Increasing the self-service level
To achieve these benefits, individual users of corporate customers must be able to be identified and at the same time to determine their authorization to present the specific organization. Users can also work for another company or be in a contractual relationship with the company as a private customer.
Customer organizations may also have needs to delegate limited authorizations to another representative company.
In the above cases, business development must take the following things into account when renewing or designing digital corporate business channels:
- User account and authorization management must be able to be delegated to the customer
- End-users must be able to be individually identified, as smoothly as possible
- Only single digital identity is associated with one physical user, although the user can represent multiple customers
- Company level delegation of authorizations must be possible per-need basis
With well implemented corporate customer identity management customer experience and service responsiveness improves and the routine account management work for the Customer Service decreases. Read more.
Data platforms and API-economy
Digitalization changes traditional business models and enforces many businesses to change their strategy from product oriented to service and platform oriented. With this transition the data produced by the company might be even more valuable than the produced product or service itself. The data can be either refined or sold or offered to be handled to business partners providing value adding services.
Data is gathered and shared through various API’s, and the whole sharing process needs special attention for data protection and information security. Both processes and technical controls must be well planned and implemented. Data must also be able to be protected from accidental changing and from data leaks.
Below is a list of things that should especially be thought through when data is published through public and private API’s:
- Data classification has been done to requirements set by law and industry requirements
- Technical security of private API’s is in check
- Users and devices (IoT) are individually authenticated with means required by data classification level
- Authorizations and permissions are controlled centrally based on business and data protection requirements
- API’s are planned and implemented to be secure and they have been security audited
- API’s access is logged
Information security requirements from corporate customers
Corporate customers’ information security awareness is continuously increasing causing also requirements for service provider getting higher.
Service provider can increase its competitive edge for example by acquiring a certificate of good security practices on its online service, offered by Nixu Security Verified service for example. Read more.
Preparing or certifying to ISO27000 or Cloud Security Alliance CSA Star requirements helps also greatly to meet the requirements of corporate customers’ service agreements on data protection and security. Read more.