The so-called consumerization of IT has wide-ranging implications for businesses, even going so far as leading to the use of social identities for business purposes. In particular, widespread use of mobile computing devices—preferred by many users over fixed, stationary computers—is blurring the line between personal and business usage. Organizations are being forced to adopt policies that allow their employees to use technology in the way that is most convenient to them. In so doing, they can benefit from reduced corporate costs, improved employee morale, and improved productivity.
But the need to provide employees and others accessing corporate resources with greater convenience goes beyond allowing them to use whatever devices they choose. They need a way of controlling which users are accessing which resources, but in a way that is convenient to users, even as volumes of data generated soar and people use an ever wider array of applications. This increase in application and resource usage creates issues for consumers and organizations alike.
Convenience Plus Security
For users, there are problems with having to remember an ever-growing number of user name and password combinations for each application that they use, many of which have unique demands in terms of password complexity. This leads to them resorting to unsafe practices, including storing passwords in a convenient place where others can also find them or reusing the same password over and over again.
For organizations, overly complicated authentication procedures can lead to lost business. A recent survey conducted by the Ponemon Institute found that approximately 50% of consumers are very frequently or frequently unable to perform an online transaction such as buying a product or obtaining a service because of an authentication failure, such as forgetting their password. It also found that around three-quarters of consumers want to be able to verify their identity without having to give personal information such as their name, address, and email during the authentication process. As a result, many abandon the process. For example, the Baymard Institute published statistics recently that show that the average online shopping cart abandonment rate is as high as 68%.
Organizations are increasingly looking to implement technology and processes that enable single sign-on across all the applications that people use to connect to their resources. However, this is complicated by the growing range of users that access those applications, including customers and business partners, as well as internal staff. To enable them to benefit from the opportunities that expanded access to their resources brings, they need to make that process as simple as possible.
One practice that is gaining ground is to allow users to authenticate themselves using just one set of credentials—and preferably those that are already available to them. As the use of social networking services continues to expand, many services are looking to allow people to use the user name and password that they already have set for such social networking sites—so-called social identities. This both relieves them from the burden of having to remember multiple credentials and of having to fill personal information into a registration form for access to each particular resource or application.
By allowing people to use their social identity credentials to access their resources, organizations will be able to engender loyalty among customers and foster collaboration with business partners by providing a more convenient way for those users to communicate and do business with them. Allowing the use of identities such as those used for Facebook or LinkedIn can reduce, if not even eliminate, form-filling, which is hated by many users, leading to fewer abandoned registrations and logins. A recent survey conducted by Bloor Research found that 94% of organizations in the UK and Germany wish to support the use of social identities in their organizations. Gartner also predicts that social identities will grow in popularity in online retail services in particular, rising from their use in less than 5% of new customer sign-ups at the beginning of 2013 to reach 50% in 2015.
However, since social identities are self-attested, they can be considered to be weaker than some other methods of authentication. Organizations need to weigh the benefits they can gain from their use against the increased risk that could ensue from the use of these less secure authentication methods that they cannot themselves control. To counter those risks, organizations should implement a system of authentication based on context—including where the user is connecting from, the device they are using, and the action they are undertaking. For locations deemed to be less secure, such as an unsecured WiFi network, or for access to highly sensitive data or for performing monetary transactions, they should ensure that an additional form of authentication is required, such as the use of a one-time password or authentication mechanism such as a biometric identifier.
In a world increasingly defined by social interactions, organizations need to embrace new technology developments that offer greater flexibility, ease of use, and convenience for those they do business with. Those organizations that enable the use of social identities will find that they are better able to engender trust and loyalty among their customers and business partners.