Until recently, typical cyber security discussions were about locking down data access, keeping out hackers, and protecting against external and internal threats. But that has all changed with the rise of fast-growing technology disruptors like Uber and Airbnb, and it will change even more as the Internet of Things gathers momentum.
These new business threats and opportunities make the technology capabilities that underpin digital business strategies vitally important. That includes new cyber security capabilities around digital identity, data analytics, customer preferences and privacy.
Organizations have woken up to the fact that to pursue the opportunities driven by the digital/mobile/data revolution you need to invite people “into the store” to access and share information. That also includes government organizations looking to provide a digital front door for communities to access services more efficiently.
In the digital economy, traditional supply chains will continue to be disrupted by services offering superior customer engagement or product offerings supported by digital innovation. Innovative new businesses see the potential to exploit consumer information and turbo charge their growth.
To compete – and not become digital dinosaurs – organizations need to understand and engage with the digital economy, and mature their own capabilities. Effective understanding of the digital identity of your current and future customers or citizens – their Consumer Identity – is a core foundation competence.
That is not just about locking down data access. It is about unlocking the information needed to become more intimate with customers or citizens – getting to know them, digitally, to understand their needs to serve them better. You also need to respect their wishes – managing the “three Ps”: Permission, Preferences and Privacy –all part of what we call Consumer Identity Management.
Every organization holds customer information they could leverage if they had the right capabilities. As consumers we’ve all had relationships with a vendor – a local shop or a car dealer – and felt disappointed when a familiar face leaves. We value those relationships because we know that we will get better service and won’t be pestered with the wrong offers. When we do get the right offer we say, “Great, I like that”. It’s the same in the information economy, except that it’s digital identities and data.
For many organizations, that is a difficult road to go down, although the reasons vary depending on their level of Identity Management capabilities. For organizations that have not already invested heavily in the digital economy, there can be cultural barriers. For many information security professionals, the first instinct is to say no, it can’t be done, or that it would be too risky. That’s understandable: traditionally their role has been to keep people out of the organization’s information systems.
Often the first step is giving executives the ammunition to say to their security people: “We can respect privacy and security, we just need to use our information security tools for a different purpose. We can use them to share information, provided the consumer has control over the process, for their own benefit.”
Even companies with sophisticated online operations can struggle to keep pace with new trends in the digital economy. Your identity systems may currently be able to handle customer Permissions, Preferences and Privacy for your own digital services, for example. But they may not support the three Ps for new Internet of Things devices coming onto the market, or for the third-party and fourth-party digital services built on top of them. It may be very expensive to adapt your identity systems to participate in these fast-growing digital ecosystems and a revamp may be needed to give you the necessary agility.
There are other challenges, such as the ethical treatment of customer information. If a company can analyze an individual’s behaviors – even their psychology – then what are the ethical boundaries around using those insights? Given that people are very concerned about their privacy– do you need to disclose to customers exactly what information you hold and how long should it be before that information expires and is deleted?
But these are cultural and process issues, not technology ones. A panelist on a recent cyber security panel discussion suggested that organizations needed to build their digital literacy skills around good ethical decision-making, and we agree with that.
Before you can build those skills and processes, however, you need to empower staff with the technology tools, and that includes cyber security and privacy safeguards with a focus on Consumer Identity Management. Robust data analytics that deliver actionable insights into individual customers are also part of that.
With those technology capabilities in place, you can get down to business in the digital economy. You can use your knowledge and analysis of customers and engage with them openly on that basis. Because if you don’t, someone else will.