Role of Security in Customer Centric Environments

Sanjay Deshpande, CEO & CIO, Uniken Inc

Given the growing use of digital channels by consumers, it has become critical for businesses to craft the most relevant, compelling and consistent customer experiences across all devices and platforms to build enduring relationships with their customers.

Customers today like to access applications, make purchases anywhere and at any-time. In a digital scenario, security, speed and access are of paramount importance. Commercial transactions require businesses to provide infallible security which otherwise impacts customer satisfaction and the company’s bottom line while customer centricity demands security to be transparent to end users. Providing ubiquitous access poses enterprises with the challenge of providing airtight security and makes it imperative for them to have a well-planned security strategy across all devices and platforms.

For example a bank,  uses multiple channels to offer its banking services – branches, ATMs, phone banking, internet banking and mobile banking. Of these, the Bank can have absolute control on the banking environment and security for all channels except internet and mobile banking – the channels using public communication infrastructure. Though these two channels offer highest convenience to the consumers, these are also susceptible to numerous un-organized as well as sophisticated attacks.

The underlying public internet security technologies have been time and again proven to be insecure, with banks being a regular target of phishing, Man-In-The-Middle, and other attacks. A recent report by RSA pegged the loss in India from phishing attacks at USD225 million.

This raises a pertinent question for both enterprises and their customers – should they conduct their transactions on a public internet that is broken from a security and privacy perspective?

There is a compelling need for a private network that will provide banks with better control, simplified infrastructure and cutting edge security without disturbing the user experience. The private network must be accessible only to authorized end-points and users. We typically see this with corporate or enterprise networks (e.g. Intranets or VPN-IPsec based extranets), where the entire infrastructure is privately owned and operated, thereby ensuring this level of security.

However, the current technologies that enable creation of private networks are not scalable beyond a few thousand end-points, plagued by prohibitive costs of expansion as well as serious performance limitations.

The answer is to be able to create a scalable private network without adding additional end user disruptions. For instance, banks should be able to provide a security infrastructure which inherently ensures security to end-users and helps banks ensure that their assets are accessible only to their registered customers, to conduct secure banking transactions in an environment that is secure, with content that is regulated and guarded.

It’s time the global technology fraternity looked at creating such alternative Internet-working architectures rather than continuing to act in a reactive manner to the ever increasing cyber threats.