The growing importance of effective Customer Identity Access Management

by Mark Perry, APAC chief Technology Officer and Principal Architect at Ping Identity
  • Mark Perry (CSO Online)
  • 28 September, 2016 21:04

When it comes to effective identity and access management (IAM), most businesses tend to focus on achieving secure employee access to on-premise applications. Yet, as commerce increasingly shifts online, IAM for customers is becoming just as important.

While online commerce has been growing for years, many organisations have tackled the customer IAM challenge by building bespoke solutions. However, as the number of channels and devices used by consumers grows, these solutions are often no longer up to the task.

A different approach

As well as conventional customer identity information, such as name, email address, payment types and shipping addresses, businesses increasingly need to gather a range of other information from customers. This includes everything from communication channel preferences to product selections and privacy choices.

As a result, managing IAM for customers is a very different task from managing it for employees. For starters, customer IAM (CIAM) requires an ability to scale to far greater numbers of individuals. There is also the need for increased usability, convenience, security, privacy and support. For these reasons, CIAM requirements are very much separate and distinct from those of conventional enterprise IAM.

The way in which a CIAM system is deployed must also be different. While the IT department will have responsibility for it, the system can't be siloed and must integrate with other areas of the business including sales, marketing and business analytics. This is important to ensure the business has a single view of each customer.

The functional requirements of CIAM

While employees may begrudgingly put up with a clunky identity management process to access internal systems, customers have options. If they can't easily navigate the process offered by one business, they will simply shift to a competitor. For this reason it is vital to provide a frictionless experience across all communication channels and devices.

To achieve this, CIAM systems must meet certain criteria including:

  • Usability: Delivering a user-friendly experience is a make-or-break aspect for a CIAM system. Failure to achieve this will lead to customer losses.
  • Scalability: CIAM systems must be able to scale to handle increasing traffic, including unpredictable demand spikes and usage patterns.
  • Consistency: Consumers want to interact with brands using multiple channels including the internet, mobile browsers and apps, in-store kiosks and call centres. The CIAM system plays a key role in delivering a fluid experience across them all.
  • Security: Consumers are increasingly protective of their personal data and fearful of potential threats. A centralised CIAM system is key to maintaining a secure environment.

The stages of customer engagement

A comprehensive CIAM system can add significant value at each stage of a customer's relationship with a business. The six stages of engagement are:

1. Self-service registration

At this initial stage, the goal is to create the least amount of friction while delivering an appropriate level of security which starts by requesting the minimum amount of information necessary to create an account. This process can be aided by offering customisable registration forms or by allowing customers to use trusted logins such as those provided by Facebook, Google or PayPal.

2. Multi-factor authentication

Once an account has been created, the CIAM system should provide multi-factor authentication. This is a procedure requiring the combination of multiple authentication factors including PINs and passwords, a mobile device or token, and even a fingerprint or iris scan. Such strong authentication must introduce the least amount of inconvenience and cover the broadest range of access methods and devices.

3. Account validation

The level of account validation needed will vary based on the risk associated with the customer’s activity. Methods can include the use of CAPTCHA techniques to ensure the party is a human (and not a bot), policy enforcement to ensure use of strong passwords, and data validation to check entered credentials align with those used when the account was created.

4. Seamless user experience

Once the account is operational, proper engagement involves maintaining a seamless user experience. This can be a challenge if the customer has multiple accounts within the same business, however a CIAM system can overcome this by linking multiple accounts to a single identity.

5. Customer profile management

With the customer now engaging with the business, the CIAM system can be used to manage their profile. To achieve this it must be able to deal with both structured and unstructured data captured across multiple channels. Customers will quickly lose patience if they have to go through an administrator each time they need to update their account, and so should be provided with an intuitive, easy-to-use interface.

6. Personalisation and preference management

Finally, the CIAM system should enable ongoing and efficient management of customer preferences. This is likely to require the management of data distributed across a range of locations and include items such as the user profile, multiple account records, third-party databases and marketing systems.

Striking a balance

When deploying a CIAM system, it's important for a business to balance the need for secure access to applications with ease of use for its customers. A unified view of each customer should be created that ensures both security and a frictionless experience.

While customer identity solutions have traditionally been customised or one-off projects, effective CIAM has different requirements and technical needs. Trying to bolt this functionality onto an existing enterprise IAM solution is simply not good enough.

An effective CIAM system must address considerations such as usability, scalability, privacy and security while also delivering in the areas of consistency and provision of a unified view of the customer. By deploying the right CIAM system, a business can deliver the simple, frictionless experience its customers expect.