All businesses are now digital businesses. This transformation has turned mastery of data security, privacy and governance into a must-have, and businesses have been unafraid to invest vast sums to bolster capabilities in these areas. In 2019, global enterprise IT spending exceeded $3.7 trillion dollars according to Gartner.
For all this investment, many businesses could be overlooking a critical area of risk - digital identity silos. Digital identity silos are formed when different departments within a business deliver new digital services independently, creating a separate set of identities for the same customers.
Many organisations today are running a wild mix of legacy, home-grown, and standard identity and access management (IAM) products to secure and manage the identities of users and their access to their services, applications, and systems.
This fragmented approach might work from an individual service or business unit perspective but, without a centralised identity infrastructure in place, an organisation has no way of accurately mapping and managing identities and access across all their systems. This has short- and long-term implications ranging in severity from poorly secured customer data and inconsistent customer experience (CX) across business divisions to potential regulatory friction.
Identity silos in action
A simple way to break down this problem is by using the example of telemarketing for banking products. Many of us will have received such a call and, in some instances, wondered why this cold caller is trying to sell us a credit card when we already have one with that bank.
The answer is: identity silos. Because each banking department has that data in disjointed and disconnected silos, rather than a centralised identity infrastructure, the telemarketer does not have access to critical customer information. It is not unheard of for some banks to have over 400 separate identity silos within the entire organisation.
For customers, the result of any identity silo is a frustrating customer experience. This includes everything from having to speak to multiple people at a bank's call centre before finding the correct branch to creating and remembering credentials for different services at the same bank.
The unintended - and far-reaching - consequences of digital innovation
Enterprise leaders and their teams face pressure, externally and internally, to continuously innovate their technology and business models to deliver and improve digital services. As they undergo these changes, identity silos are created accidentally and multiply.
So why have businesses been slow in addressing identity silos? One key reason is M&A. When companies buy other businesses that have their own separate identity management systems, the acquirer can be unaware of this at the time or depending on how large the merger is, reluctant to address it outright because transferring those identities would be a massive undertaking.
But the headache of replacing legacy IAMs with a modern solution only increases with time, as the business launches new offerings and onboards new customers. The scale of the task, and the cost and time associated, make executives even more reluctant to make changes so developers and business unit heads circumvent the approved solution (and the hierarchical approval process) and buy off the shelf products to speed up deployment. Over time, this creates a multitude of what we might call ‘shadow identities’; alternative identity systems deployed outside of the purview of the IT team.
For the business division in question, the problem of dealing with identity silos ends there. But for the business as a whole, the consequences go much further.
From a regulatory perspective, identity silos make it more likely that businesses will fall foul of data privacy laws. Without a unified view of customer data, a business will not be able to comply with customers’ requests to opt-out of a service or action Subject Access Requests (SARs) in a timely fashion. This could potentially expose that business to regulatory action including a fine of up to four per cent of global turnover.
Identity silos and the fragmented landscape of information they promote also jeopardise digital transformation initiatives from a security and resource perspective. Organisations with many identity silos will find that they are ill-equipped to stay up-to-date with the latest technology, regulatory, and security trends, as well as the related standards and protocols such as OAuth 2.0, mutual TLS, Open Banking standards now in place. This leaves businesses facing a stark choice between directing resources towards solving these problems or investing in other transformational initiatives.
In today’s digital world, customer experience rules all
Business in the 21st century is governed by a simple rule: customer experience is king. The new generation of digital native businesses has operated by this principle since day one. This in turn, has elevated consumer expectations about what a high-quality digital experience now entails.
For ‘legacy’ organisations, this is a double-edged sword: yes, they have to play CX catch-up. But they also have a major advantage over more nimble startup challengers: a customer relationship and data spanning decades.
This trove of data can provide the actionable insights that an organisation needs to provide a truly differentiated customer-centric service. Businesses of all stripes are already investing in analytics to better understand customer needs and preferences. While Facebook and Google dominate the field, other businesses can still leverage their data to open up new revenue streams from additional services and products.
However, they cannot do this if they don’t have a central 360-degree view of that customer across all business units. The more shadow identities in a company, the more that company will struggle to create new revenue opportunities crafted around what they now know about those customers.
When viewed in this light, it becomes clear that businesses that fail to address their shadow identities are not only doing their customers a disservice, they are missing out on a new competitive advantage.
Bringing shadow identities into the light
So how can companies start to tackle this problem? The first step must be a complete audit of everywhere that identity silos exist, as well as the state of the customer experience delivered across all channels. Most businesses that do this are surprised by just how many different identity systems they have already. It is only once you have a clear view of not just the silos, but where they are causing friction in the customer journey that you can decide on the best solution.
Once you have that information, the next phase is likely to require deploying a centralised IAM system that can seamlessly integrate with existing legacy identity systems, existing applications, and any new point solutions your IT department wishes to deploy. Lastly, step three is to combine the insights provided by this new single view of users to deliver ongoing context-based authorisation and authentication that ensures that only the right people get access to the right information. All the while increasing personalisation across touchpoints, courtesy of your new, unified identity solution.
The digital economy waits for no company
The digital economy waits for no company, so if now’s not the time to bring identity out from the shadows, when is?
With rising customer expectations around convenience and data privacy, the looming threat of punitive regulatory action around data misuse, and the commercial and reputational damage that data breaches and fraud can bring, enterprises cannot afford to turn a blind eye to digital identity silos.
If your organisation is serious about digital transformation, then you need to make sure you have a clear view of where these silos exist, how many there are, and how they impact customers across all channels. Failing to do so will mean the problems will only escalate as the number of digital services and applications your business delivers steadily increase - and that you’re missing out on new sources of customer-centric growth.
Peter Barker, Chief Product Officer, ForgeRock