Chief information officers in charge of customer-facing platforms have long had to balance security and user-friendly experiences at the login box but too many aren’t using the latest technology—and are falling behind in customer safety, says Jameeka Green Aaron, CISO of Auth0, a UK-based company with U.S. headquarters in Bellevue, Washington.
Aaron spoke with StrategicCIO360 about how to be safe and create a great customer experience, how Covid-19 affected security and her advice for women who want to work in the security industry.
What role does identity management play in a security strategy?
Login boxes are often the first point of interaction companies have with their customers and they mark the beginning of the customer journey. This first interaction is where user experience meets security, and the challenge becomes providing both a seamless and secure login experience. With identity compromise being one of the most common attack pathways, login pages provide the first line of defense against attackers.
When it comes to ensuring the security of digital assets and protecting customers and end users, companies must walk the line between keeping data secure and providing a low-friction login experience for legitimate customers.
How have identity solutions and technologies evolved to support multifaceted organizational priorities?
Historically, organizations had to make trade-offs between security and user experience. Customer identity and access management solutions enable organizations to prioritize both by intrinsically linking them, starting with the login box. While often overlooked, in many scenarios, the login box is the first interaction organizations have with their customers.
When it comes to the login experience, customers want convenience and control. They want to choose their authentication method—whether it be multifactor authentication, single sign on, biometrics, etc.—and they want a seamless omnichannel experience without needing to complete long form fills or questionnaires. Integrated CIAM solutions enable digital services to accomplish both.
Moreover, today’s most sophisticated CIAM offerings provide a single view of the customer across omnichannel interactions with centralized user management. This single view of customers helps companies meet the reporting requirements of data privacy laws, better understand customer behavior and is critical for building more personalized experiences.
How can organizations respond to the growing and evolving threat landscape? What strategies, tools and techniques should businesses rely on?
Security is still too often seen as an afterthought by businesses. It was further deprioritized as many organizations were forced to digitize their services essentially overnight due to Covid-19. Since time was of the essence to move digital for businesses around the globe, security was often an afterthought. Over the next year, many companies will play catch up to meet security standards for their infrastructure and those who have not prioritized continuous improvement will fall further behind and will struggle in the long run as attacks get more advanced and security needs to be tightened. To proactively address this, businesses should strategically evaluate what their team does and doesn’t do well, identify where the gaps in security lie and consider investing in “as-a-service” solutions.
Moreover, most businesses still view security as the user’s responsibility, yet the majority of consumers globally expect businesses to keep their personal information safe, demonstrating a gap between customer expectations and business security and privacy offerings. This presents a critical opportunity for organizations to adopt proactive security and privacy solutions to ensure businesses safeguard their customers at all costs. As good data stewards and to prevent non-compliance penalties, organizations must invest in data security solutions to ensure customer data and identity are protected from threats like ransomware and data breaches, from the moment users log in, to the moment they delete their account.
What is your advice for someone aspiring to obtain a C-level position in the security industry?
The security industry is heavily dominated by men, and I’d like to see this change. More women need to be present at the boardroom table and at an executive level. My biggest advice for an aspiring woman in the security industry is to surround yourself with like-minded people and a strong group of mentors that will champion and support your success. Also, don’t be afraid to take chances, ask questions and get involved, regardless of what stage you are in your career. And remember that new experiences—big or small — are an opportunity to learn and grow.