API Security & Identity

The Great Balancing Act Security, UX and Identity

Image by Elias from Pixabay
821views

I recently moved house and after updating the most important services: internet, car insurance, tv, I decided to move on to the boring ones… like registering at the doctors.
We went down and were given a form each to fill in. One for me, one for my partner, and finally, one for my daughter. She’s two, so actually I had two forms to fill in.
Once we’d done those, the receptionist told us that this particular surgery subscribed to an app that meant we could book appointments online, order repeat prescriptions, all that fun stuff. So, we opted in…and were greeted with an additional paper form. Each.
Again, I had two more forms to fill in.
Once we’d completed and handed in six forms in total (all containing basically the same data), we were told to scan a QR code, and download the app to link ourselves to the surgery. We were also given a unique 10-15 character code to enter to link us properly.

Now, I really didn’t expect this flashy new app to need to be accompanied by six forms, and three special codes. But it did remind me of a quote. George Westerman (renowned researcher and author in the field of digital transformation) suggests that:

when digital transformation is done correctly, “it’s like a caterpillar turning into a butterfly,” but when done wrong, “all you have is a really fast caterpillar”.


Understanding the importance of balancing convenience, privacy, and security when it comes to managing and securing customer identities is key to our modern digital lives. In this article, I’ll discuss each of these three topics and highlight how they can be improved without sacrificing one for the other. Additionally, I’ll explain how – with a proper approach – organisations achieve this balance and eliminate the false need for compromise.

Convenience

Convenience is an important aspect of modern business. Customers expect easy and seamless access to applications, systems, and services, and any friction in the process can lead to frustration and abandonment. Ensuring device agnosticism means that customers can access applications, systems, and services from any device, whether it’s a desktop, laptop, tablet, or smartphone, without having to worry about compatibility issues or software installations. However, convenience should not come at the cost of security or privacy.
To improve convenience, organisations can implement features such as single sign-on (SSO) and social login. These features allow customers to access multiple applications and services with a single set of credentials or their social media accounts, reducing the need to remember multiple usernames and passwords. Additionally, organisations can implement passwordless authentication, which eliminates the need for passwords altogether and improves convenience while maintaining security.

Privacy

Privacy is another crucial aspect of customer identity and access management. Customers are increasingly concerned about the privacy of their personal information, and organisations that fail to protect this information risk losing customer trust and loyalty. To improve privacy, organisations can implement features such as consent management, which allows customers to control the use of their personal data. Additionally, organisations can implement identity verification and validation processes to ensure that the personal information provided by customers is accurate and legitimate. Finally, organisations can use encryption to protect customer data and ensure that it cannot be accessed by unauthorised parties.

Security

Security is perhaps considered the most important aspect of customer identity and access management (CIAM). Customers trust organisations to protect their personal information and sensitive data, and any security breaches can lead to serious consequences. To improve security, organisations can implement features such as multi-factor authentication (MFA), which requires customers to provide two or more forms of identification to access their accounts. Additionally, organisations can use risk-based authentication, which analyses various factors such as location, device, and behaviour to determine the risk of a login attempt and adjust the authentication process accordingly. This is in the aid of adding friction only when necessary. Finally, organisations can use continuous monitoring and analysis to detect and prevent potential security threats before they can cause harm.

Achieving Balance

While balancing convenience, privacy, and security can be a challenging task, using appropriate technology can help organisations achieve this balance without compromising on any of these three aspects. It will allow an organisation to use a wide range of features and capabilities that enable secure management of customer identities while providing a convenient and seamless user experience.

Utilise various authentication methods like biometrics, social login, and passwordless authentication, to improve convenience while maintaining security.

Achieving balance between convenience, privacy, and security is a crucial task for organisations that want to manage and secure customer identities effectively. Doing so, can provide a seamless and secure user experience. Using a purpose built CIAM solution can help achieve this balance effectively and eliminate the need for compromise.
Be a butterfly.

Domanic Smith-Jones
Domanic Smith Jones is a Solution Engineer at Auth0. I have been able to build a career that grounds itself in the link between IT and business, taking a customer’s needs from requirements through to elegant technical solutions. I exercise clear client focus with good management of customer expectations. I pick up new technologies quickly and readily use my network effectively and am able to quickly learn new technologies in and around my current areas of expertise.

APIdays | Events | News | Intelligence

Attend APIdays conferences

The Worlds leading API Conferences:

Singapore, Zurich, Helsinki, Amsterdam, San Francisco, Sydney, Barcelona, London, Paris.

Get the API Landscape

The essential 1,000+ companies

Get the API Landscape
Industry Reports

Download our free reports

The State Of Api Documentation: 2017 Edition
  • State of API Documentation
  • The State of Banking APIs
  • GraphQL: all your queries answered
  • APIE Serverless Architecture