The Business Case for Transmit Security, Part 2 - Technology Consolidation and Elimination
Updated: Dec 3, 2019
The growth of digital channels forced organizations to implement identity and risk solutions to combat the fraud and cyber risks that have persistently targeted these channels. Unfortunately, deployments of identity and risk technologies involved very little long-term planning and no vision for a future-state structure. This is not meant to be a slight to internal development and IT architecture teams; the rapid proliferation of digital channels and digital access, along with the dynamic nature of cyberfraud techniques means that change is constant and long-term planning is challenging, if not impossible.
A typical (and highly simplified) identity management architecture in a large company looks something like this. As shown on the bottom of this chart, multiple (often overlapping) identity and risk capabilities are used to support applications across lines of business.
Unfortunately, the piecemeal implementation of identity and risk technologies by business line and department needs has resulted in organizations supporting multiple similar technologies, sometimes from different vendors and sometimes internally developed. Each time an application required a certain identity or risk capability, it was put out to bid or internally built. Then, the application needing the capability would be coded to call the technology at the appropriate time to perform a certain function.
Because any of the identity and risk functions may be coded into several applications in several places, replacing the technologies requires a monumental planning, programming, testing and compliance effort. Even simple identity and risk technology platform updates can involve accessing and modifying code for multiple applications across the enterprise.
“Being a large organization, it takes a long time for us to put something in and to take something out. It’s an 18-month cycle, unfortunately. So, they're able to put it in easily - flip a switch to turn it on or turn it off.”
Configuring vs. Coding
By abstracting identity and risk functions away from the applications, Transmit Security eliminates the need to modify code in the applications when changes are required, or new technologies are introduced. Modifications are fast, less internal cross-vendor expertise is required and seldom are vendor professional services engaged. Institutions become better positioned to consolidate similar technologies and reduce their vendor footprint.
Transmit Security’s Platform is vendor agnostic – virtually any internal or 3rd party service can be connected and then configured within the platform. Clients can initially deploy the Transmit Platform using all or parts of their existing technology stack and then easily migrate to Transmit or other 3rd party identity and risk technologies.
Transmit provides several identity and risk technologies out of the box, which allow clients to [optionally] replace expensive, and often antiquated, third party solutions to eliminate the need for ongoing internal and vendor support. Clients quickly recognize the technological advantages and the significant cost savings involved and begin strategically replacing their outdated and expensive identity and risk capabilities.
For example, Transmit’s platform has been used to replace:
• Risk engine vendors
• One-time passcode vendors/ internally developed approaches
• Biometric and handset biometric support vendors
• Device risk detection vendors (to detect jailbreak, rooted, and other risk indicators)
• Soft token vendors
To summarize, Transmit customers realize the following benefits:
Reduce or eliminate direct vendor costs
Annual vendor licensing fees
Ongoing and ad-hoc professional services fees
Reduce or eliminate internal cost for supporting vendor solutions
Development and testing for vendor platform changes, as well as changes to integrated systems
System resources required for application and integration testing
Ongoing vendor management overhead, including the time required to schedule and coordinate vendor, internal and other 3rd party resources