Sebastián Stranieri, CEO of VU™
We technologists are famous for, among other things, telling users and customers how things will be in the future. However, today, seven months into 2020, we can say the future is already here. It came from one day to another—something we never imagined. We couldn’t see that stores and shops were going to close, putting the continuity of many businesses at risk and challenging its resilience to provide services in a different way.
But what happens now? In the face of a new horizon, I would like to draw a line with the components that will make a difference from now on about the technology needed in order to be more competitive and reduce operational risk while generating a great benefit for citizens.
- Digital identity. A mature digital identity system must allow, on one hand, to manage the life cycle of a user, through all current and future digital services and, on the other hand, to control the access to the organization’s resources in order to reduce risks. For this, it is essential to implement multiple robust authentication methods (other than multi-factor authentication) that, associated with user behavior, are compatible with the different use cases implemented in our company. The digital identity must allow us, in a world where new digital channels appear every minute, a single viewpoint of the user through the multiple services they consume. This will let us understand the natural way for the user to adapt and have a higher level of security.
- Consent traceability. This year, it will be increasingly necessary for companies to have a system that allows auditing the what, how and when of the consent provided by a client / citizen / user. It has a key role not only for the user, but also for the protection, both legal and reputational, of what happens within our company. The system must allow to update any condition, as well as review that information in real time when the user or regulator indicates it, or when the company needs to reinforce this situation.
- Invisible fraud prevention. It is what will make the difference for the user when choosing one digital service over the others. At the business level, the decisive factor will be the ability to provide predictability to the user about how they can operate and our capacity to establish unique policies based on the behavior of each user. Most importantly, fraud prevention policies must be dynamic and in real time. It is also necessary that the business is the one who leads this dynamism.
- Right to be forgotten. In relation to traceability, the right to be forgotten will become an indispensable feature for all types of platforms. The exchange of digital information will have to, effectively and easily, implement a functionality so that each user can choose when to take control of their information and when they want to unsubscribe from a platform or an organization. From the side of companies that want to sell goods and services or reconnect with the user, the objective will be to identify them anonymously. In other words, the great challenge will be to generate re-engagement with the user without taking their confidential data.
- Business resilience. This is something that has been a challenge over the last few months. How many companies have calculated the cost of halting operations for one day? This is an indicator that is becoming increasingly critical, and that every director or technical, logistics or supply chain manager should know very well in order to design a cybersecurity strategy with specialists.
- Complexity of attacks. The degree of complexity of the attacks has shown, in recent times, that there is nothing new: ransomware, phishing, spear phishing. The relevance will come with the training of users, to the ability of collaborating and generating a new cycle of internal training. Users will always be the first level of access to company information by an attacker.
The result of the integration of these components is a solid Customer Identity & Access Management (CIAM) strategy that will allow to unify technology-based unattended service criteria for each of the digital channels, customer onboarding, analytics, targeting and everything related to fraud prevention, among other axes of the cybersecurity strategy. Likewise, it will contribute to the federation and unification of said identity, that is, a single point of view of our user.