Patricia Alfheim
November 11, 2022

Identity first security and what happens next

Security is an important foundation - but don’t stop building there

Identity first security and what happens next

When most people think of identity and access management, they think of securing and protecting the user, system and data. It has traditionally been considered a defense mechanism and most IAM solutions are built for this purpose. 

Without a doubt, an identity-first security strategy is critical to ensuring the protection of your systems and data as identity remains the primary attack vector for cybercrime and has become the new perimeter to secure. 

However, only thinking about security when managing identity is missing out on a major opportunity. 

Security should be thought of as the floor - not the ceiling. 

Building upwards from security

While the industry continues to focus on its feet (and let’s face it, you need to get that foundation right), it’s time to look up and see what can be built on top of this solid and secure foundation. 

If we lift our eyes, we might notice that identity and access management is not a pure defense mechanism, but an enabling framework and can drive value across the business. 

Every customer interaction can be orchestrated and captured by an identity fabric, to drive value for your business and for your customer. 

Enriching this data with context and connecting it across products and systems, can reveal high-value hidden insights and improve customer experience.

Let’s take a look at a simple use case:

A leading retail group wants to enhance their customer retention and growth and drive a better customer experience through their loyalty program. 

Security: Users can download the loyalty app, onboard themselves and verify their identity with biometric face mapping.  Their PII data is separated from the data used to drive their experience and is only shared with the user’s consent. 

This authentication step not only protects the customer account from malicious actors, but with the decentralized data model - their PII is not stored in a centralized database and not shared with third parties. This offers a higher standard of privacy and security for the user, without losing out on personalized experiences. 

Experience enrichment: Now the user is securely onboarded, verified and secure, they are represented on the identity knowledge graph,  which captures contextual information as well as attributes to create a holistic view of the customer. 

As the customer customizes their experience, choosing which data they are happy to share, the graph expands and enriches, and creates new opportunities for value. 

For example, the user can choose to share their license plate to receive free-parking outside the grocery store,  connect their smart fridge for shopping lists, attach members of their family to their account to collect benefits - or even buy on their behalf with third party payment authorization, nominate other services/brands they are interested in to receive cross-sell offers, etc. 

In addition, the customer may wish to optimize their in-store experience, with on the spot discounts, notification of reduced items, or other personalized shopping. 

Level up: Now your customer has enjoyed a personalized and yet private experience in your loyalty app, you can use enriched data (user patterns, preferences, previous purchases, connections, etc)  to drive further value. 

This might include personalized cross-selling within your brand, flexible payment schemes, new services and new opportunities for mutual value creation. 

Greater insight - greater value

Loyalty apps have strived to offer personalized deals, discounts and recommendations for many years, but with identity data in the driver’s seat - a whole new level of insight opens up. 

With an underlying flexible graph data model, the data can become knowledge with contextualizaiton and enrichment available at scale. Apply machine learning techniques and you have robust data analytics capturing every interaction, mapping user connections and context and uncovering new ways to create value. 

All while offering better security and privacy than ever before. 

Want to learn more? 

Check out our webinar on Orchestration: privacy and consent in Web 3.0 or Get in touch.

Keep updated

Don’t miss a beat from your favourite identity geeks