Your online activity is of great interest to many people. From your social media posts to your online shopping habits, what you do on the internet is observed not just by your friends and family, but also by corporations who have figured out how to convert your online identity into their product.
Facebook is an example of how corporations “productise” our identities -- and we are becoming inured to it. Facebook aggregates and analyses the online behaviour and identities of almost 2 billion daily users on an industrial scale, converting this into revenue of $8.6 billion in 2016 alone. By agreeing to Facebook’s terms of service, users whether consciously or unwittingly, also agree to the use and onward “sale” of their data. We also give them insight into other sites or applications we sign into using our Facebook credentials.
This commercial model is not limited to Facebook. It’s also the way Google, Yahoo, Pinterest, Snapchat, YouTube and many other sites work. We know our personal and behavioural data is the product, and we allow it in exchange for the value that the platforms offer.
With this model now largely accepted – or at least, expected – in the B2C space, it is not unreasonable to anticipate that it will extend to B2B online services and applications.
From B2C to B2B
Software-as-a-Service (SaaS) is a rapidly growing segment in the enterprise software market, changing the way many businesses access technology. The business case to use SaaS platforms can be compelling -- offering, among other benefits, lower upfront capital costs, ongoing vendor responsibility for upgrades, and the ability to access information from multiple devices in any location. Companies, from start-ups to large corporations, are using the likes of Salesforce, Xero, Office365 and Bloomberg Messenger.
But not all SaaS and cloud-based solutions are created equal, so it’s important to understand the potential risks – particularly in relation to your corporate identity and the digital footprints of your employees. Many SaaS providers require you to integrate with their technology. As such, it’s vital to fully understand what information your company and your employees may be ceding to the service provider, how this data will be managed, and how they could potentially leverage the insights the data generates about your company. By integrating with the service provider, will you be giving them control over the potential value of your corporate digital activity, and perhaps, even the corporate digital identities of your employees?
Protecting your corporate identity
Your corporate and employees’ identities are the gateway to your business’ most critical assets, and to avoid access violations and data security breaches, identity governance is key. When using SaaS platforms with their inherent complexities, getting identity governance right becomes even more critical.
As is the case with your personal social media, control and use of identities is done with your permission via the platform’s terms of service, but the potential downstream implications on your business of ceding this control may not be immediately apparent.
By allowing the integration of your employees’ identities with your provider’s platform, you effectively hand over a degree of control over your corporate identity. It is therefore important to understand how your SaaS providers manage your employees’ identities – from segregation and safekeeping, to authorisation management of access rights to functionality and add-ons. Does your firm retain full control at all times, or do you simply trust that your provider will maintain the required standards?
Secondly, ceding some control may have unforeseen implications. For one, it may make it more difficult for you to change suppliers in the future, especially if log-on credentials are used to access other applications or services in the vendor and partner ecosystem. This is already becoming evident in the constellation of partners surrounding leading SaaS suppliers like Salesforce.
Finally, it also begs the question – who else, other than the SaaS provider, will have access to your identities? What commitments does your SaaS provider make about future plans for their wider identity ecosystem? As the SaaS ecosystem becomes more complex – with partnerships and integrations rampant, are you inadvertently giving other businesses access to insights about how your company is working through the actions of your employees?
Your business data is big business
When using many SaaS solutions, you effectively provide large volumes of valuable information about your business and your employees – data that can be aggregated and analysed by the SaaS providers and third parties. This may include transaction trends, topics of interest, and even employee profiles.
This alone is valuable to the provider, but when combined with data on your business from other platforms, the provider could potentially develop a comprehensive picture of your business.
This could be beneficial to you, when the provider uses the insight to improve the services they offer, or even give you greater insight into your own business. However, in the quest for profits, solution suppliers may be tempted to crystallise the value in that insight by offering it as a product, or by using it to develop market insight that may be valuable to third parties -- even to your own competitors.
At Taskize, we integrate with you – so you retain control
We recognise the importance that our financial services clients place on confidentiality of their information, and the digital footprint that comes with the activity of their employees within our solution. We provide our clients with a secure utility for issue and query resolution both within and between financial firms, while ensuring that identities and information remain under the control of our clients and used for their benefit. Our philosophy is that platforms and technology solutions should integrate with the client, not vice-versa. Our platform works easily with existing back-office processes and systems, without our clients ceding control of their employee identities and information.
Our clients own the administration and use of their employees’ identities, and we don’t utilise applications that are tied into an identity ecosystem that our clients don’t control. On the technology front, we use and support open standards of OpenID Connect, or SAML.
Recognising the significant value in data-driven insights, we provide our clients with analysis and management information on the types, volumes and counterparties involved in the issues and queries they have resolved via Taskize. We also plan to automate industry benchmarking, for firms which elect to participate; essentially a near real-time version of subjective surveys which happen today. We offer this insight for continuous improvement of their back-office operations. With Taskize, our clients’ data and the resulting insights remain their own.
Understanding how a platform uses employee identities and data will help avoid any unexpected surprises in how these are used to generate commercial value for others. So, while SaaS platforms provide corporations with access to a vibrant world of new services online which will be required to sustain competitive edge, it is important that you enter service agreements with your eyes wide open.