Why partnerships between the CDO and CISO strengthen your brand

August 13, 2020

Brand loyalty is built around trust. Data breaches, especially those involving stolen credentials, are a big detriment to that trust. The Ponemon Institute estimated the average cost of a data breach at $3.88 Million in 2020 for the business, and immeasurable for the user. It’s likely consumers used the same credentials on other sites resulting in hours of changing their logins across the web. Customers remember that tedious process.

The offices of the Chief Information Security Officer (CISO) and the Chief Digital Officer (CDO) have the biggest part to play in protecting consumers perception of a brand, but they couldn’t be more opposite in their objectives and operations. CISO’s are tasked with keeping the unknown users out. Their primary focus has been making sure internal users such as employees, contractors and vendors are properly vetted and authenticated. CDO’s are seeking to invite as many unknown users (prospects) in as they represent new business. Having said that, what would happen if the CISO and CDO partnered more closely to protect those unknown users (prospects) and improve their online experience?

CISO’s know how to secure the enterprise and in particular implement policies such as multi-factor authentication (MFA). MFA is the process of combining multiple methods of authentication such as something you know, something you have and something you are. This requires users to perform actions in addition to supplying a username and password to authenticate. MFA can be very difficult on the end user and harder to support from a help-desk perspective. Employees are often prompted to perform MFA and unfortunately are never given the option for another form of security.

CDO’s know how to give visitors the best experience possible. They will put off the user registration requirement as long as possible. This typically means creating a guest process that avoids the dreaded creation of a username and password, especially when an upwards of 34 percent of online customers abandon their shopping carts during this process. The backfire hits for returning customers when they will have to supply the same information again - deterring them from a quick buy.

Imagine what would happen if the CISO and CDO sat down one day and decided to combine their knowledge to build a simple and secure authentication process. CISO’s would share with CDO’s all the authentication technologies available. This would include biometrics and mobile authenticators. CDO’s would have the knowledge to seamlessly integrate them into their online applications. You might end up with something radical like ‘passwordless’ registration and authentication.

Exploring authentication without passwords a bit further, the CISO’s job of protecting the enterprise from the unknown gets easier as there is no longer a repository of passwords to keep safe. The online user feels safer to visit your online presence because no passwords immunizes them from phishing and malware built to steal passwords. The CDO dramatically improves the user experience and likely gets a registration process that is as easy as the guest process. The advantage allows user to quickly return without re-entering the same data.

Consumer trust is integral to any brand and important to everyone across the business. Business leaders are deeply aware of the impact of a security breach on consumers trust. When CDO’s and CISO’s partner together they can build the best defense, and experience, for their company and customers. The end result is an online experience that keeps users coming back.

Joe Skocich is VP of Global Sales and Marketing of Identité.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

Why partnerships between the CDO and CISO strengthen your brand

Related Articles

Report Abusive Comment