• United States




Digital transformation: securing customer-centric initiatives

Oct 18, 20174 mins
Application SecurityData and Information SecurityDigital Transformation

Data security and an improved customer experience go hand in hand for successful digital transformation.

customer experience
Credit: Thinkstock

“The customer is always right” is a motto originating in the early 20th century which encourages employees to give a high priority to customer satisfaction. The quote has morphed into an intense focus on the customer experience in the new millennium. This new focus is driven by a string of massively disruptive technology changes, such as cloud, big data, API/microservice architectures, smartphones/tablets, UI frameworks and the like. Market dynamics are also playing a disruptive role, with media, travel/leisure, automotive, aerospace, retail, and other industries experiencing a new wave of competitors. One outcome is a focus around improving the customer experience in every aspect of the customer journey. Often called “Digital Transformation” this evolution is focused on modernizing tools and processes within an organization.

Executives have realized that without updating legacy IT approaches, they will fall drastically behind their competitors and won’t be seen as a modern, digital organization. Enterprises are now implementing a wide variety of customer-centric initiatives designed to delight the experience of customers, employees, as well as partners.

Customer-centric initiatives

Customer-centric initiatives are about providing a seamless digital experience. It is a way of doing business that provides a positive customer experience, drives repeat business, customer loyalty and profits. There’s also a need to be able to link the customer journey in back-end systems, to help businesses meet these goals, measure and improve over time.

This drive to customer centricity is happening across industries. One example is in the banking industry. Banks are implementing a full omnichannel experience for their customers. This means customers have access to their bank account anywhere, at any time, on any device. It also means that when a customer makes a deposit in-person with a bank employee, it will immediately reflect on the bank’s mobile app. When funds are withdrawn or deposited at an ATM, it should reflect on the online portal right away, delivering a seamless banking experience.

There is also a full array of examples from the healthcare industry, where there is a shift from fee-for-service compensation to value-based or patient-centric care. Value-based care rewards high quality patient care that is cost-effective. By drawing on massive amounts of patient data and correlating that data to electronic health records (EHR), patients in a similar circumstance can often receive and experience better health outcomes.

However, customer-centric initiatives in banking, healthcare and many other industries require significant amounts of data and documents to be exchanged – often Personally Identifiable Information (PII) or other sensitive data. But, without the right protocols and security around the data being shared, customer-centric initiatives introduce great risk to the organization, especially when it comes to privacy and compliance regulations. Security considerations need to accompany these initiatives or they will fail every time.

Securing customer-centric initiatives

A proven way to secure sensitive data for customer-centric initiatives is with an Attribute Based Access Control (ABAC) model. ABAC is an access model that allows organizations to securely share data across an entire collaborative chain by only allowing authorized users access to sensitive data under the right conditions.

ABAC only grants access to data if every attribute is aligned with a corporate policy, regardless of how general or granular the policy is written. ABAC goes beyond just “who” is accessing data, but also considers “why,” “when” or “where.” Who is accessing data is a key attribute, but so is the relationship between the user and the data, their location, the device they are using, the time of day or other variables.

Beyond known risks to PII for banks and healthcare organizations, the need to share and protect data is growing to meet the needs of a data-driven marketplace; ABAC is being adopted by product companies, leisure companies and even software firms. Knowing and enforcing policies built with key attributes could be the difference between data being shared securely for effective customer-centric initiatives, and data being shared inappropriately and insecurely, leading to data leakage, breaches and angry customers.

Enterprises who are slow to keep up with the times and modernize their legacy IT systems to support digital transformation will be left behind and may struggle to succeed. Status quo is an option that doesn’t look viable any more. While enterprises that can implement and secure their customer-centric initiatives, will deliver to customers a seamless digital experience, ensuring satisfied customers, a good reputation and ultimately, an increase in revenue.


Gerry Gebel is the vice president of business development at Axiomatics. He is responsible for sales, customer support, marketing, and business development for the Americas region. In addition, he contributes to product strategy and manages partner relationships.

Before joining Axiomatics, Gerry was vice president and service director for Burton Group’s identity management practice. He covered topics such as authorization, federation, identity and access governance, user provisioning and other identify management (IAM) topics. In 2007, he facilitated the first ever XACML interoperability demonstration at the Catalyst conference.

In addition, Gerry has nearly 15 years' experience in the financial services industry including architecture development, engineering, integration, and support of Internet, distributed, and mainframe systems.

The opinions expressed in this blog are those of Gerry Gebel and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.