The feeling of digital identity management

0

IAM Feeling Good?

I switched banks years ago. My former bank’s financial services and benefits were average when compared to other banks, but something triggered my decision to switch. I had developed a bad online user experience, and especially a bad feeling about Identity and Access Management (IAM).

The online banking website had some clunky functionality, a poor look and feel overall, and an unusual and annoying authentication function. My dissatisfaction developed from my first interaction with the app and it increased every time I logged in.

Online user experience (UX) is important and it usually starts with IAM functions such as identity enrolment and access.

The secure user experience conundrum

A business I recently engaged with highlighted a common challenge across IAM approaches, which reminded me of my experience with my old bank. The context was about providing clinical staff with secure and convenient access to business applications from any device, anytime, anywhere. Business and security stakeholders had some different views on how to best implement strong authentication functions.

“We’ll need two-factor authentication,” the business stakeholder told me. “I’d like to use SMS codes, but nothing like Google Authenticator, which would require the staff to deploy an extra app on their mobile device. It would kill the [business]service adoption.”

At the stakeholder’s suggestion, I then discussed the matter with the company’s CISO separately.

“Yes, we’ll want two-factor authentication,” the CISO confirmed. “I don’t want SMS passcode. It’s not that well-rated anymore from NIST, and for good reasons. We should look at a [soft]token solution.”

The business stakeholder prioritised the usability and the security stakeholder prioritised the strength of the security controls. The different priorities are understandable, but they present a challenge of somehow converging the respective stakeholders’ expectations. This challenge is quite common with security projects, and especially with IAM…Click HERE to read full article.

Share.