Why Apple TouchID Is Core to Bringing 'People-Centric' Experiences to the Enterprise

Whether we’ve seen it in airport security lines or in movie theaters with Gattaca and Star Trek, the concept of biometric security is a familiar one. In practice, however, it’s never broken through science fiction into the mainstream. So did Apple’s introduction of TouchID in its iPhone 5S change all of that? It certainly had major implications for how enterprises offer more personal, curated – what’s being termed ‘people-centric’ – technology experiences in the workplace.

Making It Personal

Almost everything in the consumer technology world has become more social and increasingly personalised in the past decade. Runners can track their workouts by just wearing a bracelet, Facebook users can send gift cards to their friends based on their “Likes” and photo lovers can design iPhone cases filled with Instagrams. This trend has led to more and more people-centric technologies – tools that enable experiences catered specifically to someone’s needs and those that also make us more productive. The rise of mobile devices, cloud applications and social networking are all forces in this shift.

TouchID is the next step in this evolution. With security now centered on a person’s fingerprint, the iPhone not only creates personalised experiences, but also offers the potential to finally break into big companies – a trend has not taken off at the clip you’d expect given the media hype. With companies slowly adopting BYOD programs, on-premise software still reigning supreme in many IT environments and big hacking attacks occurring every few weeks, there's no question that the business world still lags in adopting people-centric technologies across workforces.

And put simply, the associated security concerns are a big reason why.

The urgency to understand identity – and exactly who someone is – before they get access to virtually anything they want is exponentially higher when it comes to the enterprise. With TouchID, Apple has realised that for big businesses to have the same level of 'people-centricity' as the consumer world, they must be sure the people accessing sensitive information are who they say they are. Understanding who someone is – and being able to identify them beyond a shadow of a doubt – is the linchpin for businesses to enable the same kinds of personalised experiences that we have come to expect in our everyday lives.

Risky Business

In a business context, experiences are defined by what information people have access to at different points of time, what devices they're able to access it all from, and the extent to which they're allowed to interact. There are a lot more rules to follow – and much more scrutiny by which those rules are enforced – than in the consumer world. And as a result, there many more factors and potential security hazards to consider in making a decision to adopt new technologies.

These risks become particularly complex as the number of applications and devices people use in business grows. More of what’s used everyday comes from the cloud and is also being optimised for mobile devices. Plus, the people accessing business information aren't just employees anymore – they also include partners, customers, contractors and any number of other people who are located on the other side of the company firewall.

MFA: Don’t Leave Home Without It

We’ve reached a point where usernames and passwords alone are no longer good enough. We’ve long had single sign-on technologies to "take the @$$ out of passwords" (as we say at Okta), but the question becomes what’s possible if someone else gets a hold of that single username and password. Is it possible that anyone with these credentials can access all of someone's applications and devices? Absolutely.

Not surprisingly, multi-factor authentication (MFA) – which requires two or more factors to verify legitimacy of the user – has taken off and evolved pretty substantially in the past decade. From the early days of the RSA hard token that enabled employees to use a VPN to access corporate networks to the regenerating soft token many cloud security companies offer customers today, and now to Apple's fingerprint scanning, authentication methodologies are becoming as personalised and specific to the individual as the experiences they're trying to access.

Understanding someone’s identity is central to how work gets done in an environment that’s more complex than ever. It becomes the ‘glue’ that binds users to any combination of applications and devices. Only once you know it (and have confirmed it in multiple ways) can you pretty easily determine what kind of information they're allowed to access, what devices they use, what role they have, what groups they belong to, what permissions they have, their location, what their preferences are – the list goes on.

‘Success. TouchID is (Almost) Ready.’

With TouchID, it’s clear that Apple is looking more at the business user than the typical consumer, addressing the security concerns keeping CIOs up at night. It’s clearly recognised that in order to offer the same level of personalisation in the enterprise, companies better be absolutely sure the people accessing enterprise information and applications are indeed who they say they are.

Apple has opened the door (even if that door may have a hole or two that needs fixing), but as businesses move toward more flexible, adaptive, cloud and mobile-centric technology strategies, it's up to other players in the market to not only make this move to more personalised experiences possible, but also meet enterprise-ready standards. It’s about time a giant like Apple inspired companies to take the ‘@$$ out of passwords’ and bring people-centric to the enterprise.


Todd McKinnon is CEO of Okta, an enterprise-grade identity management service that addresses the challenges of a cloud, mobile and interconnected business world. You can follow him on Twitter at @ToddMcKinnon


« IBM Needs to Show Elephants Can Dance in the Cloud


Iraq: Islamic State's Digital Fortress »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?