Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)

2,877 views

Published on

Enterprise identity management has been primarily focused on serving the correct access to employees and contractors.

But as the industry has been perfecting how to serve employees, consumer identity has presented itself as a growth opportunity for businesses and identity professionals alike.

Unfortunately, the industry has tried to apply employee-centric techniques for consumer and citizen identity scenarios.

In this talk Ian highlight the difference between employee- and customer-centric identity, propose techniques that identity professionals need to employ to delight customers, and promises not to kill off any standards or industries.

Ian Glazer, Senior Director for Identity, Salesforce

Published in: Technology
  • Be the first to comment

Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)

  1. 1. Stop Treating Your Customers Like Your Employees Ian Glazer Senior Director, Identity iglazer@salesforce.com @iglazer
  2. 2. “Please continue to hold. Your call is very important to us and it will be answered in the order it was received.”
  3. 3. Work?
  4. 4. Home?
  5. 5. “Your usage of this service constitutes consent to our Terms of Service. If you have any questions please consult our Acceptable Use Policy.”
  6. 6. Work?
  7. 7. Home?
  8. 8. Disappointing, but not surprising
  9. 9. A Little History
  10. 10. Identity for Employees
  11. 11. Many years of common practices and patterns
  12. 12. Right Access
  13. 13. Right Access Right People
  14. 14. Right Access Right People Right Place
  15. 15. Right Access Right People Right Place Right Time
  16. 16. Identity for Customers
  17. 17. Great Innovation
  18. 18. Lacking Common Practices & Patterns
  19. 19. Right Experience XP
  20. 20. Right PeopleRight Experience XP
  21. 21. Right People Right PlaceRight Experience XP
  22. 22. Right TimeRight People Right PlaceRight Experience XP
  23. 23. Deliver the right experience
  24. 24. New Stakeholders
  25. 25. Sales Marketing Alumni Affairs Community Dev.
  26. 26. But without common practices and patterns…
  27. 27. “Please continue to hold…”
  28. 28. Disappointing, but not surprising
  29. 29. The Opportunity Before Us
  30. 30. External Identity Customer Identity Consumer Identity
  31. 31. Growth opportunity for the business
  32. 32. Growth opportunity for identity professionals
  33. 33. The opportunity to delight
  34. 34. Complete Picture for a Richer Relationship
  35. 35. Complete Picture for a Richer Relationship Delighted Customers
  36. 36. Customer Identity is IAM’s “Killer App”
  37. 37. You can’t get to the boardroom by selling user provisioning
  38. 38. Customer Identity is our chance to be business enablers
  39. 39. We are not here
  40. 40. What is customer identity management?
  41. 41. Identity World View Identity is at the core of every interaction Connected Customers Connected Employees Connected Partners Connected Products User Name Password Login
  42. 42. Business World View Customer is at the core of every interaction Delighted Customers Connected Employees Connected Partners Connected Products User Name Password Login
  43. 43. Customer identity makes interactions possible
  44. 44. X-Channel X-Business Function X-Organization
  45. 45. Cross-Channel YOUR CONTENT HERE Just change the background layer (right-click > arrange) Don’t have an account? Forgot your password? Mobile Web API
  46. 46. Cross-Channel Brick & Mortar Sales Social Listening Call Center
  47. 47. Cross Business Function Delighted Customers Sales Service MarketingProduct
  48. 48. Cross Organization
  49. 49. X-Channel X-Business Function X-Organization
  50. 50. How is customer identity different from employee identity?
  51. 51. Different Ends of the Spectrum
  52. 52. IAM Techniques
  53. 53. IAM Techniques Employee- Centric IAM • Traditional • Organization is owner & authority • Lots of User Provisioning • Web Access Management plus some federation
  54. 54. IAM Techniques Employee- Centric IAM • Traditional • Organization is owner & authority • Lots of User Provisioning • Web Access Management plus some federation Customer- Centric IAM • Modern • Individual is owner; no single authority • Profile Management • Federation and social sign-on
  55. 55. Employee-Centric Technologies Customer-centric System of Record Attribute Management and Propagation Islands of Identity Single Sign-On Mobile Device Management Consent
  56. 56. Employee-Centric Technologies Customer-centric HR(s) System of Record User Provisioning Directory Synchronization Pushing Attributes Attribute Management and Propagation Most legacy systems Reducing to Active Directory Islands of Identity Proprietary WAM for legacy Federation for newer apps & SaaS Single Sign-On Common Mobile Device Management Implied in employer/employee relationship Consent
  57. 57. Employee-Centric Technologies Customer-centric HR(s) System of Record Internal: CRM and LOB databases External: Social Providers, Banks, Universities, Governments, etc User Provisioning Directory Synchronization Pushing Attributes Attribute Management and propagation Profile Management Lookup at time of use and JIT Pulling attributes Most legacy systems Reducing to Active Directory Islands of Identity Legacy systems but federation- ready apps increasing Proprietary WAM for legacy Federation for newer apps & SaaS Single Sign-On Standards-based federation Some proprietary social providers Common Mobile Device Management Uncommon, if not forbidden Implied in employer/employee relationship Consent Must be gathered and adhered to consistently
  58. 58. Different Lifecycles
  59. 59. Join Move Leave Traditional IAM Lifecycle
  60. 60. Relationship Value Progression
  61. 61. Anonymous Pseudonymous Known Higher ValueLower Value
  62. 62. Anonymous Join Pseudonymous Move Known Move
  63. 63. Access Path Progression
  64. 64. Web Mobile Thing Developer
  65. 65. Web Join Mobile Join/Move Thing Move Developer Move
  66. 66. Join. Move. Leave?
  67. 67. Long Relationships = Privacy Implications
  68. 68. HR used to provide the privacy coverage Identity need Internal-facing identity system are rarely subject to Privacy Impact Assessment Customer identity requires: • Data retention and protection • Persistence and respect of privacy preferences • Attribute release consent management Previously ignored privacy challenges
  69. 69. Different Techiques Different Lifecycles
  70. 70. Customer identity is larger than employee identity
  71. 71. Customer Identity Components IAM Components
  72. 72. Customer Identity Components Federation User Profile Mgt Assurance Proofing
  73. 73. Customer Identity Components IAM Components IAM-like Components Non-IAM Components
  74. 74. Broker social login to content portals and other 3rd party properties Ability add and protect attributes passed to other platforms Ability to pass entitlements OpenID Connect unlocks many doors • But there’s plenty of proprietary too Security Token Services • SAML • OAuth 2.0 • OpenID Connect • Proprietary Federation Social Provider Connectivity Protocol Brokering Federation
  75. 75. • Automated – via a social provider or directory service • Manual – Self-service sign-up • Consistent branding control throughout Self-service control over: • Social providers can be used • Apps can access data • Attributes can be used • Marketing preferences • Manual - Mechanisms to ask the user for a little more data • Automated – data verification and record enhancement Registration Services Profile Management Profile Enhancement User Profile Management
  76. 76. Techniques to raise identity assurance 2nd Factors: • Can work but user experience suffers • Adaptive access control must play a roll here • Ideally this is recognition’s territory Plugins for different proofing providers • Often based on geography Two modes: • Asynchronous for offline proofing • Synchronous for user quizzes • But mind the user experience Integration with internal proofing sources Assurance and Proofing Identity Assurance Identity Proofing
  77. 77. Service providers have to be better neighbors Follow Finance model of FS-ISAC Teams to help people get their accounts back Part of expected customer service Attribute release consent from the social provider isn’t sufficient Service Provider should provide generic consent management layer Shared Signals Account Take-Over Response Consent Management IAM-like components Not core traditional IAM services
  78. 78. Meaningful integration designed to create 360° view of the customer • Sales • Service • Marketing • eCommerce • Content Management Conversion rates Segmentation Usage via Channel Behavior analysis to fuel marketing, service, sales, and recognition Encryption and Tokenization “Who access what data and what were the values at that time?” • Think DAM for customer data Integration Analytics Information Protection Non-IAM Components Peer services
  79. 79. More than just IAM components
  80. 80. How is customer identity different from enterprise identity?
  81. 81. Technologies needed are different
  82. 82. Customer Identity Components IAM Components IAM-like Components Non-IAM Components
  83. 83. Lifecycles are different
  84. 84. Anonymous Pseudonymous Known Web Mobile Thing Developer Join Move / Change Leave
  85. 85. Techniques are different
  86. 86. IAM Techniques Employee- Centric IAM • Traditional • Organization is owner & authority • Lots of User Provisioning • Web Access Management plus some federation Customer- Centric IAM • Modern • Individual is owner; no single authority • Profile Management • Federation and social sign-on
  87. 87. Privacy expectations are different
  88. 88. Goals are different
  89. 89. Right Access Right People Right Place Right Time Employee-centric IAM Goals
  90. 90. Right Experience Right People Right Place Right Time XP Customer-centric IAM Goals
  91. 91. Stakeholders are different
  92. 92. We are not here
  93. 93. Sales Marketing Alumni Affairs Community Dev.
  94. 94. The opportunities are greater
  95. 95. The opportunity to delight
  96. 96. Stop using Employee-Centric IAM for your customers
  97. 97. Stop treating your customers like employees
  98. 98. Start delighting them
  99. 99. “Your time is important to me. Continue to enjoy the conference & thanks for your attention.”
  100. 100. Thank you

×