Now you can offer effortless experience with quality security
By Tallen Harmsen, head of cyber security at IndigoCube

It’s a lot easier to onboard your customers if your security is frictionless.

Security in a time when the Internet is rife with cybercrime and hackers has never been more important. It’s absolutely crucial to lock your data and systems down from any number of dodgy crooks.

But you’re faced with a bit of a quandary. In the digital era, when customer onboarding happens at the speed of light, you’re also being told to make your data available, to expose it, excuse the pun, to enable better, faster and more responsive services. The paradox is stunning.

How on Earth are you supposed to achieve both, contradictory aims and still get your customers signed up as well as using your product or service?

Frictionless security. Traditional security is a grind of usernames and passwords. It’s annoying, because it slows down using the product or service. It’s also not the most secure because you have to somehow remember the username and password by writing it down or having your browser remember it for you. And it’s less secure because it checks your credentials once then lets you loose to do as you please whether you’re a customer or a hacker.

Customer onboarding and the general customer experience needs to be as frictionless as possible, an effortless, seamless experience that happens without thinking.

Human users usually have some form of credential to login to a product or service. But individual systems do too. In the modern age these systems are more often broken down into small bits that are combined as needed to provide a total product or service or solution. You can think of them as small programs. Businesses use tens, hundreds, sometimes thousands. Each needs permission to connect to another and APIs make that happen. But the problem is that each must still somehow get permission to access another.

Frictionless security today is smart. It uses machine learning algorithms and other services such as advanced analytics. It uses these to learn behaviour of how people normally act and what they do when they’re using the app or product or service. It can do the same for the smaller systems. It knows what they’re allowed to do based on their profiles. And it can create risk profiles for them based on what they’re doing and the type of information they’re accessing.

It monitors their activities, it can alert human administrators if they do something strange, it can limit their access, have them revalidate and authenticate if needs be, lock down or isolate their activities or any of a number of actions. It all depends on what they’re up to and whether or not their activities warrant any security action.

Otherwise they get on with whatever they’re doing once they’ve checked in with another frictionless method, possibly even layered. That could be as frictionless as biometric, like looking into the camera for facial recognition, touching a fingerprint ID pad, having their wearable register their heart beat, perhaps ambient sounds where they usually work, or verifying their geographic location with the press of an automated button.

Simple yet effective cyber security that requires less effort than the past but is actually more effective. And you get to keep customers happily using the products and services while you keep their sensitive, regulated data locked down.