During the last six weeks, COVID-19 has dramatically impacted all enterprises across every industry. The pandemic has caused a mass shift to remote working for those that can, mass layoffs for those that can’t, decreases in consumer and business spending, and turmoil in the financial markets.
To survive during such an unprecedented event, enterprises need to adapt to the new norm where everything is remote, and everything is digital. CEOs throughout the tech world agree, “digital will become the core.”
“Many enterprises saw digital as an adjunct to their traditional customer experiences or business processes. Going forward, digital will become the core, and anything traditional will be layered on top.” Aaron Levie, CEO Box
To become digital at the core, or digital-first, we see four fundamental areas emerge as the drivers behind this key initiative (ranked in tactical urgency based on today’s situation):
- To successfully operate remotely
- To protect against the increase in cybercriminals exploiting the current situation
- To increase operational efficiency/control costs
- To protect, or salvage, revenue
Our many years of experience as a European identity services provider inform us that a successful outcome for each driver is dependent on the ability to manage digital identities effectively and securely. Identity management, or becoming identity-centric, ties these digital-first initiatives together.
Successfully operate remotely and protect against increased attacks
As soon as the localised non-essential business closure orders came into effect, almost every company had to move quickly to keep operations running. Every employee that could be remote, was suddenly working remotely.
Ubisecure is an Identity & Access Management (IAM) technology company, and to us, remote employees would traditionally be managed by internally-focused, workforce IAM. However, with remote working becoming the new norm, the typical internal user (employee) starts to look and behave a lot like an external user (partner, contractor, or customer). The lines start to blur.
For the first time, internal users no longer have easy access to help desks or the security of the office’s wired, physically protected and monitored networks. Their privileged access to sensitive resources suddenly needs to be made available through the public Internet. Even the simplest business processes suddenly need to be digital, just to keep things ticking over.
The same goes for partners and suppliers. Supply chain management and services provided by third-parties need to be available remotely to keep supply chains functioning.
With physical stores and service centres out of bounds, customers now require a digital-first experience for every interaction. They are registering many more new accounts with merchants, government services, and online tools. Where users have old, existing accounts, they will be revisited, often requiring resetting of long-forgotten identity credentials. And through everything, attackers are profiting from the increased online activity by creating ever-more sophisticated and targeted attacks.
Such phishing, malware, and identity attacks are more successful when people are remote. Without a colleague in the next cubicle to look over their shoulder and help verify suspicious looking emails and websites, people are more susceptible to clicking.
As we have also seen with high-profile breaches like Target and Airbus, suppliers have long been attractive targets to attackers. Now, as more supplier activity moves online, the more supply chains will be targeted.
With so many more digital interactions to intercept or manipulate, the bad guys will continue to take advantage and exploit the confusion, change, misinformation, and general unpreparedness of the sudden increase in digital interactions.
Increase operational efficiency/control costs
The sudden onset of the economic downturn suggests that many companies, especially traditionally brick-and-mortar retailers, will find it difficult to grow revenue in the next 6-18 months. General consumer and business spending is projected to decrease, making the market for goods and services even more competitive.
In times when achieving revenue growth is challenging, businesses will look at protecting their bottom line through other measures – specifically cost control and increased organisational efficiency.
However, for many enterprises, the sudden scramble to operate remotely creates challenges around usual support desks and admin processes. Such companies will find it difficult to gain any productivity or cost efficiencies unless they automate manual workflows as part of their digital efforts.
There is also an opportunity for enterprises to review the potential to automate “it’s always done this way” workflows, no matter how small or large. Even large scale business functions, such as managing how both employees and external service providers (such as accountant or lawyer) can digitally represent your organisation, can eliminate the majority of costly face-to-face processes when automated.
The now critical role of identity
Many legacy Identity & Access Management (IAM) systems that worked perfectly for exclusively managing internal users may no longer be suitable for the new blurred line between what constitutes an internal or external user. Instead, enterprises need to be looking towards Customer IAM – a specialised subset of IAM that focuses on identity management for large scale use cases like consumers, partners, contractors, and other external users.
Single Sign-On (SSO) is an excellent example of a core CIAM capability that offers considerable value in a digital-first, identity-centric enterprise. As new services launch, users neither want to, nor should they have to, manage new sets of credentials. SSO connects the identity accounts across multiple services, giving a single set of credentials and a single digital identity to manage as the user moves through connected services with less friction.
Enterprises should also now consider how CIAM deals with Multi-Factor Authentication (MFA). Office-based employees have local tech support to assist with the distribution and use of clunky MFA devices. But external users, like remote workers and customers, need simple, easy-to-use, and difficult-to-lose MFA solutions like phone-based apps and passwordless login.
As consumers become increasingly reliant on digital experiences, there is an underestimated risk that they become hyper-sensitive to applications delivering poor user experience. Competitive advantage will come from consistent, easy-to-use applications, and easy-to-engage-with digital properties. CIAM capabilities improve how customers can register accounts and preferences quickly, securely, and privately and better support the shift to digital.
As every CFO looks at increasing operational efficiency, the right CIAM solution can dramatically reduce OPEX costs and provide a swift ROI. CIAM supports identity management at scale, with self-service and automation baked into every identity management function. For example, enabling users to self-manage identity credentials decreases the manual workload of the helpdesk. As our culture inevitably shifts and we eliminate, or at least reduce, face-to-face interactions, digital alternatives must replace the traditional ways to validate an identity or delegate authority to third parties. CIAM enables the transition to digital, bringing along significant cost savings (check out this case study of the Finnish government and how they cut costs in various departments by 99% with CIAM).
Digital-first is more urgent now than ever
Truly going digital-first requires the enterprise to consider a wide range of initiatives, including connectivity, storage, productivity, and of course, identity management. We’re in unprecedented times where it’s essential to be executing digital-first initiatives now, not just to optimise operations during the pandemic, but to lay the foundation for an effective, capital-efficient organisation long into the future.
When the time is right for your organisation to talk about your journey towards being digital-first, get in touch. We’ve built an Identity Platform comprising many years of local identity management expertise – deployed in your region as SaaS, private cloud, or on-premise software.