What is CIAM?
Customer identity and access management (CIAM) is, depending on who you ask, either a completely separate field of identity like IGA or one aspect of mainstream identity and access management (IAM). Rather than focus on internal employee authentication and permissions, CIAM focuses on the external; it allows enterprises to capture and manage the identities and profile data of their consumers. CIAM solutions control customers’ access to your applications and services for their transactions and interactions.
What Do CIAM Solutions Include as Capabilities?
Some of the CIAM solution capabilities are, by default, identical to those of a typical IAM solution, including:
- Single Sign-On
- Multifactor Authentication (MFA)
- Access Management
- Directory Services and Universal Directory Features
- Data Access Governance
- Lifecycle Management
However, CIAM does boast some capabilities that do not make sense for an employee-oriented IAM deployment, including:
Social Authentication/Social Sign-On
This allows consumers to access your enterprise’s portals and applications with the same login information they use for their social media accounts, including Google, Facebook, or LinkedIn. This allows for increased flexibility and provides a welcome time-saving mechanic for authentication.
Consent and Preference Management
The attention on GDPR enforcement means enterprises must redouble their efforts to obtain consent and to properly handle consumers’ personal identifying data in their databases and promotional efforts. CIAM solutions can help ensure that your consent and privacy forms have the right checkboxes and the resulting permissions are implemented properly for regulatory compliance.
Additionally, CIAM can help you tailor your consumer experiences to fit with personal preferences and personal information to make for a more pleasant shopping or purchasing experience.
What Makes CIAM Different from IAM?
The demands on CIAM from consumers and business pressures as opposed to the pure security demands on IAM result in what differences exist between the two.
CIAM is as much about collecting and storing customer data as it is about providing personalized user experiences. This allows enterprises to create targeted advertisements or personalized promotions to distinct demographics, as the demographics research has already been done for you. You can even use this personal data to connect customers to other services, either your own or provided from third parties (assuming you obtain proper consent to do so under current privacy laws).
Furthermore, CIAM—even more than IAM—needs to balance the needs of identity security with the needs for smooth, pleasant user experiences and interfaces. This is vital to maintaining profitability for consumer-facing businesses:
- 86% of buyers will pay more for a better customer experience, according to Ping Identity.
- Only 1% of customers feel business meet those expectations.
- At the same time, 22% of breached organizations in 2016 lost customers. 40% of those lost more than 20% of their customer base.
Customers dissatisfied with an unpleasant user experience will simply refuse to do business at that site—and the danger of lost business speaks for itself. CIAM helps to ensure that the customer experience of your enterprise is as seamless, scalable, and functional across platforms as possible. Without the seamless access experience—if your customers have to login over and over again—they’ll be driven straight to your competitors.
In other words, CIAM must transform the customer experience into true customer engagement.
Should I Select a CIAM Solution?
Potentially. If you are a consumer-facing business, a CIAM solution can reduce the risk of losing revenue, reputation, and consumers through a balance of security and customer experience. It is certainly worth your time to investigate and assess if it would be the right fit for you.
Is CIAM Truly Different From IAM?
This is a contentious and actually quite sensitive question.
The argument for CIAM is that it does use tools that are different from the everyday IAM solution and that there is a fundamental difference in philosophy by the change from internally-focused to externally-oriented.
Yet at the same time, the prime tools of CIAM are identical of IAM: governance, SSO, MFA, etc. Plenty of IAM vendors choose to market their services as both IAM and CIAM solutions as if they are interchangeable.
But then again, plenty of other vendors market themselves as primarily focused on CIAM rather than IAM; if you are a consumer-facing enterprise, wouldn’t you want a solution provider that focuses on and emphasizes your particular cybersecurity and identity needs? There are certainly market reports around CIAM solutions, and CIAM is a consideration for solution seekers today.
It’s a debate that may not have a clear answer, and it is worth your time to investigate and determine an answer for yourself.
Here’s the thing, CIAM can give a world-class experience to customers, but it still needs to protect both customer identities and your databases. If it doesn’t do that…well then, what is the point of even associating it with IAM? Remember, security is as much a financial consideration as anything else. Don’t neglect it in a pursuit of consumer experiences.