Marc Vanmaele, CEO of TrustBuilder explains how organizations can beat balance the needs of security and user experience
What do Users Want?
Your users demand simplicity. Whatever sectors you operate in, whatever the scale or scope of your offering, if your customers find it too difficult to access and use your service, they will go elsewhere.
The same rules apply within your organization. If your staff find it too difficult to access and use the applications and systems they need to do their jobs, they will go elsewhere too. This rarely means that they will leave their jobs altogether – rather, it means that they will seek workarounds and shortcuts, unauthorised tools and unsanctioned processes.
Both situations can be a big problem. Losing customers very directly affects your business bottom line – and, depending on how vocal they are about moving on, your reputation in the marketplace too. Employees who seek workarounds may compromise security, opening up vulnerabilities or weak points in your infrastructure, or fail to complete tasks as required, bringing operations and productivity to a halt. They may be unable to deliver the right levels of service to their customers, which once again impact your revenue and reputation. Furthermore, dealing with problems of user experience, whether inside or outside your organisation can take up a great deal of your IT department’s time and attention.
Digital Transformation: The Road to Simplicity
Little wonder, then, that businesses in all industries have been encouraged to modernise, improving their services with innovative new features, foregrounding user experience and customer journeys, and developing the most frictionless experiences possible.
This is one of the core goals of many digital transformation projects. Previously manual processes are replaced with automation, leading to a smoother user journey and a strong platform for additional innovation and creativity. Organizations such as Google and Apple, with their unrelenting focus on clarity and simplicity for the end user, have led customers and staff in other sectors to expect the same.
What are the Challenges Faced by the Organization?
But ‘frictionless’ can come with caveats. Such processes are frequently less secure than their more cumbersome, multi-stage relatives – precisely because they entail fewer layers of user identification and verification. Organizations, then, have to make a choice – add extra security steps, such as a second password or PIN code, and hope that this increased complexity doesn’t lose them users – or keep the process simpler, and hope that they don’t succumb to a malicious cyberattack or accidental infection.
Meanwhile, organizations are managing increasingly complicated IT infrastructures. Their services are made up of multiple different applications, many of which are hosted in the cloud with data shared between the organization and its vendors. This makes providing a smooth user experience challenging – and making it secure, even more so.
The Role of Next Generation IAM
This is why next-generation Identity and Access Management (IAM) services have such a crucial role to play. They help organizations to not only strike the right balance between user experience and security, but also, critically, to maintain that balance as the organization’s services and systems continue to evolve.
Such solution incorporates the next evolution of multi-factor authentication (MFA) systems, which demand additional layers of verification before or after the user enters their login details. At present, this extra step will typically be some token or one time password provided by the user’s mobile device.
Ultimately, the best way forward is for multi-factor authentication to be truly – well – multiple in its approach. That is, it should make use of more than one additional factor, so that even in the case of a code being intercepted or a device falling into the wrong hands, access to the system in question isn’t compromised. The trick, of course, is to do this without presenting unnecessary friction to users, which may cause them to switch to another service.
The most effective IAM solutions take a more intelligent – and a more user-focused approach, thereby helping organizations to tread that fine balancing line. Along with enabling the latest secure MFA methods like those requiring a hardware or mobile token; they consider a range of different factors when verifying each user request, such as where the user is located, the time of the request, and whether the device itself is recognized. They also provide a bridge between different environments, allowing seamless access while keeping intruders out.
In turn, this allows organizations to offer a genuinely intelligent and ever-improving security service to their end users, demonstrating how seriously they take data protection, whilst automating that security behind the scenes and therefore smoothing the customer journey as far as possible.
It is essential to choose an IAM solution that is highly flexible, able to keep up with the pace of change and evolve along with the organization in question. However, in doing so, organizations can take a genuine step towards balancing user experience with watertight security – and embracing digital transformation, securely.
About the Author
Marc Vanmaele, CEO at TrustBuilder. He initially started his career as Technical Support Manager in (Philips Data System) and later on became business partners with Soft-Switch. He also served as the Director at Management Software Benelux. Besides, Marc contributed his best at every organization and mentored them in the path of success. Currently, he is a part of SecurIT which was later renamed as TrustBuilder in 2017.