Security is something that can positively or negatively impact the customer experience. This applies whether we are talking to external customers, such as consumers utilizing a website or application, or internal customers and stakeholders who need to align with organizational security requirements. There are considerations security teams should take to ensure that any friction their people, processes, and tools introduce are minimized, and are keeping the customer experience in mind. Failing to do so can lead to internal customers sidestepping the security teams and processes and external customers deciding to take business elsewhere.
Security for an Internal vs. External Customer Experience
If you’re either in cybersecurity or have had to work with cybersecurity teams, we all know the story. Internal teams work to avoid engaging with the cybersecurity team because they’re viewed as the office of no, a blocker, or a gate. This leads to rampant shadow IT and poor cyber hygiene across the enterprise, which ultimately can lead to less secure products or services for the customer.
On the external customer side, how many of us have had the painful experience of trying to enter painful captcha, click various images, tedious MFA scenarios, and more all to access a website or make a purchase. These scenarios can lead to customers deciding to go to another option that is easier to work with.
Security traditionally and in some cases, inevitably, introduces friction into the customer experience. That said, organizations should be keeping that customer experience in mind as they implement their efforts to secure a product or service.
For cybersecurity teams working with internal customers or stakeholders, this means integrating with existing processes and workflows and avoiding becoming a stage-gate or bottleneck. We see these sorts of efforts underway with the push for DevSecOps and the urge for security to integrate throughout the SDLC and with existing developer workflows.
For external customer experience, this involves making the user experience painless and smooth. This could be things such as passwordless authentication, SSO, and more.
Customer Data Collection
There are also opportunities for security to help influence what and how data is being collected from customers. We’ve all experienced a purchasing or consumer scenario where we have felt like we had to provide far too much information to conduct a purchase. While this information is potentially helpful to marketing and other teams, it comes with a cost as well.
Of course, there’s the obvious aspect of making the customer feel vulnerable and like they have had to disclose far more information than they wanted to, just to make a simple purchase. But this data also comes with a cost. This data must be securely processed, stored, and utilized.
Security teams have an opportunity to both minimize the aggregation of unnecessary sensitive data as well as ensure the data that is collected is properly secured, avoiding a security incident and subsequent data breach notification. All of this impacts how the customer perceives the organization and their interactions with it.
Implementing Proper Security for the Customer Experience
There is a flip side to this as well. Failing to implement proper security can also impact the customer experience—from expired SSL certificates/notifications, DDoS business interruptions, ransomware outages, or exposed customer PII leading to data breach notifications. The lack of security rigor can have implications for the customer experience with a specific service or organization. Security teams can strive to minimize the friction imposed on the internal and external customers and stakeholders while ensuring that fundamental security practices are in place that ensures a secure customer experience. Doing so leads to a competitive differentiation from your market peers and ultimately better organizational outcomes.