By
Kirsten Doyle
Cybersecurity is a challenge for entities
in all sectors and employees of every type. In today's increasingly connected
world, managing security is a Sisyphean task. It requires a ton of hard work
and yet will never really be finished.
The gig economy has expanded the problem
of enterprise information security beyond the traditional office. Platforms
like Airbnb, Shopify, and Uber have introduced flexible work models, while many
businesses now rely on freelancers and temporary staff. The bottom line is that
with the ingress and egress of so many new people in companies each day, HR
teams must find a way to verify that gig workers are
who they claim to be.
The Rise of New Identity Categories
Today's
distributed world has seen a slew of new identity categories arise.
Customers demand personalized experiences and frictionless access to purchases
and support. Businesses strive to balance convenience and data
privacy to meet their customers' demands. At every stage,
there will be tradeoffs, but the experience must be seamless, frictionless, and
secure to build and maintain trust.
Gig
workers and partners also need access to resources on demand, often
only temporarily. Here again, security and efficiency are critical.
Sprawling identities
Companies
using traditional IAM systems have to manage a limited number of workers, all
of whom are known to the business. They could manage up to thousands of
employees using corporate accounts within a secured network surrounded by
a firewall. This model was already proving to be a challenge with the surge in
remote workers, but now that the number of users has gone up to hundreds of
thousands, traditional IAM systems just do not scale up.
In today's gig economy, freelancers and
contractors use their own accounts to create their identities in
what's being dubbed a bring-your-own-identity (BYOI) phenomenon. Managing
these identities is significantly more complex than managing identities within
the business, and the vulnerabilities are practically limitless.
This perfect storm of factors means
businesses need secure yet user-friendly Identity and Access
Management (IAM) solutions that have the flexibility to match gig
workers' needs. Importantly, these solutions must strike the right balance
between security and user experience.
The best IAM solutions minimize
friction for users while still establishing the required levels of trust,
as they protect valuable information assets while still enabling their
workforces to use the resources and systems they need to do their jobs effectively.
Addressing Identity Sprawl
Customer IAM (CIAM) allows
organizations to securely capture and manage external identities and their
access to applications and services. CIAM helps to safeguard data privacy and
protect against identity theft and other types of fraud and misconduct.
Moreover, they enable users to independently manage their account profiles and
security settings. While CIAM systems were born out of the need to manage the
scale of customer/consumer identities, they're turning out to be a better fit
for other identities like partners, suppliers, or gig workers.
CIAM makes
it simple for businesses to add user registration functions, strong
authentication, and access controls to customer-facing apps. It also enables
businesses to obtain user consent for data processing, giving customers more
control over their data and privacy. This helps enhance customer experience
(CX), bolster security, and ensure compliance with data privacy regulations. CIAM solutions are usually delivered via the cloud, hosted and managed
by a third-party security provider to ensure flexibility and scalability.
Social login is another way businesses are
facilitating seamless access for customers. Also known as social sign-in or
social authentication, social login is a mechanism that allows users to log in
to a website or application using their existing social media credentials, such
as those from Facebook, Google, Twitter, or LinkedIn, instead of creating a new
account with a separate username and password.
By streamlining this process, there's no
longer a need to remember multiple passwords, and manual data entry has been
eliminated. This enhances the UX, leading to higher engagement and
satisfaction. It also provides access to user data for personalization and
targeted marketing, reduces password fatigue, and enhances perceived security
through trusted social media platforms and additional security features like
two-factor authentication.
On the downside, social login collects
many customer data points, such as likes, check-ins, and other interactions.
Not all customers are happy trading personal information for the convenience of
frictionless login.
The Need for Identity Governance
With identity sprawl becoming a real
issue, Identity Governance and Administration (IGA) helps security
administrators to effectively manage workforce identities and access within an
organization. It provides increased insight and visibility into identity and
access privileges, facilitating the implementation of necessary controls to
mitigate inappropriate or dangerous access.
The typical JML (joiner, mover, leaver)
processes have worked really well for large organizations with tens of
thousands of employees. Traditional IGA solutions, however, were built with a
very workforce-centric view. Gig workers and other third-party users (like
partners or suppliers) tend to have very different needs. Identity verification
for a gig worker, for instance, cannot happen at the office and is likely to
happen remotely as part of the onboarding process. Similarly, being true to
their nature, gig workers need to be offboarded quickly as well. A typical
example is that of seasonal workers working at a factory or warehouse.
Identity administration for partners,
suppliers, and distributors can be even more complex. These external users need
to have the authority or be delegated to manage the identities of users
inside their organizations. Imagine an insurance broker defining the identities
of its own employees to gain access to the systems of the insurance company. A
CIAM solution or a more specialized B2B IAM solution can help organizations
address such complex identity administration challenges.
The Workforce of the Future
In the
evolving workforce landscape, freelance workers who are sourced globally for
short-term projects will complete for an increasing number of jobs remotely. As
the industry anticipates this shift, gaining insights from successful practices
in the access management sphere is crucial. Doing so provides a solid
foundation for devising IAM solutions for the workforce that are adaptable to a
wide range of employment structures.
The
battle between security and experience rages on. Too much security will kill
experience and turn loyal customers into disgruntled visitors looking for
another, more friendly competitor. Eliminating friction in the user experience
will adversely affect security, invite bad actors in, and ultimately damage the
brand. Looking at the future of identity, evolving technologies, such as
passkeys, consent management, biometric identification, and societal shifts,
will shape how individuals interact with and safeguard their digital
identities.
##
ABOUT THE AUTHOR
Kirsten Doyle has been in the technology journalism and
editing space for nearly 24 years, during which time she has developed a great
love for all aspects of technology, as well as words themselves. Her experience
spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise,
digital transformation, and data centers. Her specialties are in news, thought
leadership, features, white papers, and PR writing, and she is an experienced
editor for both print and online publications. She is also a regular writer at Bora.