The growth of Consumer Identity and Access Management (CIAM) has been phenomenal. The first CIAM systems only started to appear around 2014, but today almost 50% of organizations say they have implemented the technology. As I noted in my previous blog, although CIAM is still relatively new it is rapidly becoming a ‘must have’ for any customer-focused business.
The strength of CIAM lies in its ability to use information security as a way to drive commercial objectives. Recent research shows that 75% of businesses now see CIAM as a competitive differentiator. Companies that already have mature IAM capabilities are up to 52% more likely to use their security plans to achieve business strategies in attracting new customers and providing excellent customer service.
In its top five trends for CIAM solution design, Gartner placed an increasing overlap between CIAM and traditional IAM at the top of its list. While some commentators have talked about CIAM replacing IAM, it’s more correct to say that choosing ‘inside-out’ or ‘outside-in’ is no longer an either/or alternative (read more about the difference between an ‘inside-out’ and ‘outside-in’ approach in my previous blog). Today, organizations should really consider a single enterprise identity management solution that encompasses all the people – customers, employees, suppliers, partners, contractors – as well as the systems, applications and devices used across their business.
Key features of a CIAM platform
This is an important decision to get right. As Gartner recently stated at their Gartner Identity and Access Management Summit in Las Vegas, “By 2021, 40% of IAM leaders will have their job performance evaluated more heavily on the achievement of business outcomes than on technical outcomes.” This couldn’t be more true for CIAM, which is considered by many to be the next business enabling enterprise technology because of it’s direct visibility to a brand’s active (and inactive) customers. Keep in mind while you’re reading the capabilities below that all of this must happen for extremely large identity populations, well into the tens and hundreds of millions of identities, and that any identity system must be scalable, performant and auditable.
Key features of a CIAM platform include:
Enhanced, low friction security
Your network must allow access for customers, suppliers and partners. The CIAM platform must be secure and provide autonomous authentication, authorization and interaction between people, systems and things for low friction access. In addition to capabilities such as Single Sign On, centralized policy enforcement, role management, advanced identity features such as delegated administration, authorization management, and automated provisioning should be included to support secure information flow among complex, multi-level networks.
Secure messaging and integration
It is not only people but also business processes and applications that are imbued with identities and the CIAM platform must be able to integrate the various network elements so that they can communicate effectively together and allow authorized access. The best CIAM platforms have comprehensive messaging and orchestration services that provide the integration layer for transporting data and integrating across all actors on the network. It automates the process of integration needed to meet people-to-application, people-to-thing, thing-to-applications and thing-to-thing connectivity.
Support for IoT and mobile use cases
Many IoT deployments still rely on a very device-centric view of identity. In the age of the connected car and smart home – where multiple users access the same device – this is no longer acceptable. The CIAM platform needs to be able to use identity to drive the relationship between people and devices. In addition, mobile is become the primary communication channel for many people. The CIAM platform must facilitates a seamless mobile experience that allows the customer to register, perform high value transactions and amend their account and profile from their mobile device of choice.
Privacy, consent and preference management
There are two major differences between traditional IAM and CIAM: First, the customer has a choice and, secondly, they are responsible for a significant part of managing their own identities. The CIAM platform must have comprehensive self-service features to enable customers to edit their profile, set and amend consents on how their data is used and update their preferences. Strong privacy management is essential to let you customers determine how you collect and use their personal data. Open standards–such as the OAuth-based user-managed access (uMa) are beginning to help customers to manage their consents and preferences individually.
As the number of actors on your network grows – large online businesses can easily have millions of accounts and the threat from duplicate and ghost accounts create real security vulnerabilities for IT teams. The CIAM platform should include the management of all identities throughout their lifecycle including registering, provisioning, activating, tracking, locking, unlocking, suspending, unsuspending, resetting and deleting. The platform must effectively manage all network elements at each stage in the lifecycle and automate a smooth transition between stages.
Open APIs – such as documented RESTful APIs – are becoming the foundation of CIAM platforms. Using APIs, you can quickly integrate identity management data into other technologies such as content management, marketing automation, CRM, and ERP systems. This not only increases security within the network, it allows you to bring data from all systems together to obtain a single view of every customer. In additions, APIs allow you to create identity management microservices that are user-friendly and can be injected into other back-end applications.
The CIAM platforms collect a wide range of data about your customers’ digital interactions. This includes how they interact and behave across both digital and physical touch points such as websites, social channels and in-store. Advanced analytics allows you to gain a deeper and clearer understand of each individual customer that can be used by business units to improve performance across a wide range of activities including customer experience, product development, and sales and marketing. A thorough understanding of customers’ behaviors helps improve a number of security features such as identity verification and authentication. Analyzing identity data allows you to introduce more advanced capabilities such as anomaly detection and adaptive access.
Cloud is becoming a popular deployment option for CIAM platforms as it offers scalability, performance and agility. However, many organizations will still have legacy applications and processes and favor on-premise deployments for data security and confidentiality. A CIAM platform must be able to support hybrid deployments that provide the APIs and connectors to flexibly enable multiple on-premise and cloud-based configurations to meet your specific requirements.
The most important takeaways to remember about CIAM is that this is all about the customer (and their data privacy driven by GDPR, CCPA, PSD2, etc) and that starting now, customers need to be in control of what is shared, good data is more important than ever, and that brands can benefit by embracing customer trust. In my next blog, I’ll look at how a CIAM platform can help build a Zero Trust environment. In the meantime, if you’d like to know more about how CIAM can help your business, please contact us or dig deeper into our Identity and Access Management solution that many of the world’s largest companies are already leveraging.