Balancing security with seamless access

Frictionless security can unlock ironclad customer onboarding for companies.

Read time 4min 20sec
Tallen Harmsen.
Tallen Harmsen.

Neatly exposing business services can be an enabler for rapidly onboarding customers. It's the difference that allows you to not just get a customer but to have them actually easily begin using your service or product.

Yet security demands in an era of rampant hacking and professionalised cyber crime, with the resultant regulatory focus on securing customer data and protecting identities, has required many businesses to all but lock down the data and throw away the key.

Onboarding customers can be difficult, particularly if you consider that onboarding is not just signing them up but getting them to consistently use your products or service. In the digital world of apps, a lot of potential customers fall out of the process between installing the app then and using it repeatedly. It wastes a lot of time, effort and possibly expense of acquiring the customer in the first place.

Later on, even once they've been using your business for some time, you may have to update their details and that becomes another potential friction point that could see them drop off.

Everything you read or hear about customer onboarding boils down to making it an effortless, seamless experience that's so slick it eventually makes your product an essential part of the customer's life.

Traditional security doesn't do that. Traditional security stops the process, interrupts it, breaks it. It snags people's use of your product, like a woollen jersey on a barbed-wire fence. Your customers are on a journey, trying to go somewhere, get a thing done, enjoy something, but security's badgering them with a bunch of stuff they just don't care about.

"Register," it says. "Make a username. No, not that one, that one's used. Nope, that won't work either; we need a minimum of eight characters and a special symbol but only one from the AZERTY and Dvorak keyboard layouts."

Traditional security snags people's use of your product, like a woollen jersey on a barbed-wire fence.

Finally, when you've gotten over the blood vessel-popping annoyance of it all and found a password that it likes, you have to enter the Captcha code but you can't tell if it's an uppercase or lowercase X or S or C. Super-frustrating is the PG way of putting it and it's anything but frictionless.

Additionally, APIs have brought businesses a long way towards making the onboarding process seamless. APIs let the developers seamlessly connect the business systems, databases and stores so they can quickly and accurately pass data to one another to speed customers through various processes.

But the different business systems must still shake hands and ensure they know who they're talking to. Customers accessing their current account statement may want to check on their home loan, credit card, or vehicle finance. Signing in each time impinges usability and the user experience. It creates a friction point of potential frustration.

So users may be able to update the credit limits on their various banking cards via the app but realise that they have to sign in each time. Or they have to register for the various segments. Or security protocols lose them in an infinite loop between application functions provided as a service.

Making sure the inter-system friction is lubricated to a minimum is even more important in the context of a growing number of functions-as-a-service. Typically used for microservices, functions can be cobbled together from the major cloud service providers such as Google, Amazon and Azure to support Internet of things services, mobile apps, Web apps, or even full programs and applications.

Functions are obviously therefore providing the current ultimate in flexibility and agility, and they're the current darling of developers. But second-rate security will hobble any such attempts or, worse, be circumvented.

Modern frictionless security lets the functions flow smoothly however you want them served up because it's smart. It sits back and listens, watches, observes, like a silent guard dog, ready and waiting but otherwise not getting in the way.

It employs machine learning to figure out what people should be doing and how they should be doing it, and it uses that knowledge to make sure everything's running smoothly. The moment something jars, the security recognises it and only then steps in to re-authenticate and validate.

It remembers too and flags any deviations from the standard operating procedure. That way it creates a watch list. Act suspiciously and you'll be flagged. That's a great frictionless tool for legitimate users but it rapidly ensnares felonious hackers before they're able to carry out their nefarious acts.

And all the while you can keep customers happy, onboard them without any hassle, but still protect your business, customers and meet regulatory obligations.

Tallen Harmsen

Head of cyber security at IndigoCube.

Tallen Harmsen has more than 14 years of experience as a security consultant and 21 years in the IT industry. He has been exposed in depth to the financial services, insurance, healthcare, pharmaceutical, mining, retail and logistics sectors. In his role as head of IndigoCube Cyber Security business, he engages progressive business solutions that challenge the emerging and entrenched threat landscapes.

Login with