Consumers expect the web apps and services they use to be intuitive while also requiring secure and private transactions and a low-friction experience. A good example of this is the increasing demand for biometrics, the use of a person’s physical attributes like a fingerprint or face scan to prove identity and control access. Consumers have become accustomed to the security and convenience that using a fingerprint to unlock their smartphone offers, so using the same technology to secure your web app is an intuitive way to help secure their account data.
Auth0’s recent global survey, including more than 2,000 consumers and 200 IT/marketing decision-makers in Germany, found that 31% of German consumers are more likely to sign up for a service if it offers biometric authentication. Yet only 17% of German businesses offer this feature. SO biometric authentication is one way for businesses in the DACH region to better align themselves with their customers’ expectations for security without compromising their customer experience (CX).
Partnering with an Identity as a Service (IDaaS) provider who understands how to combine an intuitive user interface with strong security measures like that offered by biometrics can bring additional benefits to your organization. For example: freeing your in-house development talent to focus on your core product, helping you meet regional data privacy regulations, and maintaining active control over your user data.
Let Your Internal Talent Focus on Your Core Product
Germany is not only the largest economy in the EU; it is also home to the largest software developer talent pool in the region. As of 2019, there were more than 900,000 developers in the country, with a majority describing themselves as Full-Stack front-end developers. To ensure your in-house dev teams can focus on those strengths, don’t distract them with an identity project. At Auth0, identity is our core product. Our teams built, maintained, and enhanced a Customer Identity and Access Management (CIAM) platform that incorporates industry security standards, an expert understanding of regional data privacy regulations, and a highly customizable set of integrations to bring you exactly the right mix of security, privacy, and CX.
Our identity specialists bring their expertise and knowledge to secure your authentication and authorization processes while also bringing your customers the tailored, low-friction CX they expect. That allows us to help you build a solution that will be capable of incorporating your needs in the present — while remaining extensible enough to scale with your plans for the future.
The centralized identity solution you build will unify authentication for your platforms, services, and web apps. This single source of truth (SSoT) for your customer identity data is easier to secure than disparate, siloed data stores for each system. It also limits your attack surface by eliminating multiple access points and login boxes.
By partnering with Auth0, you get a centralized identity platform that’s ready to be customized by your developers to meet your precise requirements. And our extensibility allows that platform to be readily extended to cover all of your existing properties, whether they’re modern cloud-based apps or legacy on-prem systems.
Understanding Data Privacy Regulations in The DACH Region
EU Member States are allowed to enact national privacy rules to supplement, specify, and modify the GDPR rules as applied to their citizens. It’s important that companies familiarise themselves with these rules that often govern specific situations.
This document is not intended to act as legal advice. Please consult your legal counsel to ensure you are in compliance with all applicable data privacy laws and regulations.
The right to privacy is well established and respected in the DACH region, where such legislation existed long before the GDPR. Today there are additional rules such as the new German Privacy Act (BDSG-new) along with industry-specific regulations for, e.g., telecommunications, banking, and energy. In Austria, too, we see local regulations like the Federal Act on the Protection of Individuals With Regard to the Processing of Personal Data (DSG), all designed to put the privacy rights of citizens first.
Switzerland has a slightly different take on data protection regulations as well. In addition to GDPR, there are two additional laws that impact data collection and processing there. The first is Article 13 of the Swiss Constitution, which protects Swiss citizens’ rights to privacy in personal and family life, as well as within the home. Meanwhile, the Federal Act on Data Protection (FADP) solidified the language governing how those rights are protected in regards to digital data. Unless you have a team of lawyers and governance specialists for your developers to work with, making sure you’re in full compliance with all of these regulations will soak up a lot of internal resources. Partnering with an IDaaS provider can alleviate these additional strains by taking on the task of helping to assure compliance.
The DACH data privacy landscape can seem complex, and the responsibility for coding privacy into your applications often falls to the people building them. By partnering with Auth0, your developers can help you protect your customer’s personal information without becoming privacy experts themselves. Auth0’s key privacy-enabling features include:
- Easy access to user profiles to enable removal requests
- To export a user’s data in JSON format for data portability
- To enable Log Streaming for continuous security monitoring
- The knowledge that your data is stored locally at an AWS facility in Frankfurt
Great Customer Experience Includes Choices for Data Location
Part of ensuring your customers get the experience they expect is maintaining control over the data they share when they create an account. Consolidating that data into an SSoT simplifies continuously monitoring its security and detecting threats and other anomalies. Having choices with respect to the location where your data is stored is another asset of partnering with an IDaaS provider like Auth0.
Data security certification
Auth0 brings knowledge of regional privacy regulations, along with internationally recognized certifications from organizations such as the International Standards Organization (ISO) 27001 and 27018, along with a SOC 2 Type II audit. These are third-party verified certifications, meaning a specialized auditing body has signed off on the security of our processes, infrastructure, platform, policies, and continuous monitoring framework. Auth0 complies with additional regulations as well, BaFin, EBA, and HIPAA for example.
Customizable user interfaces
All your user data in one place
Being cloud-native gives Auth0 the flexibility to offer multiple data storage options. Access is a key piece of data residency. For organizations in the DACH region, we offer private cloud deployment options on Microsoft Azure or AWS infrastructure, as well as public cloud options using an AWS facility in multiple regions such as Frankfurt to help our customers achieve compliance.
Iterative deployment to ensure buy-in across the organization
Deploying a new identity and access management system can be a lengthy and complex process from a business perspective. Partnering with Auth0 and taking advantage of our identity experts allows for an iterative deployment and a smooth migration that does not jeopardize the user experience by offering frictionless user migrations without password resets. That way, each department or product team can witness a successful roll-out before giving their buy-in without straining your in-house talent. Cross-departmental collaboration is key to any software project, particularly when that software controls data access, and having a successful proof-of-concept (POC) in hand can help secure buy-in as you move forward.
Work with an identity partner that understands your need for a great digital experience without compromising the security and privacy of your customer data. Reach out to our identity experts when you’re ready to continue the conversation or to find out how to start working with Auth0 today.