To understand how organisations will secure access to their applications with customer identity and access management (CIAM), iTnews and Transmit Security recently asked Australian IT leaders about the importance of digital services to their business.
Digital customer interactions have long been associated with the global “dot com” businesses such as Google and Microsoft, but the reality is most modern organisations now have some form of digital account management.
The research found a high 82 percent of Australian organisations offer at least one type of customer account digital service, from mobile portals to e-commerce, indicating a high demand for CIAM.
Even if it is not top of mind for most IT leaders, Australian organisations are developing new web and mobile services which require a new level of identity management to keep up with the pace of innovation.
This posture showed in the research, which found a similarly high 75 percent have no dedicated CIAM capability, which presents a large security and process improvement gap.
As more customer-facing services go digital, CIAM – the discipline of managing who can access your online services in a secure and uncomplicated way – is no longer a nice-to-have but is now an integral part of an organisation’s IT portfolio.
Furthermore, using only what is available with authentication and account management applications can give a false sense of capability, as such products are not specifically designed with customer security in mind.
To detect sophisticated fraud attacks, organisations require accurate, dynamic fraud detection that’s smart enough to distinguish between good and bad activity, even when fraudsters use evasive tactics or when trusted customers log in on a new device or change their behaviour.
Customer security a challenge, but identity verification largely manual
Customers expect their accounts to be secure, and it is incumbent upon IT leaders to provide the best protection possible.
The research investigated some of the biggest challenges Australian IT leaders face today around risk and fraud and many are associated with account management. Seventy-six percent of Australian organisations still see phishing as the biggest challenge around risk and fraud.
Similar to phishing, other social engineering attacks were cited as a challenge for nearly half (49 percent) of IT leaders.
Fake messaging such as “sign in to receive a prize”, or “you have been locked out of your account, sign in to regain access” can be used to harvest customer account details and should be mitigated with better controls.
In fact, the study found one in three respondents see insufficient access control policies as a challenge, and a further 27 percent are not happy with the level of real-time insights on suspicious user activity they get.
The iTnews research is clear – many risk and fraud challenges relate to CIAM and there is a good opportunity for Australian organisations to improve their capability while increasing security.
While IT leaders are aware of the challenges with customer account management, the research uncovered significant shortfalls with how identity verification is performed.
A high 71 percent of customer identity verification capability is still manual or missing entirely, and this includes 27 percent of organisations which have no identity verification capability.
The research also investigated what customer access control measures are currently in use, and it was no surprise to see passwords on the top of the list with 90 percent penetration.
Another account security tactic of interest is passkeys. One in five IT leaders are interested in passkeys and a further 17 per cent are interested in offering authentication across a number of channels. However many IT Leaders are concerned that Passkeys allow users to share a private key across multiple devices.
Regarding social logins which allow customers to use the credentials from a social network (e.g., Facebook, Google) to access digital services, most (59 percent) IT leaders have no need for social logins; however, around one in five would like to use social logins, but are not happy with the risk they bring.
Awareness in better CIAM solutions growing
While CIAM is not yet widely deployed, the research found awareness is growing with a high 63 percent of IT leaders now more aware of the need for CIAM thanks to recent, high-profile data breaches.
This increased awareness is in line with how IT managers view the benefits of CIAM, with more than 90 percent believing CIAM does support business objectives, including improved security and customer experience.
More than one in three also believe CIAM can help control access for external parties, including contractors. With remote and hybrid working here to stay, third-party access management is now a fundamental part of security operations.
With CIAM available as-a-Service, Australian organisations can strengthen customer access control to their portfolio of digital services and improve operations while taking advantage of passkeys and social logins with confidence.
Stay ahead of the game with the evolving tactics of hackers, especially in account takeovers (ATO) and bad actor account creation. Implement early detection and response strategies to mitigate the risks. Learn more.
iTnews and Transmit Security surveyed over 100 IT leaders to understand the significance of effective access management and its transformation with the emergence of diverse access control options. Read the report and infographic.