You can now have a better experience that’s safe as houses
By Tallen Harmsen, head of cyber security at IndigoCube
Businesses need frictionless security for two main reasons.
They need to make sure that their employees are using the best possible security methods to keep their work and business systems safe.
And they also need to ensure that they don’t ruin their customer experiences. Security is important but you really want to avoid locking everything down so tightly that even customers can’t interact with your business.
Mobile apps are a great example of where frictionless security can really benefit the customer experience. I recently had to restore a laptop. The vendor of the OS automatically checked with me by verifying my location on a map via my mobile phone. They also sent me a verification code on my mobile phone that I entered on the laptop. Finally, they e-mailed me with an option to block the backup restore if I chose. Solid security, for which I’m grateful. But not the most frictionless experience.
In a world where we increasingly capture biometrics the process could be slicker. The vendor could capture my security details such as fingerprint, heart rate (since I also have a HR monitor), or facial recognition to save me from entering numbers and clicking buttons. It would be quicker and potentially more secure.
Now think about your business systems and how your identity access management (IAM) gets you from one application to another, into databases, and seeing the reports you need. If your business is like the vast majority out there then you know how tedious it can be trying to remember the passwords to everything.
Or worse, if you’re a developer, you know how taxing it can be trying to get all the systems talking – and remain on good terms.
That’s why we need frictionless security processes that move at the speed of customers. They use integrated machine learning and analytics. One way they do that is creating risk scores for users. That lets them profile users, perform behaviour analytics, detect anomalies, perform peer group analyses, monitor continuously to reduce false positives, and persistently monitor to maintain oversight.
Frictionless security today learns intelligently to link human behaviour back to traditional business accessibility functions and even HR records, for example. They can continuously keep an eye on what people do with the company systems and only jump in when something’s amiss.
When people behave strangely the security systems can take action. They can degrade risk profiles, alert a human, restrict access, re-verify users via layered systems, or combinations of those.
It’s automated so it’s fast. You won’t have to worry about ransomware spreading across the entire network and locking down everyone’s connected computers because one user was tricked into clicking an attachment. And you won’t have all your Internet of Things (IoT) devices, maybe a surveillance network of CCTV devices, all streaming footage to a hacker’s target in a distributed denial of service (DDoS) attack.
Modern frictionless security isolates the problem and secures your business. But it also lets customers – and employees – get on with their lives with very little chafing.