Slow deployment is hampering fraud prevention. What gives?

In May, Okta finalized its acquisition of Auth0 for $6.5 billion. Every company loves to add a shiny new toy to its arsenal, but this move sent a clear message to enterprise vendors: adopt a DevOps-style deployment model or cease to exist.

Today’s enterprise customer needs to deploy yesterday. Therefore, in order to fast-track go-to-market, enterprise vendors across the board—from authentication, to checkout, payments, identity management, and analytics—have switched to DevOps -style implementation with integrated solutions and easy to use APIs to get customers up and running quickly and seamlessly.

There’s just one problem: most fraud prevention companies aren’t heeding the signals and drinking the (healthy and delicious) DevOps deployment Kool-Aid. They’re sticking to complex, legacy integrations that span multiple touchpoints (code on page, in the client, on the server) and instead make implementation a behemoth, months-long project.

Unfortunately, that doesn’t cut it for customers looking to avoid the next multimillion-dollar breach.

The most effective anti-fraud tools are engineered to get up and running in hours, not months. So, let’s look at how other fraud prevention companies can benefit from this approach—and what it will take for fellow fraud-stoppers to embrace the DevOps deployment model.

Legacies were meant to be left behind

The biggest advantage of a modular, API-based deployment is its simplicity and turbocharged impact on time to market. APIs standardize the protocols through which apps connect with software, enabling developers to work faster, allocate more time to testing new features, and focus on their business rather than working through cumbersome integrations. Meanwhile, customers benefit because the traditional installation process that previously required multiple engineers and months of time can now be completed in a few hours and molded to fit their specific needs with ease.

Catching fraud early is critical, and with account fraud alone up by 250 percent in 2021, customers want to move faster than ever before. A cybersecurity solution they can implement in as little as a few hours is much more attractive than the sluggish legacy implementations of yesteryear.

All the cool kids are doing it

I’ve seen firsthand at my company how DevOps implementation results in happy employees and happy customers. Companies such as Stripe, Twilio, and Plaid have switched up their deployment strategies and are thriving, recognizable brands whose software decisions would be wise to follow.

This is also why the smartest anti-fraud startups are eschewing the old-school, legacy deployment model. Fellow finalists from this year’s RSA Sandbox competition (Apiiro, Wabbi, Open Raven, and more) exemplify small, nimble companies solving security issues plaguing the modern multi-cloud landscape.

Easily implemented tools, via APIs and single-click deployments, alleviate the time-leeching hassles of legacy frameworks in areas such as procurement, integration, maintenance and operations. These companies lead with a first-class customer experience and impress their customers with ease of use and the deployment of integrated SaaS products into their own applications, leveraging the benefits of new software without months of development and testing.

The transformation takes time when you don’t have Okta money to buy a DevOps model—but many startups have put in the work to implement API-friendly software, so why are others slow to follow?

When will cybersecurity get the hint?

The difficulty in transitioning to a DevOps deployment framework can generally be chalked up to a shortage of bandwidth and developers. And to too few developers, who in turn have too much on their plates to work on other projects, and who can’t handle the security and support upkeep needed for easily accessible, public-facing APIs. This change often requires significant architectural planning, changes to how software functions are created, rethinking functionality against a new framework, and a fair amount of routine maintenance to mitigate technical hiccups.

All these factors cause hesitancy in the cybersecurity realm, as many of these companies aren’t game for an infrastructural overhaul, and for those that are still serving from on-prem legacy systems it’s even harder to make the jump. But as the world moves on, and with banks and financial institutions switching to cloud infrastructure, the pressure is building.

The bad news: It won’t get any easier

Identity fraud doubled from 2019 to 2020. And it’s just going to get worse. Given the world-changing ramifications of the pandemic, resulting in most of us interacting, browsing, and transacting on our digital devices at an exponentially higher frequency, the 2020-2021 fraud numbers will be even less pleasant to look at. Anti-fraud companies that employ a DevOps-style implementation will be much more attractive to potential customers looking to protect their users with urgency.

It’s ultimately up to the C-suite at these companies to bite the bullet and invest in the transition to a DevOps -style deployment model before it’s too late. It’s also a great opportunity to cut years of technical debt and part ways with unmaintained, outdated technology and legacy code, freeing up time for developers to iterate and build products—what they love to do—while significantly improving the customer experience. This brand of customer experience is table stakes for anti-fraud tools and all enterprise vendors, and best of all, it’s easy—easy to integrate, easy to use, easy to test, easy to patch, and easy to deploy.