Frictionless security is not a new concept. It's been around since at least 2011. But it's been difficult to achieve because of integration issues, data type challenges and others.
But customers are now beginning to embrace cloud at greater pace than before and that means a proliferation of off-premises apps, applications and business systems, directory stores and repositories. They're everywhere when they're in the cloud and few people, in fact, know where they are actually physically located. And that means it's impossible to secure a physical perimeter.
Security in these environments is also seen by users as an impediment. With so many systems and apps and programs, your employees, customers and everyone else using your company's systems are constantly being asked to log in or register and remember their details. With good reason. Hackers seem to constantly be snooping for their personal details.
But, let's face it, security is a major headache. It's the "grudge purchase" of the online world. Nobody wants to do it because it constantly gets in the way. In fact, you either use the same or a similar password pretty much everywhere online, or you have one of several methods for storing all those passwords and usernames.
But, let's face it, security is a major headache. It's the "grudge purchase" of the online world.
People mostly use their browser-based keychain, password storage apps, appended to a contact in their phone's contacts list, in a plain text file on their phone or computer, on a sticky note on their desk sometimes stuck under their keyboard or behind their monitor, to the top of their drawer, the ceiling of their desk's footwell, or even a plain old Word document they upload to their free online storage drive.
None of them is very secure. Hackers know all of those and routinely grab people's details from those locations.
And, in all honesty, without those "forgot password" buttons, a lot of us wouldn't be able to even get our e-mail at some point or another, let alone access some offsite customer database to feed our analytics system.
Security has to get smarter if people are going to actually use it and that's what frictionless security is all about. You're starting to see it appear in your social media apps and channels, maybe your Gmail accounts or services like Dropbox.
You may be asked to verify that it was actually you who logged into one of those cloud-based services from a new device. You may get an e-mail with a button to click. Or they could send you a verification button to press on your mobile phone. It's super-easy and you barely notice it.
But there's older frictionless and there's newer frictionless. The older kind you've probably used if you have a social media account of one kind or another. It's where you've signed into a service or app by clicking the "Login using (insert social channel here)" button.
It's frictionless because you don't need a new username and password for whatever new service you're using. It's quite convenient. It's actually called single sign-on. It really cuts back the friction but it's not the most intelligent system. More intelligent systems would log you in but still keep an eye on you once you were logged in.
The problem is that if you use one account to sign in to another service and a hacker cracks your original account, then they can potentially access your other, connected services too.
That's why the newer frictionless security that more advanced businesses are using employs machine learning algorithms to be smart about security. Essentially, it lets you sign in however you usually do, through facial recognition, fingerprint, username and password, whatever. Then you go about accessing all your services from that one sign on. It's entirely frictionless from that perspective. There's no pause to sign in every time you access a new service or go into a new business system or want to pull a report from another analytics program.
But it's not just letting you run wild like single sign on. It's watching your every move. Step out of line and it knows. It learns from a number of different places. You, for one. It can be trained over a period by watching what you do. Or it can learn by watching your peers. Or it can be told what you're allowed to do or not do by administrators and business policies. Or combinations of those approaches.
It steps in when it detects a departure from the norm and only then asks you to verify yourself again. That's the intelligence that's resolved the challenges frictionless has faced in the past to deliver in reality what used to be a dream of effortless integration and smooth customer experiences.
Share