Customers today can be fickle and impatient when it comes to doing business on a company's website or app. Once they get a taste of lightning speeds, easy transactions and the newest mobile capabilities from one business site, they expect it at every web and mobile interaction. If you're not keeping up, you're out of the game. This is also true when it comes to registering or signing on to an application. Customers want sign on to be easy and seamless, but still expect their information to be secure.
On the flip side, companies with lax identity security face dire consequences. If your business falls victim to a customer data breach caused by stolen usernames and passwords, be prepared for the inevitable uphill and expensive climb toward regaining customer trust.
Neiman Marcus, TaxSlayer and Alibaba have all felt the sting with their e-commerce sites. In December, hackers attempted to access Neiman Marcus customers' online accounts. The retailer said that it suspects this attack was related to large breaches at other companies where usernames and passwords were stolen, and that the thieves were banking on the fact that many consumers use the same username and password at several sites. The same thing happened to TaxSlayer. The online tax preparer announced in January that an unauthorized third party, whom they believe obtained username and password from another online service, may have accessed TaxSlayer accounts between October and December. About 8,800 customers had to be notified.
Alibaba's problems were much bigger. Hackers in China used a database of 99 million usernames and passwords stolen from other websites to target its Taobao shopping site and found that more than 20 million of the username/password combinations also worked for Taobao.
You can't control your customers' bad password habits (although password education does work), but you can improve security and mitigate risk with single sign-on. Many companies begin by using basic SSO as a way to provide customers with a high-quality experience when accessing their data in-house. Today, with so many apps and access points, most companies need to go a step further to federated SSO, which extends the SSO experience to all applications with the flexibility to add new apps and offerings as the business grows.
Why Federated SSO?
Federation allows a user to establish a relationship of trust just once, and then that authenticated session allows the user to access all of the applications they're authorized to use. For federation to work, a trusted relationship between an organization and an external third party, such as an application vendor or partner, must be established through standard protocols.
To authenticate users today, many companies use what's called password replay, a process that stores and forwards usernames and passwords from one application to the next. Federated SSO uses identity standards like SAML, OAuth, OpenID Connect and SCIM to replace passwords with signed assertions or tokens. These standards securely transmit user access and provisioning information while safeguarding web and mobile applications, as well as the APIs that support them.
Zebra Technologies knows the value of federated SSO. Employees, partners and customers were reporting poor sign-on experiences largely because their Oracle Access Manager wasn't providing federation for several internal and mobile apps. The company deployed Ping Identity's SSO, multi-factor authentication, access management and directory solutions, giving customers, partners and employees a seamless sign-on experience, centralized policy and access control for all apps. The solution helped Zebra meet the SLA requirements of its major customer, Walmart, with 15,000 sign-ons in under five seconds.
In a nutshell, SSO is the first step in helping companies meet their customer experience goals. It strikes the right balance between security and usability, delivering a seamless access across offerings, a rich mobile experience and frictionless commerce--all the makings of a happy (repeat) customer.