Security is shifting even further ‘left’, away from developers and into the design thinking of CX and UX teams, writes Ping Identity’s Head of APAC & Japan Ashley Diffey.

For several years now, security has ridden a ‘shift left’ wave.

As its strategic importance rose, organisations recognised that security needed to be integrated into the software product development lifecycle much earlier, ideally in the conceptual phase of work.

When security testing of a product occurred too late in the process, bugs or other issues could derail product launch timeframes, or – worse still – not be easily addressable owing to earlier design decisions that security teams were excluded from participating in or having an opinion on.

This realisation has raised the profile of security considerations with coders. But they are traditionally not the party responsible for specifying the way an end user is intended to interact with the end product; they take that brief from a UX designer and translate it into the software.

Increasingly, organisations also now employ customer experience (CX) professionals and teams to create frictionless solutions and experiences for end users.

Given its potential to introduce friction if implemented sub-optimally, security is now becoming a key consideration and input into the design thinking of CX – in addition to UX – professionals.

This is also causing a rethink of how best to support CX and UX teams to create secure but still customer-centric experiences.

New Ways to Implement Security

The expansion of security into the CX and UX domains fulfills a desire for security to infiltrate more internal functions in an organisation such that it becomes everyone’s concern and responsibility.

Overall responsibility for security still rests with the central security team or function, but they are getting better at seeding the security message internally and creating guardrails and governance structures that allow more functions to knowledgeably incorporate security into their design decisions.

For developers, those guardrails are usually embedded in DevSecOps tooling and frameworks.

For CX and UX teams, the tool of choice is different: no-code platforms. Such platforms are targeted at non-technical users, allowing digital workflows, processes, and simple applications to be assembled from drag-and-drop, reusable, pre-coded elements. The platform takes care of the integration of all of the composite pieces, known in technical circles as orchestration.

When designing these workflows and applications, CX (and UX) professionals want to understand how end users will interact with the flow, from the time they seek access or start, through to the completion of that transaction.

Many of these workflows have identity at their core. After all, the organisation wants to understand who is trying to access the process and why. Organisations use various ways to establish the customer’s identity, from a traditional set of login credentials to more advanced multi-factor authentication (MFA) setups.

The systems that underpins an identity implementation often comprises many moving parts. It’s historically been challenging to get all those parts to work together seamlessly, and then to incorporate that into the workflow, process or web application in a way that will be frictionless and unobtrusive to the user.

No-code identity orchestration platforms, including the likes of PingOne Da Vinci, are changing this, because they are capable of integrating all of the component pieces of technology needed to create a smooth identity experience.

The Emergence of Fresh Identity Experiences

The net effect of this is the emergence of more innovative identity implementations and experiences, since it is a relatively simple task to design these experiences and then orchestrate the underlying – enabling – technologies.

One example of an emerging identity experience is to have a customer gradually supply information used to establish an online profile for identity purposes. Instead of asking the customer to stop what they’re doing to fill out and submit a whole-page webform at an inconvenient juncture – such as when they are trying to check out goods from a webstore – UX and CX designers can instead create identity experiences that build up the customer’s profile in small stages.

As the customer moves deeper into a website or experience, they might be asked for a little bit more information about themselves, or to create a login name or a password, or to add their mobile phone number for verification purposes. Their identity profile is established gradually, such that when it comes time to check out, there’s little standing in the way of them completing the transaction, avoiding
basket abandonment or similar issues.

By utilising a no-code platform, CX and UX professionals and teams can add this gradual collection of identity markers across the customer journey, knowing that the platform will build out all the necessary code and connectors to orchestrate it all seamlessly.

The time needed to stand up an end-to-end identity solution and experience is also substantially less, with the commitment measured in hours or days, not weeks.

With the focus on CX showing no signs of a slowdown, we’re likely to see more CX- and UX-led conversations and efforts to streamline security in Australian organisations this year as a result of these market developments. The end result will be more innovative identity flows that keep customers engaged with the digital properties they are interacting with, while fading security into the background of the experience.