Identity-Centric Security: A Modern Imperative

By Sumeet Mathur, Vice President- Engineering, CA Technologies

What is an increasingly common experience for consumers today is a brand-new reality for organizations across industries. A company may not be selling a technology-related product but its brand is represented, communicated, perceived and judged through the lens of technology. Consumers are making ‘buy’ decisions not on the quality or the price point of the core product but via the digital experience. Today, every company in order to survive and grow needs to become a technology company. Every business needs to become a digital business. And any disruption to the organization’s ability to deliver the digital experience at speed, scale and with trust, damages the business and its brand.

Digital Security has two main objectives – First, it must protect the channels between customers and businesses from external threats such as hackers, malwares, viruses and denial of service attacks. Second, it must make the user experience seamless by reducing friction and establishing trust with the help of advanced approaches such as security analytics and automated identity authentication verifying that users are who they say they are.

In the new digital world, where information is ubiquitous, personalized experience is driving digital transformation and perimeter breaches are increasingly becoming the norm, Identity is the key. This is the new imperative of Security in the modern era.

In a recent survey conducted by CA Technologies (in alliance with Coleman Parkes research) 1,770 senior business and IT executives across the globe, including more than 100 CSOs and CISOs, were enquired about IT security practices and adoption of the key elements of identity-centric security. It was found that:

• 81 percent of enterprises agree that security needs to be frictionless, so as not to burden users with overly onerous security requirements.

• 82 percent say identity-centric security is critical to their business, yet only 25 percent can be considered advanced users of identify-centric approaches to security.

• Twice as many advanced users of identity-centric security have seen a reduction in data breaches compared to basic users—41 percent versus 21 percent.

• 91 percent of advanced users of identity-centric security have seen improvement in digital reach; 87 percent in customer experience; and 87 percent in customer retention.

The study makes a strong business case for embracing identity-centric approaches to security.

Based on experience, here are a few crucial actions to successfully implement identity-centric security:

1. Make identity your perimeter - Users are now the security boundary, and they’re accessing the network from everywhere, all round the clock. Organizations need to know that they are who they claim to be, and that they can only access the applications and data they should. The best way to achieve this is to consider risk-based authentication combined with analytics-based approaches to evaluating identities.

2. Treat security as a business enabler - In the app economy, security is not just reduces risk; but it can also enable new business growth. Research has shown that an identity-centric approach can drive a range of benefits that improve the bottom line. So, businesses are advised to build business performance indicators into their security evaluation framework.

3. Focus on creating trusted digital relationships - The greatest asset for a business is the digital relationships they build with individual customers. Customers need to trust that organizations understand their needs and are protecting their identity and data as seamlessly as possible.

4. Protect experiences, not just data – Security needs to be robust, and also frictionless. Customers want streamlined interactions and quality experiences; any disruption will only put them off. This means offering single sign-on access; self-service capabilities; and consistent but flexible authentication mechanisms as people move between apps and devices.

5. Take an adaptive approach to IAM – Research shows that mature users of identity centric security have IAM controls that can be readily adapted in response to risks, offering a significantly improved user experience.

6. Be proactive and predictive – Advanced analytics can help to proactively fend off security risks, instead of being constantly in firefighting mode. Security analytics can help businesses sense, react and adapt security processes to address the risk of breaches before they occur.

Ultimately, identity-centric security enables you to build trusted digital relationships with your customers that are your business’ greatest asset in the app economy.

Orchestrating the right Identity-centric security can create a trusted digital relationship between users, their applications, their data and their devices which enables the right people with the right access to the right resources, reduces cost of operations & compliance with automation & self-service and yet secures applications and data with complete visibility and control.

Don't Miss ( 1-5 of 25 )