Customer Identity and Access Management (CIAM) is the term used to describe the solution applied by companies to provide end users with secure access to the digital services they offer.
CIAM can be described as a blend of security and customer experience. In other words providing an easy, frictionless way for users to log in with their identity while protecting sensitive data correctly and complying with data privacy laws.
Let’s begin by discussing what we mean by customer identity in context of the four widely accepted pillars of CIAM;
The first pillar is personal identity. We use our personal information to:
The second pillar is workforce identity. It is used to access applications and software in the office and workplace.
The third pillar is specifically about devices - the Internet of Things. There are millions of devices coming online every day that require authentication, software, security and other CIAM solutions.
The fourth pillar is customer identity - the customer information used for transactions online and other customer experiences.
Let’s look at the macro digital trends we see for customers.
We already know the world we live in is a dynamic place, one that keeps evolving and is becoming more complex.
Complexity drives change, which leads to risk. Increased risk drives costs. There is a sharp increase in the number of technologies coming online very quickly, coupled with increased customer expectations.
So it could be consumer devices like fridges, cars, and TVs.
But we're also seeing faster adoption of cloud technologies. And this means organisations have to innovate faster to grow and increase their performance, while at the same time trying to simplify their solutions and operations.
These consumer trends have redefined everything we do with our workforce, our customers, and out CIAM solutions.
This workforce is now very much remote. And customers are buying more things online.
The impact of companies like Amazon and Facebook is that every interaction that you have online can now be done from any device - your phone, your tablet, or even your laptop at work.
And along the way, we expect a very smooth, personalized experience using the information we provide.
It is an effect that is really felt across every sector, not just e-commerce, and it completely redefines customer engagement.
This redefined customer engagement includes a difference in how we secure data.
However, this trust breaks down when users are mobile and when external partners require access.
This is why we hear “zero trust” a lot these days - which is essentially a new approach where trust levels are continuously calculated and adapted to allow just-in-time, just-enough access to resources.
The way in which we handle our data has also changed - and so compliance is a big issue surrounding CIAM solutions.
First of all, there is Data residency - where a business specifies that data is stored in a specific geographical location.
Then there is Data sovereignty where the data is also subject to the laws of the country in which the information is physically stored.
The third, and fastest-growing trend, is Data localization. This requires that data created within certain borders stays within those borders.
A parallel challenge to compliance is the rate at which things and customer expectations have changed due to the pandemic.
Many consumers discovered the convenience of e-commerce and other online experiences during the pandemic. In this chart, you can see the share of e-commerce grew at two to five times the rate of growth before COVID-19.
McKinsey tells us that roughly three-quarters of people using digital channels for the first time say they will continue using them when things return to “normal”.
There's another great report that McKinsey put out earlier this year (1), which showed the acceleration of technology and digital transformation, mainly driven via the pandemic. They highlighted two case studies. The first was all about workforce collaboration. Turnaround time was around 400 days before the pandemic and deliverables were emerging in under 2 weeks.
The second case study was around customer digital experiences. Organizations building apps were taking an average of around 450 days which was dropping to 29 days. So the deliverables were delivered in a single month.
Let's break down how a customer identity and access management solution can help you achieve your goals, by summarising the three keys below;
As mentioned earlier, this is not just a topic for Amazon or other retail organisations - it is of primary importance for any customer facing company. Offering the best customer service and support requires you to learn and develop a deep understanding of customer behaviour, experiences and interests.
Identity as a Service solutions, such as Okta build a profile for each user, pulling in attributes and data from multiple sources, to build up a "master profile". The user account in CIAM also tracks and manages login activity across different devices and sessions.
If social identity providers are included as an authentication option and the user chooses to use multiple sources such as Facebook, LinkedIn, and Google, the platform can link these accounts together, merging different sets of information.
Once you have assembled a unified view of your customers, the data can then be integrated with other tools such as CRM and Analytics platforms — this, in-turn feeds the types of content your users can see and explore. It also gives customers a more personalized experience overall.
The cost and effort of switching services and platforms is very low these days. In addition, product reviews and complaints are commonplace, typically published via social media, aggregator sites, and search engines.
To mitigate this, aiming for a superior authentication experience for your users should be high on the agenda. Many companies still struggle with poor login or registration flows. Long forms to complete, unclear action buttons, and opaque password rules can often contribute to the churn.
SMS, magic link, and Touch ID are three passwordless techniques to consider in order to facilitate a smooth process.
In each case above, sign-up is simplified and offers a consistent UX once the account is created. In turn, this drives an improved engagement level and matches customer expectations gained from other leading platforms and services.
From a security perspective, passwordless authentication helps to mitigate bad practices such as weak passwords or choosing the same password for multiple accounts.
We have already seen the huge rise in cybercrime and data breaches in our graphics above. Choosing the right CIAM solution helps to mitigate the risk of a fine resulting from a leak or system being compromised.
For example, introducing Multi-Factor Authentication (MFA) increases your users' perception of security and it is known that MFA offers excellent success levels for keeping breaches down —mainly because it avoids dependency purely on passwords. Studies in 2017 found that breached passwords were responsible for 81% of data breaches (up from 66% in 2016).
The sharp rise in customer expectations and online transactions means that customer identity is now a key success factor for any business, service, or platform to focus on. Choosing a CIAM solution, such as Okta or Auth0, to help meet the requirements for today as well as tomorrow is proving to maximise ROI as well as comply with ever-changing compliance and security policies.