Everyone that has anything to do with security is all too familiar with the term “Shadow IT,” which applies to situations when users across virtually all departments in an organization access applications and services without the authorization of corporate IT. Driven by the consumerization of IT and the convenience of the cloud, Shadow IT has introduced significant risk to enterprises due to lack of visibility and control.
Today, as more businesses invest in their digital transformation – to the tune of more than $3.7 billion in 2019, according to Gartner – they are faced with yet another security and privacy challenge that also undermines the customer experience and hampers business success, namely Shadow Identity, or “Shadow ID.”
What is Shadow ID?
In the process of creating and delivering new digital services for their customers, business units within an organization can inadvertently create identity silos. In many organizations, a fragmented approach to identity consists of legacy, home-grown, and off-the-shelf point solutions that create a crazy quilt of applications that cause what we now call Shadow ID. This occurs primarily because organizations lack a unified consumer identity and access management (CIAM) solution and oversight over the process.
The end result is that a single customer who signs up for various digital services with a company may actually have multiple sets of identities. Every time an innovative digital service is rolled out to users, there is the potential for another identity silo to crop up. So why is that a problem?
- The user experience suffers in a big way. Let’s consider this simple scenario: A large financial institution offers an array of services – from ATMs to bank cards to online banking portals to mortgage loans, and more – and requires customers to create separate logins for each of these. Each department at this bank houses this customer identity data in a different silo for each service, and these silos are disconnected. When customers call their branch to have a question answered, they are typically shunted around to different people before they have a conversation with someone who has their customer information (and even that may be incomplete or inaccurate). The end result is a frustrated customer who gets even more frustrated with each engagement across all channels.
- Cross-sell opportunities are limited. Without a single source of truth about customer identities, it’s difficult to perform meaningful marketing analytics. And without reliable analytics, companies will have a hard time cross-selling services to their existing customers and delivering personalization for online applications and services. Clearly, Shadow ID can hinder business growth and put organizations at a disadvantage vis a vis competitors who have a unified identity architecture that can provide better, more streamlined customer experiences.
- Shadow Identity increases security risk to enterprises. Identity silos inherently result in an inconsistent security posture due to differing password-strength and reset policies and some services requiring multi-factor authentication but not others. Further, as security and identity standards evolve (examples: HTTP/2, mutual TLS, and newer crypto algorithms), it’s nearly impossible to consistently update disparate identity silos in unison, and this exposes the enterprise to greater risk.
- Identity silos create privacy and compliance problems. Fragmented identity silos make it increasingly difficult to keep up with ever-changing government and industry regulations. The EU General Data Protection Regulation (GDPR), which imposes strict regulations on usage and sharing of private customer data, is an excellent case in point. Without a single view into all customer identity data points, GDPR compliance becomes exceedingly difficult, if not impossible. Additionally, when a customer chooses to opt out of a service, managing this process across multiple silos becomes a hugely painful and time-consuming effort.
Enter the ForgeRock Digital Identity Platform
At ForgeRock, we help people safely and simply access the connected world by enabling exceptional digital experiences, no compromise security, and comprehensive functionality at any scale with simple, flexible, and rapid implementations. With ForgeRock, you can address – and get ahead of – the requirements of the digital Disruptive Economy. Using ForgeRock’s comprehensive, flexible customer identity and access management (CIAM) technology, you can support customer experiences that exceed expectations and foster consumer trust and loyalty to create new opportunities for growth and competitive advantage.
At ForgeRock, we are well aware of the pitfalls of Shadow ID and are passionate about helping our customers grow and innovate while offering a safe and frictionless experience for their users. It’s all about giving the right people the right access at the right time – by using the right IAM platform.
Learn more about how to connect everyone, anywhere, or contact us to get started.