The complex challenges that arise from digital transformation and the use of connected devices are captured in an IDC forecast there to be about 80 billion connected devices by 2025. The types of challenges stemming from this include building new and existing customers’ profiles, even though they can engage across multiple touchpoints; getting employees to use their preferred devices to obtain access to their work environment from anywhere in the world; and complying with data privacy regulations with a seamless method for on-boarding new customers so they do not abandon your site.
There is also the issue of leveraging existing digital identity data to ensure compliance, customer security and consent. To overcome these challenges organizations need to provide impeccable access to all services while maintaining control and enforcing security.
Ben Goodman, CISSP and SVP of ForgeRock explains more.
Digital Journal: Why is managing identities and access during digital transformation key to the user experience?
Ben Goodman: New and increasing amounts of technology are influencing and changing all aspects of organizations, and this is fundamentally altering the methods by which communication takes place, how employees collaborate with each other and how customers receive value. Proper Digital Identity programs allow organizations to comprehensively and securely manage the complete identity lifecycle of people and services across all devices and anywhere in the world.
As the combined number of people, devices, services, and things continues to grow by the billions, the need to properly identify them has become a must-have capability for winning and protecting customers. Digital identity services such as device registration, provisioning, synchronization, reconciliation, and more, ensure your users and customers are safe as they move between devices and services. When your customers feel safe engaging with your products and services, and your critical assets are safe from harm, everyone wins — companies will specifically recognize the benefit of new and enhanced revenue streams by setting themselves apart from the competition.
DJ: How does identity management boost security?
Goodman: As technology, regulations and customer expectations continue to evolve, the need for security is no exception. Cybercriminals today are highly sophisticated, executing a diverse range of attacks at a greater volume and scale than ever before. In fact, new threats surface daily and unauthorized access of personally identifiable information (PII) was the biggest target of 97% of all data breaches in 2018. Organizations need to ask themselves how they can effectively boost security while still delivering a superior customer experience.
Solutions such as multi-factor authentication (MFA) are replacing traditional methods like passwords to increase security for good reasons. However this is a highly dynamic space and banking on a single MFA solution and integrating it into all your applications is risky and difficult. That is why MFA is only part of the solution, organizations need a future proof solution that puts individual customer needs at the center of their business strategy. By leveraging adaptive security intelligence, a business can find a balance between security and customer choice to deliver a more secure and meaningful experience across all digital touchpoints everywhere and at any time.
Organizations need a Digital Identity platform that boasts intelligent authentication capabilities that allow the company to increase customer conversion rates, personalize user experiences and drive revenue through secure, seamless and dynamic customer authentication journeys. Intelligent Authentication implementations should be based on a powerful run-time decision tree framework.
Premier identity management platforms will even allow corporate security teams to adapt login journeys in real-time using digital signals including device, context, user behavior, user choice, analytics, and risk-based factors. The overall security posture of the enterprise will improve by designing purpose-built journeys.
Digital signals, factors and third party integrations for risk, fraud and malware detection can be interconnected to establish a required level of trust. For example, an organization can pre-identify a user’s digital signals such as location, IP address, device type, operating system, and browser type before a username is even collected. As a result, a business using identity management platforms with intelligent authentication will be able to secure the login experience, audit all login events and minimize risks of attacks and data breaches.
DJ: What challenges arise from implementing identity-driven security?
Goodman: Challenges for identity-driven security across all devices creates complex challenges, in fact, IDC forecasts there to be about 41.6 billion connected things by 2025. Organizations that seek to realize the full-fledged benefits of the looming IoT boom must be able to build new and existing customers’ profiles so they can engage across multiple touchpoints, allow employees to use their preferred devices to obtain access to the work environment from anywhere in the world, and leverage existing digital identity data to ensure compliance, customer security and consent.
Integrating into existing and legacy systems is also a major challenge. Modern Identity platforms need to be incredibly accommodating, offering many methods of integration. Whether a system will leverage support of open standards, integration agents, open APIs and SDKs or even drop-in proxies, a modern digital Identity platform must support them all.
DJ: Why is it critical that companies build new and existing consumers’ profiles? What are some best practices for doing this?
Goodman: Building new and existing customers’ profiles is essential since users will be able to access services across a plethora of digital touchpoints. Creating an omnichannel experience to scale with the exponentially increasing number of connected devices must be a priority in order to recognize a consumer across all devices.
By connecting previously siloed areas of the business, companies can ensure that every customer interaction is consistent and personalized. Then, there must be a method in place to onboard customers quickly, such as using social sign-on features that will allow a new user to seamlessly sign up for an account without deterring them from completing their purchase or order. From there, organizations can use progressive profiling methods in order to build returning users’ profiles over time in exchange for value-added offerings.
DJ: What do businesses need to be mindful of in terms of data privacy regulations?
Goodman: Challenges for identity-driven security across all devices are made even more difficult with differing data privacy laws across all verticals and geographical areas. For example, organizations in breach of the EU’s GDPR can be fined up to 4% of annual global turnover or €20 million, depending on whichever amount is greater. Companies will be fined for not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. These concepts can’t be engineered after the fact, they must be inherent in the design of any Digital Identity implementation.
To address these challenges, enterprises will be leveraging vast quantities of employee and user data, so it is critical that organizations have security strategies to proactively thwart malicious and anomalous activity that could potentially result in data exposure on a grand scale.
