Why partnerships between the CDO and CISO strengthen your brand

Brand loyalty is built around trust. Data breaches, especially those involving stolen credentials, are a big detriment to that trust. The Ponemon Institute estimated the average cost of a data breach at $3.88 Million in 2020 for the business, and immeasurable for the user. It’s likely consumers used the same credentials on other sites resulting in hours of changing their logins across the web. Customers remember that tedious process.

The offices of the Chief Information Security Officer (CISO) and the Chief Digital Officer (CDO) have the biggest part to play in protecting consumers perception of a brand, but they couldn’t be more opposite in their objectives and operations. CISO’s are tasked with keeping the unknown users out. Their primary focus has been making sure internal users such as employees, contractors and vendors are properly vetted and authenticated. CDO’s are seeking to invite as many unknown users (prospects) in as they represent new business. Having said that, what would happen if the CISO and CDO partnered more closely to protect those unknown users (prospects) and improve their online experience?

CISO’s know how to secure the enterprise and in particular implement policies such as multi-factor authentication (MFA). MFA is the process of combining multiple methods of authentication such as something you know, something you have and something you are. This requires users to perform actions in addition to supplying a username and password to authenticate. MFA can be very difficult on the end user and harder to support from a help-desk perspective. Employees are often prompted to perform MFA and unfortunately are never given the option for another form of security.

CDO’s know how to give visitors the best experience possible. They will put off the user registration requirement as long as possible. This typically means creating a guest process that avoids the dreaded creation of a username and password, especially when an upwards of 34 percent of online customers abandon their shopping carts during this process. The backfire hits for returning customers when they will have to supply the same information again - deterring them from a quick buy.

Imagine what would happen if the CISO and CDO sat down one day and decided to combine their knowledge to build a simple and secure authentication process. CISO’s would share with CDO’s all the authentication technologies available. This would include biometrics and mobile authenticators. CDO’s would have the knowledge to seamlessly integrate them into their online applications. You might end up with something radical like ‘passwordless’ registration and authentication.

Exploring authentication without passwords a bit further, the CISO’s job of protecting the enterprise from the unknown gets easier as there is no longer a repository of passwords to keep safe. The online user feels safer to visit your online presence because no passwords immunizes them from phishing and malware built to steal passwords. The CDO dramatically improves the user experience and likely gets a registration process that is as easy as the guest process. The advantage allows user to quickly return without re-entering the same data.

Consumer trust is integral to any brand and important to everyone across the business. Business leaders are deeply aware of the impact of a security breach on consumers trust. When CDO’s and CISO’s partner together they can build the best defense, and experience, for their company and customers. The end result is an online experience that keeps users coming back.

Joe Skocich is VP of Global Sales and Marketing of Identité.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.