Customer IAM (Customer Identity and Access Management ) is a high-wire act balancing customer experience and security in a digital age.
Customers and employees today demand 24/7, frictionless access to services and key apps from both private and public-sector organizations. These expectations are driving digital transformation initiatives in enterprises and governments as they struggle to re-engineer existing operations for a new age of digital interactions. This however, is only one end of the Customer Identity and Access Management (customer IAM) spectrum.
On the other extreme end, lies data privacy and compliance. Governments are introducing digital nation initiatives which emphasise the securing and managing of digital identities. Increased regulation around data protection and privacy – for example, GDPR in Europe and PDPA in Singapore – make it critical for organisations to thoroughly secure and manage access to their digital data and assets.
When the EU GDPR is enforced less than a month from now, it will mark the most important change in data privacy regulation in the 20 years since the internet has become mainstream. The obligations placed by the GDPR on data collecting entities are onerous. In a detailed analysis comparing the EU GDPR and the Singapore PDPA, the International Association of Privacy Professionals highlights how despite covering the same type of personally identifiable information and having extra-territorial reach, the EU GDPR is significantly more rigorous due to its wide scope, detailed consent requirements, and provisions for data access, correction and erasure.
Companies in Singapore are finding it challenging to prepare themselves. In fact, a study by Veritas Technologies in May 2017 showed that 92% of all Singapore organizations surveyed expressed concerns over the impact of GDPR, along with 20% who feared that their business could shut down due to non-compliance.
The evolution of customer IAM
Traditionally, IAM was centred around Enterprise IAM solutions. These are typically used by a known and quantifiable group of employees who will put up with any number of security gateways needed to access vital enterprise applications.
However, customer IAM is different ball game. Customer IAM enables organizations to securely capture and manage customer identity and profile data, and control customer access to applications and services. Unlike employees, customers will not put up with a cumbersome authentication process, and if their digital experience isn’t up to scratch will simply choose an alternative service provider. Hence, customer IAM solutions need to be built with customer needs in mind.
On the flip side, malicious attacks have become more sophisticated and today’s security measures like second factor authentication do not provide adequate protection against malware-based "man in the browser" or identity theft attacks. In fact, they simply create friction in the customer experience.
This brings us to the perennial challenge of improving security without compromising customer experience.
A more holistic and comprehensive approach to customer IAM is needed. The next generation of customer IAM solutions must build anti-fraud defences into the workflow, with minimal impact on the customer experience.
One approach gaining traction today is the use of continuous authentication. This relies on machine learning to authenticate users based not just on what they do, but on how they do it. According to a Forrester Tech Tide report, customer IAM vendors will increasingly use improved analytics at the registration/activation stage, and progressive profiling to gather data about each customer through the many different touchpoints.
Using behaviour analytics to identify suspicious activity is an effective security measure as attackers have a much harder time mimicking patterns in click and typing behaviours than cracking a password. That said, in order to leverage behaviour based analytics for customer IAM, organizations will have to ensure compliance with data protection regulations like GDPR and new user consent tools will emerge to help them do so.
While the threat landscape continues to evolve, customer IAM players like AdNovum are rising to the challenge with innovative solutions to tackle sophisticated cyber threats and tighter regulatory requirements.
Built in Switzerland, proven worldwide
Headquartered in Zurich, AdNovum is a leader in secure and robust IT security solutions, identity and access management solutions and IT security consulting services. For the past 30 years, AdNovum has been customising, implementing and managing mission-critical IT solutions for government agencies in Switzerland and Singapore, global banks, insurance companies, and other renowned enterprises looking to establish and secure their digital environments.
AdNovum is trusted by over 120 organisations worldwide, protects over 500 banking, insurance and government portals and secures millions of digital identities worldwide. They currently have offices located in Bern, Budapest, Lausanne, Budapest, Lisbon, Ho Chi Minh and Singapore, and employ over 600 staff.
Aside from customer IAM, Adnovum’s solutions include IT security consulting, application development and application management.
Customers and employees today demand 24/7, frictionless access to services and key apps from both private and public-sector organizations. These expectations are driving digital transformation initiatives in enterprises and governments as they struggle to re-engineer existing operations for a new age of digital interactions. This however, is only one end of the Customer Identity and Access Management (customer IAM) spectrum.
On the other extreme end, lies data privacy and compliance. Governments are introducing digital nation initiatives which emphasise the securing and managing of digital identities. Increased regulation around data protection and privacy – for example, GDPR in Europe and PDPA in Singapore – make it critical for organisations to thoroughly secure and manage access to their digital data and assets.
When the EU GDPR is enforced less than a month from now, it will mark the most important change in data privacy regulation in the 20 years since the internet has become mainstream. The obligations placed by the GDPR on data collecting entities are onerous. In a detailed analysis comparing the EU GDPR and the Singapore PDPA, the International Association of Privacy Professionals highlights how despite covering the same type of personally identifiable information and having extra-territorial reach, the EU GDPR is significantly more rigorous due to its wide scope, detailed consent requirements, and provisions for data access, correction and erasure.
Companies in Singapore are finding it challenging to prepare themselves. In fact, a study by Veritas Technologies in May 2017 showed that 92% of all Singapore organizations surveyed expressed concerns over the impact of GDPR, along with 20% who feared that their business could shut down due to non-compliance.
The evolution of customer IAM
Traditionally, IAM was centred around Enterprise IAM solutions. These are typically used by a known and quantifiable group of employees who will put up with any number of security gateways needed to access vital enterprise applications.
However, customer IAM is different ball game. Customer IAM enables organizations to securely capture and manage customer identity and profile data, and control customer access to applications and services. Unlike employees, customers will not put up with a cumbersome authentication process, and if their digital experience isn’t up to scratch will simply choose an alternative service provider. Hence, customer IAM solutions need to be built with customer needs in mind.
On the flip side, malicious attacks have become more sophisticated and today’s security measures like second factor authentication do not provide adequate protection against malware-based "man in the browser" or identity theft attacks. In fact, they simply create friction in the customer experience.
This brings us to the perennial challenge of improving security without compromising customer experience.
A more holistic and comprehensive approach to customer IAM is needed. The next generation of customer IAM solutions must build anti-fraud defences into the workflow, with minimal impact on the customer experience.
One approach gaining traction today is the use of continuous authentication. This relies on machine learning to authenticate users based not just on what they do, but on how they do it. According to a Forrester Tech Tide report, customer IAM vendors will increasingly use improved analytics at the registration/activation stage, and progressive profiling to gather data about each customer through the many different touchpoints.
Using behaviour analytics to identify suspicious activity is an effective security measure as attackers have a much harder time mimicking patterns in click and typing behaviours than cracking a password. That said, in order to leverage behaviour based analytics for customer IAM, organizations will have to ensure compliance with data protection regulations like GDPR and new user consent tools will emerge to help them do so.
While the threat landscape continues to evolve, customer IAM players like AdNovum are rising to the challenge with innovative solutions to tackle sophisticated cyber threats and tighter regulatory requirements.
Built in Switzerland, proven worldwide
Headquartered in Zurich, AdNovum is a leader in secure and robust IT security solutions, identity and access management solutions and IT security consulting services. For the past 30 years, AdNovum has been customising, implementing and managing mission-critical IT solutions for government agencies in Switzerland and Singapore, global banks, insurance companies, and other renowned enterprises looking to establish and secure their digital environments.
AdNovum is trusted by over 120 organisations worldwide, protects over 500 banking, insurance and government portals and secures millions of digital identities worldwide. They currently have offices located in Bern, Budapest, Lausanne, Budapest, Lisbon, Ho Chi Minh and Singapore, and employ over 600 staff.
Aside from customer IAM, Adnovum’s solutions include IT security consulting, application development and application management.
Comments