Guest blog written by Paul Rubens
Digital services give companies the power to interact with their customers in completely new ways. But there’s a catch: with great power comes great responsibility, and when it comes to digital services a key responsibility is to keep customer data secure. Customers expect it, and regulations demand it.
Fujitsu’s latest research report, Digital Inside Out, shows that the financial services industry leads the way in the provision of digital services, and perhaps that’s not surprising. Banks have years of experience keeping customers’ money secure, so it’s not a huge leap of faith to expect that banks and other financial services companies will also be taking appropriate security measures to protect customers financial data when they provide digital services.
But of course financial services companies aren’t the only ones offering digital services. The popularity of digital services continues to grow, and companies in an increasing number of sectors are starting to offer them. And that means in the coming months and years it’s inevitable that more data – and more types of data – will be exposed to security risks.
For example, the falling cost of network-connected sensors is giving rise to “the Internet of Things” – everyday objects that have network connectivity, allowing them to send and receive data without any human intervention. These objects include sports bands which collect data about the wearer’s activity levels and location and collates it on a web site, sensors that monitor the stock levels in vending machines and order refills automatically, or car components that report when they need replacing.
The potential to build digital services around the Internet of Things is enormous, but it will quickly involve companies in industries that are not steeped in the traditions of data security in the way that banks are. They will have to learn very quickly to ensure customers’ private or confidential information is to remain secure.
The problem for these companies is that the cost of getting security wrong can be very expensive indeed. A Ponemon Institute survey, Cost of Data Breach, found that the average cost of a security breach when customers’ information is lost is around £4 million.
It may be that for more obscure types of customer information these costs will be lower, but of course there’s the cost of loss of reputation to consider. Any company offering digital services that suffers a security breach may find it very hard to retain users of those services or recruit new ones.
One of the biggest challenges for digital service providers is authentication – providing a way for customers to sign in or log on to the service easily while preventing other people from accessing their account.
The problem is that there’s a trade-off to be made between security and convenience: if customers are made to jump through too many hoops before they can sign in and use a service then they may decide it is not worth the bother. Simpler authentication may lead to a better customer experience and greater service take-up – but only at the cost of putting their data at greater risk.
Most Internet users are prepared to tolerate the inconvenience of entering a username and password, although the level of security that this provides is moderate at best. But fewer are prepared to carry out an additional step – like entering a code generated by a security token – even though this “two factor” authentication provides much better security.
The good news is that authentication technologies that combine convenience with security are being developed. These include biometric systems that use the sensors (such as cameras, microphones and fingerprint readers) built in to many mobile devices to confirm the user is who they claim to be. And the FIDO Alliance is working to develop standards for convenient and secure authentication systems that don’t involve passwords.
So what do companies starting to offer digital services need to do security-wise to build their customers’ trust? The answer is probably to take things slowly. Launching a digital service with basic functionality and building it up gradually reduces the chances of security problems and minimises their possible impact.
That’s key because digital services will only succeed if customers trust them. And when it comes to security, trust takes time and effort to earn – but it can be lost in an instant.
Latest posts by Guest Contributor (see all)
- Derby College Group X Fujitsu: Upskilling the leaders of the digital age - October 14, 2021
- When rapidly responding to a disaster the best tech is unnoticeable - February 8, 2021
- D&I is the future – and businesses need to step up - May 11, 2020