Recently, news of Target CEO Gregg Steinhafel’s resignation has prompted a lot of discussion around who is responsible when breaches occur, especially the relationship between the CEO, CIO and CSO. In Target’s case, more than 110 million customers were impacted in late 2013. With the corporate reputation damaged, sales falling, loss of investor confidence and uncertainty at the top, Target has a long way to go before they are able to fully recover. But Target isn’t alone – Aaron’s Brothers, Michael’s…the list goes on and on. In fact, a recent study by the Ponemon report stated that 63% of firms admitted that they can’t stop data breaches. While it’s not likely that those 63% fire their CEOs, it is worth examining how to reduce risk.
Just as one takes some level of risk when seeking a romantic relationship—clubbing, speed dating or online dating—people put themselves out there because the potential reward outweighs the risk of rejection. Similarly, there is an inherent risk in business as enterprises hope to develop relationships with consumers through deeper engagement. The lure of quickly increasing revenue can cause companies to overlook security gaps.
Companies looking to strengthen and build customer loyalty and engagement try to make it as easy as possible for customers to connect through e-commerce sites, forums, portals and social media channels. However, making customer engagement platforms accessible without understanding the risks involved, leave companies vulnerable to cybercriminals, who may be after personal and financial information of their customers, employees and partners. The reality is too many companies don’t consider security a problem until it’s too late. In Target’s case, it was 40 million payment card numbers and 70 million other pieces of customer data that were stolen. Breaches like the one Target suffered reduces consumer confidence and trust while hurting the reputation and profits of the company. Examples like these provide a valuable lesson that companies need to be able to understand the interactions with its consumers to better serve them and drive revenue growth without putting customers identify and information at risk.
Just as it is with successful romantic relationships, the suitor must evolve along with the needs and desires of the object of their affection – in the enterprise, the consumer. What worked ten years ago may not work today. This is why identity and access management (IAM) found in legacy solutions need to address the needs of modern enterprises – shifting the focus to identity relationship management (IRM) – by extending it to consumers while still serving employees. Now, with IRM, instead of IAM being an expense, companies can leverage their relationships to drive top line revenue. While the number of users – employees and consumers, devices and identities to manage is growing exponentially, CEOs are determined to engage with consumers in order to drive top-line revenue and maintain an edge over the competition. With IRM, companies can go above and beyond what their competitors are offering in terms of the user experience without having to choose between better serving the consumer and security.
The bottom line is that companies want to romance their customers into a long-term relationship. This is a major goal for all companies – generate reoccurring revenue with existing customers and continue to build relationships with new customers. If that’s going to happen, organizations must understand the risks and protect their consumers while still looking for ways to build stronger bonds with those outside the walls of the organization. Without it, data breaches can and will happen, and consumers will find another love – the competition.
Daniel Raskin | www.forgerock.com | @raskindp
Bio: Daniel is currently VP of marketing at ForgeRock and has more than 15 years of experience building brands and driving product leadership. Prior to joining ForgeRock, he served as chief identity strategist at Sun Microsystems. Daniel has also held leadership positions at McGraw-Hill, NComputing, Barnes & Noble and Agari. He holds a master’s degree in international management from Thunderbird School of Global Management and a master’s degree in publishing from Pace University.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.