Striking The Right Balance: Securing Customer Information and Data in the Highly Personalized World of CX
By: Matthew Vulpis
Originally published on Customer Magazine
For organizations today, offering an exceptional customer experience has become an essential aspect to thriving amongst competitors in a highly competitive world. Being able to seamlessly offer customers the help or the access they desire across a myriad of platforms is critical to any business that wants to keep its doors open long-term. However, as consumers increasingly adopt digital technology and become more careful about sharing data, companies are learning that data protection and privacy can create just as much of a business advantage when it comes to the customer experience.
Consumers today generate a vast amount of data, which creates both an opportunity for enterprises to improve their consumer engagement and a responsibility to keep consumer data safe. This data, including location tracking and other kinds of personally identifiable information, is immensely valuable to companies. Many organizations, for example, use data to better understand the consumer’s pain points and unmet needs.
“Consumer data is clearly transforming business, but companies are responsible for managing the data they collect,” said Ali Gomulu, Solutions Architect at Ironsphere, a software and privileged access management company, when asked about the importance of consumer data protection. “While these insights help to develop new products and services, as well as to personalize advertising and marketing for a more dynamic CX, companies must make sure they are keeping personal data safe in order to truly win over consumer loyalty.”
However, according to a McKinsey survey of 1,000 North American consumers, many people today feel they can’t trust companies to keep their personal data safe and secure. No industry reached even fifty percent in terms of trust rating when it came to data protection, and while they understood sharing necessary data for interactions, many consumers were aware of recent catastrophic breaches in which personal records were made public.
The Mckinsey report also found that about two-thirds of internet users in the United States say it is “very important” that the content of their email should remain accessible only to those whom they authorize and that the names and identities of their email correspondents remain private. On top of this, about half of the consumer respondents said they are more likely to trust a company that asks only for information relevant to its products or that limits the amount of personal information requested. These markers apparently signal to consumers that a company is taking a thoughtful approach to data management.
For these reasons, leading companies are stepping back to think about designing a secure customer journey, that is, a relatively engaging online and mobile experience for legitimate users that is also safe from cyberattacks and fraudsters.
“Customers expect an easier digital experience, including fast authentication and log in, as well as seamless web and mobile interactivity, but the growth of the digital channel has also expanded the domain for cybercrime,” said Gomulu. “Companies that are able to offer a personalized CX while maintaining strong security standards will gain a competitive advantage.”
There are many ways organizations today can improve the security of the CX while not taking away any of the ease of personalization.
To start, businesses can strike a reasonable balance between security and experience. When designing the secure journey, organizations will have to make trade-offs between security and the customer experience. If they achieve the right balance, users will be offered a seamless journey, creating greater business opportunity, while the risk from exploitative attackers will fall significantly.
To do this, organizations must ask themselves questions such as, What level of consumer flexibility is appropriate for multi-factor authentication? How often should users have to reauthenticate after logging in? And, for how long should user devices be recognized? Trade-offs like offering a mix of multi-factor authentications options and restricting device recognitions to anywhere from 24 hours to two weeks, depending on the level of data accessed, can help satisfy security requirements without muddling down the CX.
Another option for organizations today is to turn to privileged access management (PAM) to keep personal consumer data safe. PAM allows organizations to secure their infrastructure and applications, run business efficiently, and maintain the confidentiality of sensitive data and critical infrastructure, making it just what businesses need to tighten the locks on their CX.
“PAM solutions, such as Ironsphere’s, strongly help combat fraud and prevent accounts from being taken over; identity-proofing by validating the identity of the user, and multi-factor authentication, have become standard controls during user registration and log-in,” said Gomulu. “Organizations may take different approaches to implementing controls through the secure-journey life cycle; however, depending on their risk appetite, recent incidents, and the desired customer experience, PAM is most likely the solution for them.”
PAM helps strike the ideal balance between customer experience and security without needing to sacrifice one in pursuit of the other. PAM provides powerful security features, extending from authentication to the data layer to reduce the risk of breach and the subsequent loss of revenue, reputation, and customer trust. PAM also helps demonstrate security commitment by giving customers the ability to control how and with whom their data is shared, allowing them to have more power over their own personal data.
As the complexity of the digital economy grows, and companies expand their digital footprint, the need for an optimal customer experience within the secure customer journey will only grow. And while there is still a long way to regaining consumer trust, companies can take advantage of the tools at their disposal to keep consumer data safe and consumers happy overall.
“Ultimately, customer satisfaction is what drives businesses to adapt, meaning companies will strike the right balance between the digital experience and digital security across the customer journey to increase customer satisfaction and business opportunities alike,” said Gomulu. “Using PAM solutions, such as Ironsphere’s, companies can give customers what they want and keep them coming back, both delighting them and protecting them.”
Corporate information security governance is a foundation upon which organizations can build an increasingly significant part of their overall risk management platform. The foundation of a successful security governance program begins with strong upper-level management support, including the CEO, Chairman and Board Members.
Data Privacy Day is held on the 28th of January every year, and is designed to raise awareness among businesses, governments, and other organizations on not only the right to privacy, but the responsibility associated with protecting the data of customers, citizens and consumers.
Cloud computing combines diverse networked devices and an array of services. While cloud service providers tout the simplicity and cost savings associated with moving to the cloud, the architecture of cloud computing creates new security headaches as the attack surface expands.