The growing importance of effective Customer Identity Access Management

by Mark Perry, APAC chief Technology Officer and Principal Architect at Ping Identity

When it comes to effective identity and access management (IAM), most businesses tend to focus on achieving secure employee access to on-premise applications. Yet, as commerce increasingly shifts online, IAM for customers is becoming just as important.

While online commerce has been growing for years, many organisations have tackled the customer IAM challenge by building bespoke solutions. However, as the number of channels and devices used by consumers grows, these solutions are often no longer up to the task.

A different approach

As well as conventional customer identity information, such as name, email address, payment types and shipping addresses, businesses increasingly need to gather a range of other information from customers. This includes everything from communication channel preferences to product selections and privacy choices.

As a result, managing IAM for customers is a very different task from managing it for employees. For starters, customer IAM (CIAM) requires an ability to scale to far greater numbers of individuals. There is also the need for increased usability, convenience, security, privacy and support. For these reasons, CIAM requirements are very much separate and distinct from those of conventional enterprise IAM.

The way in which a CIAM system is deployed must also be different. While the IT department will have responsibility for it, the system can't be siloed and must integrate with other areas of the business including sales, marketing and business analytics. This is important to ensure the business has a single view of each customer.

The functional requirements of CIAM

While employees may begrudgingly put up with a clunky identity management process to access internal systems, customers have options. If they can't easily navigate the process offered by one business, they will simply shift to a competitor. For this reason it is vital to provide a frictionless experience across all communication channels and devices.

To achieve this, CIAM systems must meet certain criteria including:

  • Usability: Delivering a user-friendly experience is a make-or-break aspect for a CIAM system. Failure to achieve this will lead to customer losses.
  • Scalability: CIAM systems must be able to scale to handle increasing traffic, including unpredictable demand spikes and usage patterns.
  • Consistency: Consumers want to interact with brands using multiple channels including the internet, mobile browsers and apps, in-store kiosks and call centres. The CIAM system plays a key role in delivering a fluid experience across them all.
  • Security: Consumers are increasingly protective of their personal data and fearful of potential threats. A centralised CIAM system is key to maintaining a secure environment.

The stages of customer engagement

A comprehensive CIAM system can add significant value at each stage of a customer's relationship with a business. The six stages of engagement are:

1. Self-service registration

At this initial stage, the goal is to create the least amount of friction while delivering an appropriate level of security which starts by requesting the minimum amount of information necessary to create an account. This process can be aided by offering customisable registration forms or by allowing customers to use trusted logins such as those provided by Facebook, Google or PayPal.

2. Multi-factor authentication

Once an account has been created, the CIAM system should provide multi-factor authentication. This is a procedure requiring the combination of multiple authentication factors including PINs and passwords, a mobile device or token, and even a fingerprint or iris scan. Such strong authentication must introduce the least amount of inconvenience and cover the broadest range of access methods and devices.

3. Account validation

The level of account validation needed will vary based on the risk associated with the customer’s activity. Methods can include the use of CAPTCHA techniques to ensure the party is a human (and not a bot), policy enforcement to ensure use of strong passwords, and data validation to check entered credentials align with those used when the account was created.

4. Seamless user experience

Once the account is operational, proper engagement involves maintaining a seamless user experience. This can be a challenge if the customer has multiple accounts within the same business, however a CIAM system can overcome this by linking multiple accounts to a single identity.

5. Customer profile management

With the customer now engaging with the business, the CIAM system can be used to manage their profile. To achieve this it must be able to deal with both structured and unstructured data captured across multiple channels. Customers will quickly lose patience if they have to go through an administrator each time they need to update their account, and so should be provided with an intuitive, easy-to-use interface.

6. Personalisation and preference management

Finally, the CIAM system should enable ongoing and efficient management of customer preferences. This is likely to require the management of data distributed across a range of locations and include items such as the user profile, multiple account records, third-party databases and marketing systems.

Striking a balance

When deploying a CIAM system, it's important for a business to balance the need for secure access to applications with ease of use for its customers. A unified view of each customer should be created that ensures both security and a frictionless experience.

While customer identity solutions have traditionally been customised or one-off projects, effective CIAM has different requirements and technical needs. Trying to bolt this functionality onto an existing enterprise IAM solution is simply not good enough.

An effective CIAM system must address considerations such as usability, scalability, privacy and security while also delivering in the areas of consistency and provision of a unified view of the customer. By deploying the right CIAM system, a business can deliver the simple, frictionless experience its customers expect.

Join the CSO newsletter!

Error: Please check your email address.

Tags identity and access managementcustomer careIAM controlsIAM systemsMulti-factor authenticationPing IdentitycaptchaCIAMcyber security

More about CustomersFacebookGooglePayPal

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Perry

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts