Unlocking the Opportunities of the Future with Digital Identity
This week we bring you another informative and thought-provoking Coffee Talk session. Last Wednesday’s topic was “Unlocking the Opportunities of the Future with Digital Identity.” The session hosts were Balraj Dhillon, Engagement Director – Key Accounts at Simeio, and Danielle Kucera, PMM-at Okta. Here are some session highlights.
What are some key drivers for digital transformation for consumers today?
Consumers have high standards when they interact with brands today. They expect a safe and secure interaction, with a positive experience wherever they are, and whenever they want. They want a personalized experience, which means they have to give up some level of personal data, expecting the business maintains high levels of security and privacy protection. These are high standards for brands, but ones which have become necessary and the expectation.
Consumers are demanding more digital access to services, which is driving organizations to adapt. In doing so, the coordination between their systems must be seamless.
What are the key adoption drivers for digital identity for organizations?
Convenience is the first thing. When you want someone to adopt a new approach or technology, you need to make it easy. For example, when you want employees to use something like Okta, which allows users to sign into apps with a single username and password, you must make it a painless experience. Allowing customers to login and register easily, impacts their initial experience with your brand. Integrating digital identity in the background, makes it so they don’t even know it’s there, even though it’s required for them to use.
Organizations are now required to find new models to remain competitive. They must examine how they deliver new services, and how consumers interact with their brand. To keep up with today’s changing requirements, organizations must continually evolve.
Digital identity and digital transformation are at the forefront of this evolution. Organizations are questioning if their technology stack can meet their objectives. They are questioning what their future service goals might be. These questions are all part of digital transformation. As organizations go through the transformation, they need to answer those questions, and more.
We see the impact of digital transformation everywhere, including within our government agencies. Governmental departments at every level are looking for new and enhanced ways to deliver services to their citizens. A large provincial agency in Canada presents a good example of a government agency going through digital transformation. They wanted to change the way they delivered services, with centralized management for online benefits distribution services to their citizens.
Simeio provided them with a unique approach to integrating diverse systems, by enabling interoperability among their many siloed systems that comprise Canada’s digital health applications and services. The solution improved access to healthcare services, and gave citizens greater control over their digital health information.
FedEx provides another example. Due to the pandemic, they needed to speed up their digital transformation, so they quickly spun up their integration with Okta, to support the shelter-in-place requirement. They obviously experienced a dramatic increase in demand, because customers couldn’t go into stores, and relied on deliveries to their homes. With the greater demand, they needed to deliver products quickly to homes, while maintaining a safe environment for their employees.
In addition to the employees driving trucks and sorting packages, they had office workers sorting out their internal operations. FedEx needed those employees to login safely and securely from their remote locations, using any device. To accomplish this, the company deployed adaptive multi-factor authentication, which is something that they had not dealt with before. While they needed the solution quickly, they also wanted it to be secure and easy for their users. The adaptive multi-factor authentication required many contextual factors to confirm that users were who they said they were, yet it was simple to use.
Has COVID accelerated these drivers?
The current situation is unprecedented. Many organizations are re-evaluating the way services are delivered, with employees unable to go into their offices. The Canadian province I mentioned earlier, wanted to digitally deliver COVID-19 test results, securely and seamlessly. Simeio was able to set the system up in just 18 days. The province of Ontario, Canada is another example, with a population of 124 million. Simeio is supporting a case management system for them, that is used by public health units to access data securely, by first authenticating.
Okta has also worked with organizations to make the transformation easier during this pandemic. In my discussions with customers, because of the massive move to the cloud, organizations have found the transition much easier than they expected. It still requires a lot of work. But because they are using cloud-based technologies like Slack, Microsoft Teams, Okta, Google Cloud, etc., the infrastructure is already in place to enable them to make the transition quickly and securely, while ensuring an excellent user experience.
Organizations really need to think about the security layer. I mentioned adaptive multi-factor authentication earlier. We’ve all had a brand experience where we were asked to add our phone number, to set up a second factor. While that used to add friction to the user experience, today there are new approaches, like biometric authentication, that can use your fingerprint or face ID. There are really cools things companies are doing, like detecting movement of your hand, or your voice. However, an even more simple approach is just having users answer a simple push notification, by clicking “YES” on their device.
Are there curveballs that folks should consider with digital transformation?
Yes, quite a few, actually. Many of us want to take advantage of existing things that we think will make it easy for consumers, like logging on with Facebook or Google with a single click. However, as we know, these companies collect our personal data. Some of your customers may have had a negative experience, or have a negative perception with one of those brands. By including them with your login process, you might actually deter those users.
You’re also adding another company’s brand experience on top of your own brand, when you really want them focused on your organization. One way to mitigate this, is to create a simplified registration experience, that only collects the minimum data you need from that user. It might just be a username and password. As the user moves through your online presence, you will have additional opportunities to collect more information at the right time. But again, make it easy and fast for the user.
I’ve had many customers ask what social logins they should use. Again, you want to build on your brand, and have the experience be about your organization. Implement data privacy that you can control, and minimize the data you collect. Remember, there is a lot happening on the privacy front, with regulatory requirements from GDPR in Europe, and CCPA in California. Many more states are going to have privacy regulations. This adds a massive amount of complexity to the business. Adhering to data privacy mandates and policies is extremely important. I know there are organizations that don’t consider this, as they go through their digital transformation, and design the user experience. Rather than an afterthought, it needs to be an upfront consideration.
Having a framework to address privacy regulations is key to making sure you’re in compliance. One of the ways Okta views this is, before you can comply with data privacy regulations, you need to understand the data you have. You need to categorize it, know where it lives within the organization, document it, and map everything into a consolidated data source. Is it in a database, a directory somewhere, in your marketing automation system, or in a CRM? The reality is, it’s probably in a hundred different apps and locations.
You also need to understand if it’s healthcare data, usernames and passwords, financial data, or credit card numbers. If the customer requests that you delete their data, then you need to delete it in every location. That can be very time consuming, tedious and difficult.
You should always pose the question, “Do I need this data?” That registration field is the gateway to your brand, where you might collect thirty different items. Do you really need all that data? Are you even using it? If not, don’t ask for it.
As organizations think through their modernization roadmap, what guidance would you give them?
Plotting a roadmap for digital transformation is difficult, and can last more than a decade. It’s a long journey. One top of mind area is reviewing legacy infrastructure, and considering moving those to the cloud. The cloud really does set you up to better handle curveball scenarios like the pandemic. The more you can move to the cloud, the more you can integrate across systems, apps, and your entire infrastructure.
Creating a user experience based on identity is important, and modern authentications fully support cloud-based applications. You should work toward building a universal directory of people. When a person logs in from brand “A”, you want to know if they’re the same person in brand “B”, even if the username is different. Creating those connections is one of the first things you should do, and it requires a foundation.
We’ve just touched upon some of the conversation. If you want to learn more, you can watch this, and other on-demand Coffee Talk sessions at https://www.brighttalk.com/channel/17142.
We hope you can join our next Coffee Talk where you can chat with IAM experts, ask questions and gain insights into how you can lower operational costs, and achieve greater security and privacy using IAM. Click here to sign-up.