Andre Durand of Ping Identity looks at how companies can enhance security in a way that gives customers ownership and control
The pandemic caused an explosion in online activity for both businesses and consumers – with brands prioritising online platforms as their preferred method to reach customers or engage employees. Now, as businesses mark the fourth anniversary of the introduction of GDPR, one thing they can agree on is that the quality of the online customer experience will matter more than ever. And a core component of this is security.
Brands looking to build experiences that stand out in a digital-first world must be able to answer the question “who are you?” instantly and accurately. If you can’t do that as soon as your customers touch your digital properties, you risk frustrating them, losing revenue and opening your business up to fraud or reputation-damaging data breaches.
Even worse – if you can’t strike the right balance between convenience and security you could end up treating customers like criminals, hemmed in by excessive and infuriating security controls, or opening your door to bad actors. And ultimately this could even drive customers to take their business elsewhere.
So how can businesses ensure that security is a seamless experience, without exposing themselves to additional risk?
Tackling the identity challenges
Historically identity-based security has been more focused on security than the user experience. No user, whether an employee or a customer, wants to deal with an identity process. For both, identity processes get in the way of them doing what they need to do – accessing an app at work or checking their health portal at home, for example.
The identity system’s reliance on passwords is part of the issue. The less frequently a user accesses a resource the more likely they have forgotten their password and the more challenging the identity process will be for them. Passwords, challenge questions, SMS codes, QR Codes – It’s like identity roulette – you’re never quite sure which method, or combination of methods, you are going to land on when you engage with a company. Today’s approaches to identity add friction to end-user experiences whether at work or home.
The problem is that when building an identity practice for employees or customers, administrators are faced with many manual processes. They must manually code integrations to a myriad of services and vendors and that limits creativity and slows down innovation. The impact of this is that the business is slower to react to market changes and customer feedback.
Choosing between experience or security is a losing proposition today. Choose experience and you may increase customer and employee retention/satisfaction, yet also increase your risk of a security incident. Choose security and you mitigate breach risk at the expense of a great user experience. These trade-offs have restricted organisations as they attempt to design a secure and seamless experience for their users. This is where Human-centric Identity comes in.
Addressing the balance
Human-centric Identity is based on the notion that there must be a balance between identity as an experience and identity as a security function. Historically the focus was more on ensuring security, as IT wielded control in many organisations. The decentralisation of IT driven by the cloud, cloud apps, smartphones, etc., has changed this power dynamic, at least for customers. Now, individual lines of business have more power to choose their digital approach, with or without IT, and for them, user experience takes priority.
Customers have become intolerant to bad experiences and with that, a bad registration or authentication experience might be enough to cause them to go elsewhere. Whether someone is choosing a bank, a retailer, or a restaurant they have many choices, and all companies give end-users the option to engage with them digitally.
This is good and bad for companies. If the digital experience with your organisation is simple and fast, then users will continue to do business with you. If not, there are a multitude of options for them to choose from and they will look until they find a company that makes doing business with them simple.
Companies that know their customer base understand that the more they can offer an identity experience that consumers love, the more successful they will be in retaining customers. Human-centric Identity means getting the right users connected to the right assets in a way that makes them feel good about how they engage with a company.
Human-centric Identity is also important when engaging with employees and partners. Anyone that is recruiting for open positions right now understands how tough it is to find great talent. Once you find the right talent and get them on board you want to keep them. Identity processes can feel like an impediment to getting their job done if IT is not implementing identity through a human-centric lens.
Today’s identity infrastructure requires everything to be stitched together manually with code. Human-centric Identity means businesses work toward delivering an IT environment where integration is built into the digital ecosystem through drag & drop interfaces and workflow automation.
What does this approach look like?
First and foremost, Human-centric Identity is focused on experience. The best identity experience would see an employee or user authenticated and authorised without even knowing they went through the process. Enterprises need the ability to implement great user experiences easily and make rapid changes when necessary.
For the administrators, its no-code or low code orchestration that easily integrates with other applications and makes it possible to create user journeys that extend across multiple capabilities regardless of vendor. This approach enables the ability to make rapid changes in response to employee and customer feedback. This new approach to identity allows administrators to become experience artists and gives developers time to think about how what they are doing will translate into great experiences – and in turn repeat customers, happy employees and ultimately revenue.
For employee and customer stakeholders, Human-centric Identity means frictionless experiences. It means they don’t have to remember a hundred different passwords because the companies they engage with have implemented simple user experiences associated with identity. That may include passwordless options like SMS, biometrics, or QR codes. Or it may mean that through the use of machine learning the company can identify them by attributes alone and allow them to skip the upfront authentication process.
Ultimately, individuals decide what to share, when and with whom. Businesses are entering an era where Human-centric Identity also means personal identity – and consumers want to their own identity, rather than attributes of it being owned by the hundreds of different companies that they interact with. Human-centric Identity means that someday we will all be our own identity providers – and in turn, take back control of our privacy.
ABOUT THE AUTHOR