deliver secure, new business services in a multi-channel...
TRANSCRIPT
Deliver Secure, New BusinessServices in a Multi-ChannelCustomer Environment
SOLUTION BRIEFCA IDENTITY, ACCESS AND API MANAGEMENT
Healthcare Security Solutions:Protecting Your Organization, Patients, And Information
DRAFTSOLUTION BRIEFCA DATABASE MANAGEMENT FOR DB2 FOR z/OS
CA Identity Suite provides centralized approach to
secure customer facing multi-channel business.
Consistent identity management, authentication,
authorization and federation capabilities can be
leveraged across web applications, services, and native
mobile applications to enable business in a manner
that helps secure both the organization’s and
customers’ data.
Executive Summary
3 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT ca.com
ChallengeCustomers are embracing new technologies and their expectations are changing rapidly in today’s connected world. They want to interact through a variety of applications, at any time and from any device. Banks, retailers and many other consumer facing organizations are racing to enable new interaction channels to innovate, grow their business and improve customer loyalty. As they expand online services and add mobile and social media interactions there is an increasing need to both secure and coordinate these activities. The key challenge is to deliver innovative new applications and services quickly and to provide an excellent customer experience across multiple channels.
OpportunityCA Security solutions provide an integrated approach to enabling and securing multiple channels of customer interaction. This suite of solutions includes identity management, access management, advanced authentication, federation and API management in a centralized and scalable format that improves engagement throughout the customer lifecycle. One security policy can easily be applied to multiple channels to provide consistent protection and a predictable user experience. This coordinated approach to identity and access security both speeds time-to-market and reduces ongoing support costs.
BenefitsA centralized approach to identity, authentication and access management across both traditional and new channels of customer interaction helps provide a consistent and positive user experience. Having a flexible and scalable IAM solution in place can also accelerate time-to-market with innovative new services. The combination of being quick to market with new services and having a great user experience is a good recipe for increased adoption and customer loyalty.
ca.com4 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT
Section 1: Challenge
Provide Multiple Channels of Customer Interaction SecurelyConsumers are quickly being won over by the timeliness and convenience of online and mobile interactions. The proliferation of laptops, tablets and smart phones and the wireless access that enables them, has opened up many new avenues of customer engagement. For the sake of this discussion we are going to refer to different interaction methods such as web and mobile as “channels”. Customer facing organizations are racing to deliver a variety of online services and applications to increase revenue, better engage their customers and differentiate their offerings. In a survey, Quocirca asked 337 organizations about the leading motivators for extending network access to external users. Figure A shows that the common themes are customer enablement and increased revenue as depicted by the top two items: to transact directly with customers (87%) and improve customer experience (75%).1
At the same time, prospects and customers are a fickle, non-captive audience that is very sensitive to cumbersome registration or security processes. They reward organizations that simplify interactions, provide new services quickly and reach them where and when it’s appropriate. This highlights three key initiatives for organizations trying to succeed in delivering secure, new business services in a multi-channel environment: improve customer engagement, accelerate service delivery and externalize the core business.
Figure A.
Motivators for opening networks to external users
To transact directly with customers
Attract new customers
More integrated supply chains
Improved partner loyalty
20% 40% 60% 80% 100%
Improved customer experience
Improved services to partner organizations
To engage with customers via mobile apps
Increase business with existing customers
33%
40%
34%
35%
33%
34%
34%
54%
42%
37%
36%
31%
27%
23%
21%
Secondary benefitMajor motivator
33%
ca.com5 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT
Improve Customer EngagementThe overall customer experience is a major driver of customer acquisition and retention in the online space, so it’s important for organizations to simplify prospect/customer onboarding through lightweight or social identity enabled registration. Once registered, the customer needs to access a variety of applications and services with the least amount of friction possible while maintaining the risk appropriate level of security.
Business and marketing groups require a better understanding of user behavior across channels and would like to enable self-service processes to both empower end-users and reduce support costs.
Accelerate Service DeliveryTime-to-market can be a powerful advantage in highly competitive consumer markets and innovation helps build a brand while strengthening customer loyalty. Identity assurance and access security are critical requirements for online services that contain sensitive customer and organization data and are being accessed by remote users. Building these security elements into each new application or service slows the development and quality assurance processes and thus slows time-to-market. Extracting security related development tasks and implementing consistent yet flexible security policies benefits both time-to-value and provides a better user experience.
Externalize the Core BusinessThe digital world is a connected space where people want to consume information and transact in a variety of ways. Many organizations are struggling to expose valuable data, tools, processes and transactions in all of the right places and formats. They need to expand their online presence from just web apps to services, content and data that can be accessed and monetized everywhere: cloud, mobile and the “internet of things”. They want to easily expose and manage APIs for this growing number of services to capitalize on new business models, distribution channels, developer communities and supply chains.
Most consumer facing companies already have a set of online services including web and mobile applications, but because of acquisitions or the fact that different departments drove the projects, they find themselves with a variety of identity and access security methods. As the marketplace and competitive pressures drive the addition of even more online services, a continuation of a fragmented approach will further erode the customer experience, inflate maintenance and support costs and make it impossible for the organization to have a cohesive view of customer activity.
More sensitive information and transactions are being made available via online channels and thus, digital identity and security become more important considerations for both the organization and their customers. While the potential is great to solidify and grow the customer base by utilizing these new interaction methods, there are additional risks as well. The news is full of stories about data breaches, stolen passwords and identity theft, all of which can diminish consumer trust and have a serious impact on the company’s brand.
The ultimate challenge is to provide a great user experience across channels, deliver innovative new services quickly for competitive advantage and extend services to reach prospects and customers in new places.
ca.com6 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT
Section 2: Solution
Customer-focused Identity and Access Management: Enabling New Interaction Methods SecurelyModern consumer channels like online, mobile and social are widely used for consumer interaction and transactions in many sectors, such as banking, retail and insurance. A multi-channel approach enables maximum exposure to consumers in different demographics and also a cheaper way of doing business, compared to traditional means of interaction such as in-store shopping or branch banking. With the majority of new customer interactions being remote, identity and access management becomes the cornerstone to security, privacy and the correlation of activities into business and marketing intelligence.
Security is a key element in a multi-channel business, and it plays a dual role. It is required for improved compliance and risk management, but it also can serve as a powerful business enabler. Strong security, as well as the reputational benefits it can provide, can create consumer trust and brand credibility that will encourage your customers to leverage additional, more cost effective channels.
Consumer-focused IAM can play an important role across the entire customer lifecycle and across multiple channels. Starting at the beginning of the customer journey when potential prospects “like” your brand or products on social sites, there is an opportunity to convert these friends into identifiable prospects and customers. The emergence of social media has provided an excellent way for many organizations to identify legitimate prospects, but they can’t effectively market to them unless they register or share some personal information. The traditional online registration forms result in a high abandonment rate and many missed opportunities, so organizations are looking to enable prospects to register easily using their existing social identities. It’s simple for the user and provides the basic information necessary for the organization to create a new identity and begin targeted marketing to the prospect or customer. This process can be enabled by identity federation capabilities that are part of a multi-channel IAM solution. Once the user is logged in there are many ways that a centralized IAM solution can improve the customer experience through single sign-on (SSO) across enterprise and cloud-based applications and federated SSO to partner sites when necessary. As the relationship strengthens and the user needs to access more sensitive information or conduct transactions, it is important to be able to do risk-based evaluations and to provide consumer friendly forms of strong authentication.
Key RequirementsFrom a business perspective a multi-channel IAM solution should:
• Enable simple and user friendly interactions and transactions across multiple applications and devices
• Provide the flexibility to quickly adjust to new marketplace trends or consumer habits
• Enforce the necessary security with the least impact possible to the user experience
• Be easy to manage and offer centralized controls across channels
• Provide high scalability and availability for critical customer-facing business services
ca.com7 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT
From an IT or security perspective a multi-channel IAM solution should:
• Provide a single source of identity management
• Manage sessions from multiple channels in one system
• Deliver common security policies across multiple channels
• Utilize common authentication methods across channels to simplify the experience and provide consistent security
• Enable single sign-on to on-premises and cloud-based applications
• Provide seamless federation to cross domain or partner applications and services
• Include a user directory that can efficiently scale to tens of millions of users
• Enable automated provisioning and access requests to applications and services
EngagementConsumer-focused IAM can improve customer engagement throughout the customer lifecycle, starting with the initial interaction and registration. Identity federation can be leveraged to accept social identities and risk evaluations can detect suspicious interactions, create device IDs and track initial behavior patterns. During the online relationship it is important to provide single sign-on to both enterprise and cloud-based applications as well as federated SSO to partner site and services for good customer engagement. More sensitive content and transactions require consistent yet flexible authentication across applications and devices, and should leverage transparent risk-based evaluations to reduce the opportunity for inappropriate access and fraud without disrupting the user experience.
AccelerationOne way that organizations can accelerate application or services delivery is to leverage a centralized, customer–focused IAM solution to extract a broad set of security processes from the development process of each application or service. Simplifying identity and access tasks across application/service types (mobile, web, cloud) and user groups provides more consistent security, a better customer experience and reduced administration costs.
ExternalizationIntegrated web services security and API management can help an organization expose valuable data and interactions that are currently stuck in internal legacy applications. Packaging functionality in an easily integrated format can enable customer engagement at new places, open up new channels and extend brand awareness.
ca.com8 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT
Solution ComponentsCA Identity Suite provides a modular solution for multichannel business enablement and security that includes the following key components:
• Identity Management – It is important to have a centralized and highly scalable system to store and manage the high volume of consumer digital identities, their attributes and the services they are authorized to access. This solution includes self-service functionality including the ability for users to change their own password and update profile information. Automated functionality like this can improve the end-user experience, and reduce the operational costs by providing the consumer with more control over their identity.
In a complex environment, where several brands or business units operate under the same organization, there are benefits to centrally managing all digital consumer identities: clearly a centrally deployed solution is more cost effective, but it will also enable consumer identity correlation. This can simplify consumer behavior analysis across the entities for both security and marketing purposes. Business insights, analysis and commercial planning are easier at multiple levels when all identities are centrally managed.
• Advanced Authentication – Traditional userID and password authentication may be okay for baseline access but flexible, strong authentication methods should be applied as appropriate to provide additional security for higher risk applications or transactions.
Advanced Authentication and Single Sign-On solutions from CA Technologies are consumer friendly and software-based. It can easily scale to millions of users and it doesn’t require the logistics or distribution costs required by hardware-based solutions. It can be deployed quickly, is easy for customers to use, and provides cost effective maintenance and replacement methods. Patented key technology provides unique protection from dictionary or brute force attacks. Authentication credentials can be utilized for web applications as well as mobile browser access and can be embedded in native mobile applications. Out-of-band authentication methods including SMS, email and voice can be easily deployed for registration/enrollment as well as step-up authentications when necessary.
Risk-based evaluations check a wide range of contextual factors to detect suspicious behavior in realtime without interfering with the user experience. When higher risk situations occur a variety of stronger authentication can be enforced to further prove the user’s identity or verify transactions to reduce fraud. Device identification provides additional identity assurance and can be utilized to enforce rules for specific device types. Risk evaluation rules can be set-up once, managed from a common console, and applied to multiple channels to provide a consistent level of security and a predictable experience for customers. This coordinated approach is also easier for an organization to manage and support.
• Access Management/Single Sign-on – Centralized access management that enables basic user authentication and single sign-on, policy-based authorization and auditing is critical to providing a good customer experience across applications and channels. In a complex multi-channel landscape, web single sign-on enables consumers to move from one web site or transaction to another, smoothly interacting with other applications or external sites along the way. Deploying a central access management solution in a multi-channel landscape eliminates the need to develop an access management layer for each of the channels and systems involved. Therefore it can accelerate the deployment time of new consumer services and reduce the total cost of ownership. Being able to access multiple directories for identity information and having centralized session logs for users across many channels improves security and can provide valuable business and marketing intelligence.
ca.com9 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT
• Federation – Many times a good overall customer experience may include the need for customers to access sites, services and transactions across domains within the organization or with business partners. Federation enables the quick establishment of online trust relationships. Seamless navigation across a variety of domains can help provide a more complete user experience which can increase revenue for both the host organization and partners. Federation solves one of the challenges in monetizing social media—how to bring consumers from a social media page to your business and commerce environments where transactions can be processed. Long processes, waiting times, or required forms to move from one environment to the other will lead to much higher abandonment rates and thus a lower volume of qualified prospects and customers. The user experience should be quick, simple and almost seamless, which is one of the key benefits provided by identity federation. For SaaS providers, federation is critical to effectively scale and support many tenants without having to house and manage all the tenants’ users and identity attributes.
• API Management and Security – APIs are a key element to enable today’s cloud, mobile and complex composite applications. As the number of business services with APIs expands rapidly it is important to have an efficient way to open APIs to partners, developers, mobile apps and cloud services in a secure and scalable way. The gateways for API, mobile, SOA and cloud, combined with supporting software like the OAuth Toolkit, enable organizations to securely and easily open up applications. The API Portal helps build a developer community by providing functionality for onboarding, engaging, educating, managing and even monetizing developers. This coordinated set of capabilities makes it easier to extend your online and mobile footprint and leverage new routes to market.
Identity andAuthentication
Across Channels
Mobile BrowserOnline, Web Access
Social Media Mobile Applications
Better Customer Experience• Social Media Integration• Cross Channel Activity Learning• Transparent / Step-up Authentication
Support Business Innovation• Quick Time-to-Value• Accelerate Loyalty Programs Initiatives• Accelerate Big Data Initiatives
Lower Cost of Ownership• Lower Consumer Helpdesk Cost• Single Security Policy• Cloud Deployment Model
Figure B.
CA Technologies offers a robust set of identity and access management capabilities to better engage customers, enable innovation and reduce support costs.
ca.com10 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT
Together these capabilities can help support and secure customer activity through a variety of channels while improving the customer experience and lowering the overall cost of security and support. (Figure B)
A common use case related to federated identities in a multi-channel environment is social sign-on with step-up authentication required when necessary. An e-commerce site may trust social identities to provide easy and smooth access to the “offers of the day” page on the site. For this type of activity with low associated risk, a federated identity from a third-party trusted source is good enough. But, when a more risky transaction is about to be executed, such as redeeming loyalty program points, you may want to escalate the security controls and step up the authentication to a higher trust model leveraging flexible advanced authentication features.
This scenario (Figure C) is made possible by combining several capabilities mentioned above: federation capabilities enabled a trust model with social media, advanced authentication methods were used when a higher level of trust was required, and the access management layer was the one orchestrating it all, with a policy-based engine capable of deciding when to use each kind of authentication and what level of access was appropriate.
Cloud Delivery ModeCA Technologies also provides identity and access management capabilities as a hosted cloud service. This allows you to quickly obtain security capabilities without having to deploy or manage a large IT infrastructure typically associated with on-premises implementations.
Services for advanced authentication, single sign-on/federation and identity management allow your organization to reduce security risk while providing a positive user experience. These services are hosted and supported 24x7x365 by CA Technologies. High levels of assurance are provided because services are set up and maintained by fully trained product experts. These cloud-based services can be adopted independently, integrated with one another or deployed in a hybrid model with a variety of on-premises security solutions from CA Technologies. And as a cloud service, you pay for only what you need while maintaining your ability to grow your services as your business requires.
Use Consumer Identity for initial customer acquisition and low risk transactions
Sign in with stronger credentials when needed for high value transactions
• Simple new user registration increases sign up rate• Collecting identity attributes allows for immediate personalized marketing• No sign-in for loyalty balance viewing and other simple transactions increases visits
Figure C.
Leverage social identities to improve the customer experience, increase registrations and facilitate low-risk activities.
ca.com11 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT
“The availability of IAMaaS has brought access to enterprise IAM capabilities within reach of smaller organisations and, for larger organisations with legacy IAM and directory systems, IAMaaS can provide them with the agility to embrace all these opportunities through integrating them into a hybrid system. This has led to a rapid growth in the use of IAMaaS either as the sole way a business deploys IAM or as part of an on-premise/on-demand hybrid deployment.”Quocirca: “Digital Identities and the Open Business”, Feb 2013
Section 3: Benefits
Identifying Key BenefitsProviding a high quality customer experience across multiple channels is a difficult challenge but when it’s done in a coordinated and secure fashion, it can be a strong differentiator. Aggregating a user’s multiple identities in a single account and creating a consolidated view into the account’s activities provides better business insight and enables targeted marketing. A higher initial adoption rate and increased loyalty are the benefits from engaging customers in a consistent, intuitive and secure manner. In this dynamic space it is critical to have a flexible infrastructure that can help get new innovative services to market quickly for competitive advantage. Delivering services to new places and facilitating the use of your services by partners and developers can open new routes to market and expand your brand awareness.
CA Technologies offers an IAM solution that can support business innovation across channels and allow organizations to:
• Accelerate the time-to-value for new customer-facing applications and services
• Deploy a centralized security solution that covers a broad range of identity and access management challenges and can reduce the total cost of ownership and administration overhead
• Address different types of consumers and provide them the appropriate security measures and a consistent experience across channels
• Establish collaboration and federation with other businesses, including the social web
• Select the right delivery mode whether it’s on-premises, hybrid or from the cloud
ca.com12 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT
“Having an IAM system in place is now seen by many businesses as essential to achieving a wide range of IT and business goals. Primary amongst these are the opening up of more and more applications to external users, the growing use of cloud-based services and the rise of social media. The ultimate aim is to nurture new business processes, thereby finding and exploiting new opportunities. The number of businesses that have deployed IAM has increased dramatically over the last four years.”Quocirca: “Digital Identities and the Open Business”, Feb 2013
Section 4:
ConclusionsCA Security solutions help organizations grow their customer base and increase revenue by enabling them to get new online applications and services to market quickly, securely and in a user convenient manner. Our customer-focused identity and access management solutions can help you leverage the growing opportunities in cloud, mobile and social media. You can improve time-to- value by centralizing identity and access security across all areas (web, mobile and cloud). Our solutions help you improve customer engagement by providing a convenient and simple experience via transparent strong authentication, single sign-on, and by better leveraging APIs and existing social identities—resulting in new revenue opportunities and improved customer loyalty.
• More than 2,000 organizations worldwide trust CA Technologies to help them with identity and access management security, including 12 of the top 15 commercial banks (based on Fortune magazine 2014 listings).
13 | SOLUTION BRIEF: CA IDENTITY, ACCESS AND API MANAGEMENT
Copyright © 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document “as is” without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised in advance of the possibility of such damages. CA does not provide legal advice. Neither this document nor any software product referenced herein serves as a substitute for your compliance with any laws (including but not limited to any act, statute, regulation, rule, directive, standard, policy, administrative order, executive order, and so on (collectively, “Laws”)) referenced herein or any contract obligations with any third parties. You should consult with competent legal counsel regarding any such Laws or contract obligations. CS200-87139_1214
1 Quocirca: “Digital Identities and the Open Business”, Feb 2013
“Those organizations that lack effective IAM are likely to lag behind their competitors in many areas as more and more business-to-business (B2B) and business-to-consumer (B2C) transactions move online, cloud services become the mainstream source of IT applications and services for many businesses and social media takes center stage as a source of identity. IAM has moved from a security tool to become a business enabler”Quocirca: “Digital Identities and the Open Business”, Feb 2013
CA Technologies understands your business challenges and your need to quickly go to market with new, innovative and yet secure consumer-facing services across channels. Our security solutions can help enable business and extend reach, while reducing the overall risk of deploying and operating a multichannel business.
CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate – across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com.
Connect with CA Technologies at ca.com