Skip navigation to main content

Identity and access management: a false sense of security?

The combination of a stricter regulatory environment around customer data, a greater need for internal governance and a rise in identity theft is driving companies to defend themselves by adopting or strengthening identity and access management (IAM) solutions. Yet this is only the first step in delivering identity management that’s seamless and secure.

Just because you have an identity and access management solution in place doesn’t mean you can be complacent. You need to think: does it deliver secure authentication at every level and can it deliver a seamless experience for your customers?


Security is only half the battle

Security and customer experience are often viewed as mutually exclusive. Authentication methods, like security questions, can seem like a necessary evil – customers don’t like them, but at least they keep them and the company relatively safe.

However, a static IAM system neither guarantees safety nor customer satisfaction. With today’s technology-enabled approach to hacking, standard authentication methods – usernames, passwords – are easily bypassed. Cybercriminals have become adept at using public social media profiles to find all the information they need to crack a user account.

All too often, the customer is forced to jump through a series of authentication loops that are easily flouted by the criminals they’re designed to stop. You need a smarter approach to authentication and one that’s less intrusive for the customer experience. Luckily, it’s possible to have your cake and eat it using the latest technology.


Intelligent authentication

Security must be tied to the sensitivity of the resource the user wants to access. You don’t need to burden the customer with the same number of checks for logging into their account as you would when they’re trying to make a large financial transaction.

Security needs to be smart. You should seek a rules-based but contextually sensitive IAM platform that’s able to recognise what the user is trying to do, and decide what the appropriate level of authentication should be.

However, to do this your platform of choice should also be dynamic in its use of contextual data. Organisations collect immense quantities of data from customers, whether its biometrics, location or preferences. Yet they usually do little to track or utilise it during the customer experience.

You want a platform that’s intelligent and adaptable to data. If your customer logs in using their personal device, the platform should recognise them and react accordingly. Of course, your platform must be tuned to consider more than one criteria. It should be smart enough to recognise the user is using a familiar device, but also if they signed in minutes ago from a different country.

What’s important is that your system can assess multiple scenarios and contexts, and be able to scale up or scale down the level of security accordingly by itself.

On the other side of the coin, many companies – particularly in retail – make it too easy for users to access services without sharing any data. Checking out as a guest is a good deal for reluctant customers who don’t want to create an account to make their purchase, but the business loses out on valuable data it could use to enhance or personalise its services.

One good solution is to implement a platform with social media sign-in capabilities. You spare the customer from having to create yet another account, while ensuring they can’t stay truly anonymous. The customer is satisfied, but they also have an identity you can recognise, learn from and cater to. 


Don’t reinvent the wheel

A well-implemented IAM platform from a leading vendor will suit these needs best. An organisation can attempt to build its own solution, but it will be time-consuming, costly and take up precious developer resource. Furthermore, unless your team has specialist security knowledge, you’ll most likely develop a platform that’s slick and responsive, but not secure.

You’re far better served working with a skilled technology partner to design and implement a platform that’s tailored to your specific needs. With an intelligent IAM platform, designed, deployed and managed by a trusted technology partner, you deliver a user experience that’s satisfying and secure, on time and on budget.