I thought it's high time to speak of multichannel security.
Channels
Let's look at channels
1. Web
2. Mobile
Accepted by most...
There is more though.
3. ATMs (in case of banks)
4. Kiosks (in case of governments mostly)
5. Voice (in case of helplines for services like telecom)
.
.
.
Wait... There's more...
What about personal interactions and paper forms???
What about social media which can be from both web and mobile (kaching app in Facebook by commbank)???
What about the good old letters you (still) receive for credit line and mortgages( the ones that still work according to law of the land)???
It's endless...
So basically multichannel is too large a word to use...
Hmm now there is some concern about security...
People who solve the issue on multichannel are predominantly the ones solving the the first 2.
Why???
And why not the other channels???
Simple... They don't figure in the key initiatives in the 21st century. That's play of words.. Or craftsmanship. But the problem is real...
Multi channel is a truth of this century and there is innovation and solutions all over the place to solve this one-word issue. But it is just too large a problem to solve just by point products.
The answer lies in the way technology evolves and consolidates.
It evolves in all directions... And consolidates in one direction...
It evolves in all directions driven by innovation and consolidates in one direction driven by effectiveness...
What is the only commonality from which we can at least guess the effectiveness while we speak? By the way there is only one thing in common to all the channels. That one is the actual person who is interacting.
So how to solve this puzzle?
Identity context or identity in relation to the context of usage.
E.g. Banker selling shares for his
Private client. Identity context could be consent from client and also the bankers qualifications and limits to do so in his bank.
If you are not able to enforce this, this may be a compliance liability or defacement for you.
Customer care extracting credit card details and then planning his vacation. You could limit the visibility of your customer care based on roles. Pure law abiding challenges...
How are you equipped to do this.
Maybe...
By starting to use a source which can hold this in the first place rather that just depending upon profile (identity 1.0)...
And then...
Secondly by finding a solution that can flag off this problem for you.
This has to gel well with your apps and dev-ops strategy.
No need to worry too much anyways...
Take a deep breath and understand the risk you carry because you lack information in each channel of interaction and then prioritize on capturing and enforcing them.
Products can solve the rest of the jigsaw puzzle. Trust me. This is equivalent to reaching Mars with men...
Capture what is required.
What is required is based on what business you do.
It could be the ones you want to avoid while doing business, like storing unnecessary information.
Or, it could be those you could make use of, like providing ease of use for customers, monetizing on what you have (telcos are on a spree these days)
But don't be limited by the ways you can collect it. You could collect it from social media through social login or big data and many more ways.
You have to see whether you have a platform that can provide you 2 thinks
1. Decision point
This may well be a central policy repository you can refer to. Just thoughts...
2. Enforcement point
Where this is enforced so that you are not dependent on your yearly report to find you have done according to the policy decision point. You have all the vendors lined up for this...
Pick a solution that works for these 2 scenarios and you are safe for another 5 years 😊
Do comment if you object or want to add on...
No comments:
Post a Comment