Ever more organizations are cooperating with other companies: open innovation benefits these partners and their customers. Bringing different ideas together spurs innovation. Combining services offers customers a one-stop-shop. To make this happen, applications from different enterprises need to be linked together and exchange data, sometimes of a sensitive nature. Identity and Access Management (IAM) is key to ensure trust towards the customer and between the different partners. Being able to set up these connections with third-party services swiftly and securely is essential to stay ahead of the competition.
Read on to find out:
Today’s consumers expect impeccable quality, fast service, a smooth user experience and, above all, convenience. A brand that can bring together multiple, customer-centric services will always be favored over specific, ‘boutique’ offerings. Traditional businesses are being ‘Amazonized’ and are now looking for ways to expand their range of products beyond the commodity services of old.
Rather than developing these services themselves, companies continue to concentrate on innovating their own services, and bundling these with third-party applications to complement theirs. Leveraging external input and expertise, they can improve existing products and services and even come up with entirely new business models that meet and exceed customer expectations. For maximum convenience and user experience, all these services need to be offered through one common interface and with easy authentication. End-users should never see the back-office complexity or have to log in again when moving from one service to another.
APIs (short for Application Programming Interfaces) are sets of routines, protocols and tools that are used to build software applications. In essence, an API specifies how software components should interact. The overall collection of APIs and the way they interact with each other is often referred to with the term ‘microservices’.
Rapid changing ecosystems introduce new challenges: monolithic apps are often so large and complex, with millions of lines of code, preventing organizations from reaching the agility they need. Microservices typically contain a few thousand lines of code. By splitting these large applications into smaller microservices, they become easier to adapt as business requirements change. Rewriting microservices that are linked to just one business process or one transaction, is less complex than making changes to a monolithic application that holds an entire company’s business logic. Microservices are a perfect way to conduct new businesses and generate new revenue streams through an ecosystem.
APIs and microservices form the answer to the challenge that traditional monolithic applications pose.
As companies forge partnerships, they offer customers access to third-party applications through these APIs. This has given rise to an ecosystem of APIs and microservices that should not be exposed to the outside world, unprotected.
When applications exchange information, this needs to happen in a secure way: if banks are exchanging customer information with a third party, there need to be rules to define which third party has access to what level of customer information. The ability to control API access is the cornerstone of effective API and microservice security, and key to establishing trust in ecosystems. Customers will not want to leave their personal data in an ecosystem of applications if they cannot trust the companies behind the applications. In the case of a banking customer, the bank becomes the broker of trust for the entire ecosystem.
Identity and Access Management is the centerpiece in protecting an ecosystem. IAM will identify and authenticate users and, based on their access privileges, connect them to the services they have privileges to through SSO. When additional security is required, the IAM engine will use step-up authentication, for instance by requesting extra attributes.
IAM will also hide the complexity for the end-user: moving from one application to another in the banking app should be completely transparent, without asking the user to authenticate for each separate service.
Any industry can take advantage of building ecosystems. Consumers are looking for ease of use and one partner to fulfill as many services as possible. The travel industry and banking are probably furthest advanced in providing integrations with other partners.
When booking a flight directly with an airline, the airline will offer you an extra set of services that you can consider when you travel, for instance luggage insurance, which is still pretty close to the core business of the airline, but also other services such as car rental, hotel bookings or registration for day trips from your destination, concert tickets, etc.
Through their smartphone app, banks offer their own financial services and insurance products and add extra applications, such as travel tickets, buying petrol, concert tickets, utilities and even links to handyman services. Some banks even open up their applications to non-customers, attracting them with these non-financial services in the hope of making them a customer afterwards. Some banks will even offer price checking so that customers get the best conditions when using this bank account.
To offer a good customer experience, these applications need to be seamlessly integrated, and should work without asking the user for credentials for each different application.
The Payment Services Directive (PSD2) and the term ‘Open Banking’ are often used to mean the same thing, but there is a difference. PSD2 is part of European regulations that require banks to open up their data to third parties. Open Banking dictates that the exchange of data must happen in a standardized and secure manner. Both PSD2 and Open Banking are at the basis of the integration that we are currently seeing between banks and non-financial service providers.
Integrating with third parties can be quite lucrative for banks. For one thing, they can start acting as a one-stop shop to their customer. Imagine a family that wants to buy a house and checks out the bank’s app for mortgages. Wouldn’t it be perfect if the bank could not just offer the mortgage and insurances, but also find the best utility provider and a removals firm? And why not connect them right away with all the administrative requirements that come with buying a house such as connecting to a utility company or an internet provider. How’s that for customer experience? Secondly, banks could hypothetically monetize customer data by offering information to airline companies or even electronics web shops. Based on the spending pattern of an account holder, a bank could tell an airline what customers are open to buying upgrades, or electronics web shops about who can afford an 85-inch TV screen.
Trust is essential in making an ecosystem work. Identity and Access Management can ensure that the integrations with third parties cannot be compromised. API attacks have long stayed under the radar, but some recent high-profile breaches have made API security more prominent. TrustBuilder is your partner of choice when it comes to combining airtight security with customer experience.
The growth of companies depends not only on their ability to develop competitive products and services. Whom they partner with, how they integrate their respective offerings and how they secure the resulting ecosystem will be the defining criteria to achieve success. To maintain trust, an IAM platform that supports a maximum of standards, authorization methods and identity sources, is key. To react swiftly to market changes and expand the ecosystem faster than the competition, an IAM system that offers plug-and-play connections and a maximum user experience, is a must.
Engage in a chat with our product people to discuss IAM trends and challenges, and our solutions.
Take our Maturity Assessment to find out how you can accelerate your digital transformation.
Experience the power of TrustBuilder.io Suite through a demo, personalized to your challenges.
Visit our offices, send us a mail, call us, or simply fill out a contact form.