E-BOOK SECURITY BY DESIGN HOW IDENTITY HELPS YOU BALANCE SECURITY AND CUSTOMER EXPERIENCE

Transcription

1 E-BOOK SECURITY BY DESIGN HOW IDENTITY HELPS YOU BALANCE SECURITY AND CUSTOMER EXPERIENCE

2 TABLE OF CONTENTS 03 INTRODUCTION: THE CONNECTED CONSUMER 05 SECURING AND UNIFYING PROFILES 07 PROVIDING SEAMLESS ACCESS CONTROL 09 ENABLING AUTHENTICATION THAT S BOTH SMOOTH AND SECURE 11 ENHANCING SECURITY AT THE DATA LAYER 13 CHOOSING A SECURE SOLUTION SOURCES 1 & 2 The State of Digital Transformation Report 2016, accessed Nov. 28, 2016, at resources/misc/en/ping_identity_digital_transformation_survey_report_final.pdf 3 Data Breaches and Customer Loyalty Report, Dec 2015, accessed Nov 28, 2016, at customer-loyalty-data-breaches-infographic/ 4 Smith, Kit, Marketing: 96 Amazing Social Media Statistics and Facts for 2016, Brandwatch, Mar 7, 2016, accessed on Nov 28, 2016, at The State of Digital Transformation Report 2016, accessed Nov. 28, 2016, at

3 INTRODUCTION: THE CONNECTED CONSUMER Customers today are interacting with brands across multiple channels and devices. As a result, there s been a fundamental shift in best practices over the last decade to accommodate new The Connected Consumer multiple-screen behaviors. Providing cohesive multi-channel experiences is now the rule, not the exception. Finely tuned customer experiences are the new competitive battleground, and disjointed customer experiences provide low-hanging fruit for your competition. At the same time, security is vital when your business stores identity data about millions of customers. Breaches can ruin the reputation of your brand and the trust of your customers, but the security measures to prevent them can come at the expense of customer experience. Enterprises must strike a balance between customer experience and security. To strike this balance, enterprises are turning to customer IAM (CIAM) platforms that securely store identity and profile data. And with capabilities like single sign-on (SSO), access control, multi-factor authentication (MFA), fine-grain data governance and unified customer profiles, CIAM solutions can enable the security and scalability that drive customer loyalty. 91% Ninety-one percent of IT leaders say security is important to their company s success in digital transformation. 86% 1 Eighty-six percent of IT leaders agree that identity and access management technologies such as SSO and MFA have helped secure customer experiences. 2 E-BOOK SECURITY BY DESIGN 3

4 SECURING AND UNIFYING PROFILES

5 SECURING AND UNIFYING PROFILES To make seamless customer experiences possible across channels, you need to unify profiles instead of relying on disparate data that s pulled from multiple sources. And security can be applied to several different areas within unified customer profiles: Access security Authentication Data-layer security If enterprises fall short in any one of these areas, their customers can become victims of a data breach, a bad customer experience or both. Certain requirements, like the end-toend encryption of data, don t affect customer experiences directly. For the most part, the stronger the encryption the better. However, other requirements like access security and authentication including MFA can detract from good customer experiences if they re too cumbersome or inconsistent across channels. E-BOOK SECURITY BY DESIGN 5

6 PROVIDING SEAMLESS ACCESS CONTROL

7 PROVIDING SEAMLESS ACCESS CONTROL Customers today openly express their unhappiness with the current state of access and authentication in the blogosphere. Managing multiple login details within a single brand can cause disjointed customer experiences, and it can lead to risky password reuse, password amnesia and high abandonment rates. Ultimately, if you aren t providing a consistent login experience, you may be losing revenue and exposing your customers to security risks. Simply allowing customers to leverage trusted third-party identity providers (IdPs) like Facebook, Google and PayPal can reduce friction and simplify customer experiences. 54% Fifty-four percent of consumers admit that they tend to use the same passwords across their online accounts. 3 As we move deeper into the multi-channel era, enterprises must deliver frictionless registration and login experiences through capabilities like social login and SSO to applications through federated identity. Delivering these seamless experiences across channels requires a modern and scalable identity layer that can: Give customers access on their terms on any device or any channel. Create and deliver a singular, in-depth view of the customer. Bridge identities from different access points and identity stores. Grant customers access to a broad range of applications, properties and services. Facebook accounts for sixty-two percent of social logins made by consumers to sign into the apps and websites of publishers and brands. 4 62% E-BOOK SECURITY BY DESIGN 7

8 ENABLING AUTHENTICATION THAT S BOTH SMOOTH AND SECURE

9 ENABLING AUTHENTICATION THAT S BOTH SMOOTH AND SECURE You can protect customers with MFA, but it can also hinder their experiences and become downright annoying. Some of your customers may want the most secure second factors available at every turn, but others may become extremely frustrated if MFA is required too frequently. Finding the balance requires security personalization. Required Security - Security teams define security requirements Overseas Access Security and IAM professionals should jointly define certain thresholds with specific MFA requirements. For low-risk contexts and transactions, the focus should remain on user experience so you don t allow your customers to accidentally make their own experience too cumbersome. But allowing your customers to personalize how and when MFA is triggered in between those two thresholds will ensure that all customers have the level of security they prefer. The result is enhanced customer experiences and an edge over your competitors. Optional Security - Customers define security preferences Light Security - Focus on customer experience Contextual Risk Home Access To achieve that balance you need a CIAM solution that can: Add to Cart Transaction Risk Wire Money Support numerous secure second factors. Allow customers to choose from one or more preferred MFA methods. Allow security and risk teams to centrally define MFA requirements. E-BOOK SECURITY BY DESIGN 9

10 ENHANCING SECURITY AT THE DATA LAYER

11 ENHANCING SECURITY AT THE DATA LAYER Data layer security may be outside the realm of what your customers can see, but it s just as important. Your customers trust you to secure their data, and if you suffer a breach because you re not securing your data layer correctly, that trust will be broken. Enterprises must protect customer data by following a few simple guidelines. ENCRYPT DATA AT ALL STAGES When storing customer data, it s imperative to use strong encryption at rest, in use and in motion. This should be true during application usage, synchronizations or any other process that relies on customer data, particularly personally identifiable information (PII). Obfuscating data to certain endpoints (like showing only the last four digits of a credit card) is another key capability that ensures your customer s data stays protected. GOVERN CUSTOMER DATA When making customer profile data available to your entire ecosystem of applications, not all applications are equal. Some, such as IoT devices, may not be very secure, and others may only need access to a small subset of customer profile data. Enterprises need to govern which internal and external applications and devices have access to which customer profile attributes. That way, if an unsecured endpoint gets compromised, it won t put unnecessary PII at risk. Additionally, companies can adhere to industry, geographic or company-specific regulatory constraints that govern how and where customer profile data can be used and when consent is required. SECURELY HASH PASSWORDS Password security is one of the most important aspects of a CIAM solution. Passwords should be securely hashed with newer encryption algorithms like PBKDF2, Scrypt and Bcrypt. These algorithms are designed to require immense computational energy to crack, which provides an extra layer of security for your customers. E-BOOK SECURITY BY DESIGN 11

12 CHOOSING A SECURE SOLUTION

13 CHOOSING A SECURE SOLUTION CIAM solutions offer a diverse set of security features and capabilities. When choosing a CIAM solution, it s important to confirm that it has the security you need. To vet security capabilities, ask vendors if their solution: Customer experience is the new competitive battleground. Balancing customer experiences and security across all channels can be the difference between winning and losing marketshare to your competition. With a full-featured CIAM solution, security doesn t have to detract from those experiences it can even Can achieve high performance while security features are enabled. Notifies administrators of privileged account activity. Contains API, application and data level security controls. Allows for fine-grained, policy-based data access governance. Captures consent for data use and sharing. enhance them. The CIAM capabilities outlined in this ebook are fundamental building blocks to striking the right balance between security and customer experiences that build customer loyalty and trust and drive revenue. Want to learn more? Read the Ultimate Guide to CIAM or visit pingidentity.com. Offers federated SSO and access control. Supports best practices for separation of duties. Stores tamper-proof logs, customizable to any event. Can obfuscate or restrict access to PII for delegated or administrative use. Offers the ability for customers to personalize MFA. 78% Seventy-eight percent of IT leaders report that security is more complex today than it was two years ago. 5 Can securely hash passwords with PBKDF2, Scrypt and Bcrypt. E-BOOK SECURITY BY DESIGN 13 Ping Identity is the leader in Identity Defined Security for the borderless enterprise, allowing employees, customers and partners access to the applications they need. Protecting over one billion identities worldwide, the company ensures the right people access the right things, securely and seamlessly. More than half of the Fortune 100, including Boeing, Cisco, Disney, GE, Kraft Foods, TIAA-CREF and Walgreens, trust Ping Identity to solve modern enterprise security challenges created by their use of cloud, mobile, APIs and IoT. Visit pingidentity.com. Copyright 2016 Ping Identity Corporation. All rights reserved. Ping Identity, PingFederate, PingOne, PingAccess, PingID, their respective product marks, the Ping Identity trademark logo, and IDENTIFY are trademarks, or servicemarks of Ping Identity Corporation. All other product and service names mentioned are the trademarks of their respective companies. # /1 v003