Feb 19, 2021

Identity and access management analysed and explained

identity
Cybersecurity
access management
Cloud
Steven Rees-Pullman
5 min
Users can come from anywhere in the world on any device, and IAM can both protect the company and make money in the process
Users can come from anywhere in the world on any device, and IAM can both protect the company and make money in the process...

My parents aren’t digital natives. But when the pandemic hit, they too had to learn to navigate life online. At a fundamental level, this meant they needed digital identities with which to access the services they had long received in person: healthcare, banking, even picking up the newspaper on the way to the train. I found myself explaining the concept of access and realising, even as an identity vendor, how easy it is to take the login box for granted.

Identity and access management (IAM) is utterly pervasive in our daily lives. Research on The State of Application Assembly shows 83% of applications today require some form of authentication to verify users’ identity and control their access to digital resources. Whether you’re ordering a gym hoodie for your teenager, messaging a colleague at work, subscribing to a news outlet, or tuning into your favourite streaming service – all of which I’ve done this week – it’s likely you’re logging in.

In most cases, we do this autopilot, barely registering as we enter our credentials unless there is a problem. Login should be simple for my parents, but that limited understanding of IAM is ill-suited for the business world where access must span many applications, comply with data privacy laws, thwart hackers, and generate revenue. In light of Cybersecurity Awareness Month, I wanted to share a few thoughts on why the login box is just the tip of the iceberg, and how to make access work securely and profitably for your business.

IAM can save on compliance and security costs

Whilst explaining access to my parents, I inevitably started with passwords. Passwords are the classic form of authentication. Only the person who knows the password can access personal information, which is, of course, why passwords have become a prime target for people pretending to be you. Either through so-called phishing attempts that trick you into divulging your credentials or by simply purchasing lists of stolen usernames and passwords from the dark web, hackers can gain access to your loyalty points, bank account information, and streaming accounts.

One of the most pervasive types of attacks is called credential stuffing, which has befallen Disney+, Tesco, Deliveroo, Boots, and the TFL’s Oyster site in the past two years. If you’re reusing passwords across sites, you’re at a higher risk for this attack, which tries previously leaked usernames and passwords against a large number of websites in an attempt to take over accounts. The Cost of Credential Stuffing report by Ponemon Institute puts the cost of credential stuffing attacks at £4.63 million ($6 million) per company per year, not to mention fines for breaches of data privacy regulation.

Classic IAM with passwords alone cannot defend against credential stuffing attacks. Multi-factor authentication (MFA) is a way to supplement passwords with a second way to prove you are who you say you are, whether that’s biometrics or a code sent to your device. People trying to impersonate you will have a much harder time getting through these defenses. If you can beat a hacker’s patience, you’ve won.

Stolen credentials are now responsible for the majority of cyberattacks according to Verizon’s 2020 Data Breach Investigations report. As a business, this should put IAM squarely in the centre of your security strategy. IAM is worthy of investment as your first line of defense not just against hackers, but against unnecessary security and compliance costs as well.

IAM can make you money by converting customers

When put in the position of explaining what we do to friends and family, many of us in the IAM space have responded with, ‘we’re the login box on your app.’ It’s true, but if this were the only benefit provided by IAM there would be little reason for business like ours to exist.

IAM is the umbrella term to describe verifying users’ identity (authentication) and granting them access to digital services based on the rights they have (authorisation). However there is a special type of IAM that deals specifically with end-user identities, called Customer Identity and Access Management (CIAM). Traditional IAM is internally-focused for employees and often a cost centre, while CIAM is externally-focused and can actually generate revenue.

Here’s how. If you’re a user of Gymshark’s conditioning app launched earlier this year, you will have needed to create an account. As consumers, we have little to no patience for long registration forms. And if you’re Gymshark, you want people who’ve created an account to be automatically logged into your retail sites to encourage conversion. CIAM is essential for solving both of these challenges and making login both effortless and secure.

But if CIAM is just Single Sign-On (SSO) with a few fancy security features, companies would still be building it themselves. This is why CIAM affords additional benefits like the ability to integrate with third-party social providers like Sign in with Apple or Google, progressive profiling to gather first-party data from the user over time (versus all at once during registration), and stringent data privacy policies to store identity information appropriately in light of decisions like Schrems II / invalidation of US-EU privacy shield.

This is the value you pay for and the return on investment can be both immediate (such as in the case of Arduino that saw a 20% increase in user conversion after turning on social logins) and lasting, like Gymshark that is now saving £900,000 per year on authentication costs.

IAM is a building block of the internet

Like the average consumer, executives aren’t used to paying much attention to IAM. But as every company becomes a software company, knowing who your users are and what they can access is essential. Like payments, messaging, even data and analytics, identity management is taking its place among the building blocks for a successful digital business.

According to a Hitachi ID report on Top IT Budget Priorities Through 2020, about 43% of IT executives said they’re investing in IAM ahead of such areas as endpoint security and security awareness training. They know there is no such thing as a corporate perimeter with one gate in and out. Users can come from anywhere in the world on any device, and IAM can both protect the company and make money in the process.

At the time of writing, I am pleased to report my parents are getting on just fine in the digital world. If you are investing in access, your business can say the same.

By Steven Rees-Pullman, SVP International, Auth0 

Share article

Jul 26, 2021

Five9: the cloud software industry leaders acquired by Zoom

five9
Cloud
contact centre
Catherine Gray
2 min
Following the announcement of Zoom buying cloud company Five9 for almost $15billion, we take a deeper look into the company’s history and success

Five9 is the leading provider of cloud contact centre software. Driven by a passion for transforming contact centres into customer engagement centres of excellence, Five9 have a deep understanding of the cost and complexity of running a contact centre.

Founded in 2001, Five9 help contact centres of every size create powerful connections. 

The company has over 20 years of cloud contact centre experience, reaches over 2,000 customers worldwide, and annually reaches over 7 billion customer interactions. 

Built on a highly reliable, secure and scalable cloud platform, Five9 makes it easy to rapidly trial and deploy new services. Its software also future proofs businesses by supporting AI and other emerging technologies.

Utilising cloud capabilities for improved customer experience

Offering software that creates more successful customer interactions, Five9’s cloud contact centre software increases contact centre productivity. This is without the capital expense and maintenance costs of premise-based systems.

Built on flexible architecture that adapts to a company’s changing needs, Five9 customers benefit from a secure, reliable and scalable contact centre.

Five9’s cloud contact centre platform also gives customers access to an extensive ecosystem of partners. Its platform can be enhanced with leading customer relationship management, analytics, workforce management, performance management solutions and telephony providers.

By utilising cloud technology, Five9 customers have access to the latest capabilities through no-touch, non-disruptive real-time upgrades.

Five9’s recognition for industry-leading software

As a leading cloud contact centre software provider, Five9 has been recognised by leading industry publications and organisations for its success and innovative solutions.

For the fourth consecutive year, Five9 has ranked as a global leader for The Aragon Research Globe for Intelligent Contact Centres 2021. 

Five9 was also one of only three providers to earn the MetriStar Top Provider award when evaluated as part of Metrigy’s global 2021-2022 Workforce Optimisation and Engagement research study.

Five9: Zoom’s first major acquisition

Zoom Video Communications has agreed to buy Five9 for about $14.7bn, marking the company’s first major acquisition.

This deal with Five9 will help expand the company’s Zoom Phone offering.

“I believe the combination of Zoom and Five9 will be a game-changer. Joining forces will create a transformative opportunity for two strong companies with complementary capabilities and shared values,” said Five9’s CEO, Rowan Trollope.

With Zoom’s reach and brand, the acquisition will help Five9 propel forward and help the company deliver on its goal of significant international expansion

Share article