a world where cyberattacks are becoming increasingly sophisticated.

To understand its importance, let’s consider a practical example: if someone steals your house keys, they could break in, go through your belongings or even impersonate you. In the digital realm, unauthorised access to your credentials can have equally serious consequences, such as emptying your bank accounts, sending fraudulent emails from your profile or leaking confidential information about your company.

Beyond protecting sensitive data, identity security is key to preventing fraudulent activities, safeguarding personal and corporate reputations, complying with legal regulations, and strengthening trust between customers and employees. It is an essential pillar in any organisation’s cybersecurity strategy.

Another interesting concept is Identity and Access Management (IAM). Could you explain what it consists of?

Identity and Access Management (IAM) is the system responsible for managing everything related to digital identities within an organisation. From assigning permissions to revoking access when someone leaves a company, IAM ensures that each user has exactly the privileges they need to perform their role, no more and no less.

For example, if an employee works in the finance department, IAM ensures that they have access to the necessary accounting tools, but not to systems related to human resources or technical development. This granular control reduces risk and improves overall security.

What is its relevance and main applications?

IAM is essential because it allows you to maintain strict control over who accesses what resources within an organisation. This not only protects sensitive data, but also helps to comply with legal regulations and international data protection standards.

Its main applications include:

  • Multi-factor authentication (MFA). Adds additional layers of security to the login process.
  • Centralised management. Allows all identities to be managed from a single system.
  • Lifecycle automation. Facilitates tasks such as granting access to new employees or automatically revoking permissions when someone leaves the organisation.
  • Audits and traceability. Records who accessed which resource and when, which is essential for internal investigations or audits.

In short, IAM not only improves security, it also optimises internal processes and strengthens trust in corporate systems.

What are the pillars of IAM?

Identity and Access Management (IAM) is based on four fundamental pillars that guarantee secure and efficient access:

  1. Identity management. Ensures that each user has a unique digital identity and that their permissions match their role, from the moment they join the organisation until they leave.
  2. Authentication. Verifies that the person attempting to access is who they say they are, using methods such as secure passwords, multi-factor authentication or biometrics.
  3. Authorisation. Defines what each user can do according to their role, ensuring that they only access what is necessary to do their job.
  4. Auditing and governance. Monitors and logs all access to ensure regulatory compliance and detect potential anomalies.

These pillars work together to protect systems, minimise risks and ensure that only the right people access the right information.

Which people working at Telefónica would you nominate for this interview who you consider to be excellent at their job?

I would nominate a colleague from my degree course, a great friend and an exemplary worker: Antonio Rueda.

He is currently part of the Telefónica Spain team in the strategic projects area of the Network, IT and TV department, and he also started out as a ‘Telefónico’ with the Talentum scholarship programme.

Share it on your social networks

#

Word of the week

Technology

Most read in the last week :: TOP 5

  1. 7 advantages and disadvantages of ICTs in education  
  2. 9 technological inventions that have changed the world 
  3. Technology and the environment: a battle between harm and benefit
  4. 10 Tips to improve your photos
  5. What’s Next for Standard Essential Patents (SEPs) in Europe?

Related Content

Communication

Contact our communication department or requests additional material.

Exit mobile version