Successfully reported this slideshow.

White Paper: Internal vs. External Identity Access Management


Published on

Customer identity and access management (CIAM)

Published in: Technology
  • Be the first to comment

White Paper: Internal vs. External Identity Access Management

  1. 1. Brought to you by INTERNAL VS. EXTERNAL IAM: Strategies to Develop an End-to-End Customer Data Management Framework
  2. 2. GIGYA.COM | 2 Long ago, companies recognized the importance of effectively managing employee identities, data and permissions to help streamline company processes and protect valuable business assets. Over the past 5-10 years, the rise of ecommerce, social networks, mobile and connected devices has created the need for businesses to develop an external identity access management (IAM) strategy to keep up with the flood of identity data being created as consumers connect across channels. 54 percent of companies have difficulty managing and integrating data from today’s many varied sources, while 50 percent are concerned about consistent data quality (DestinationCRM). The Rise of External IAM
  3. 3. GIGYA.COM | IAM vs CIAM Unprepared for and unfamiliar with the challenges of external identity management, many businesses have attempted to scale internal IAM solutions for external identity management purposes. But successfully capturing, protecting and leveraging customer identity data requires a whole new set of tools and technologies built for the customer identity access management (CIAM) era. We’ve broken down the key differences between traditional IAM and cIAM and the steps you can take to optimize your external strategy into 3 buckets: Scalability & Security Data Collection & Aggregation Privacy & Compliance 3
  5. 5. GIGYA.COM | 100 x 100,000 5 BOTTOM LINE: External IAM software must be highly scalable with the ability to effectively store and manage millions of consumer identities at once. The #1 reason why businesses attempting to leverage internal IAM solutions for external purposes fail is simple: sheer scale. While companies typically manage tens, hundreds, or at most thousands of employee identities, the number of customer identities can range well into the billions.
  6. 6. GIGYA.COM | 6 When it comes to employee identity and data created within internal applications, ownership indisputably belongs to the business. However, customer identities created across sites and applications ultimately belong to consumers. But while brands must gain permission to capture and collect consumer identity data, once a customer is on a business’ property and her information is stored in its database, that business is responsible for protecting her. This gives way to a whole other management issue: security. Account Ownership
  7. 7. GIGYA.COM | 7 11% of US adults admit to having abandoned an online purchase because the site asked for too much information (Forrester). Protecting identity from an internal standpoint is somewhat straightforward, as your business has the power to enforce certain protocol to help safeguard business and employee information. But customers are consistently creating new identities and reusing usernames and passwords across millions of unknown properties. While requiring users to fill in CAPTCHA, select 3 security questions and verify the last 4 digits of their social security numbers is one way to help guarantee security on your site, it’s certainly not the most practical. Usability vs. Security Businesses must put the proper framework in place to provide customers with a positive, seamless user experience, while still maintaining security standards from both a data collection and storage perspective.
  8. 8. GIGYA.COM | 8 On average, Gigya Social Login clients increase registration conversion rates by 32.3%, with clients like Forbes gaining as much as a 90% increase. Implementing social login across your web properties is one strategy for bridging the gap between usability and security. Social login gives consumers the ability to verify their identities with the click of a button using their existing social media accounts, increasing registration conversion rates by as much as 90%. Social Login as a Solution Social login also shifts the burden of identity protection, data security and sign- in support to major networks like Facebook and Google. These social identity providers boast state-of-the-art security systems with features like multi-factor authentication, remote logout and unauthorized activity detection.
  9. 9. GIGYA.COM | 9 To improve company security and employee convenience, many businesses leverage single sign-on (SSO), which allows employees to move seamlessly across internal applications by tying all activity to a single, known username and password. As web-based services and applications multiply, SSO is gaining momentum across customer-facing properties as well. Internal federation is typically delivered as an on-premise solution for internal enterprise applications using SAML standard. In contrast, external IAM solutions must bundle together internal and external applications and properties, which often requires a variation of SSO standards including OAuth, OpenID and SAML. When it comes to CIAM, it’s important to adopt software that gives you the flexibility to choose the SSO standard that meets your business’ user experience and security needs. Federating Identity
  11. 11. GIGYA.COM | 11 As a general rule, company and employee data is treated as a liability, with internal IAM solutions primarily seeking to secure this information. While external identity must also be protected, consumer data has quickly become every business’ biggest asset - and there is a LOT of it. Over 2.5 exabytes of data are created every single day (HBR), and more than 90% of this “big data” is unstructured (BusinessInsider). Identity Data = Pure Gold TODAY’S DATA GOLDMINE
  12. 12. GIGYA.COM | 12 Internal data is traditionally structured and controlled, with your business defining the necessary fixed fields and models. But with such a huge volume of data and number of sources, capturing and storing external, unstructured data in an accurate and organized manner can be a nightmare. What happens when a new social network arrives on the scene? Or customers begin sharing new types of content? Unstructured data sources and points like these require major database updates that cost your business serious development time and resources. Big Data, Bigger Challenge WHERE DOES BIG DATA COME FROM? (IBM)
  13. 13. GIGYA.COM | 13 Businesses cite the inability to automate structured and unstructured data quickly and effectively among their biggest challenges, with 60% noting that big data projects typically take at least 18 months to complete (Kapow Software). CIAM calls for a dynamic database with the ability to effectively normalize data from disparate sources in real-time. This database must have the power to reconcile both structured and unstructured data without the need to preconfigure database fields. Data Normalization
  14. 14. GIGYA.COM | 14 With data pouring in across digital, mobile and social channels, it can often get caught in disparate silos across the organization. This, of course, results in a completely disjointed and disorganized view of your customer base and individual consumer identities. A recent Aberdeen study found that 4 in 10 companies say that data remains “siloed” and inaccessible for analysis. Ultimately, less than ¼ of the information that companies control is even available for extracting insights (WSJ). Data Here, There, and Everywhere
  15. 15. GIGYA.COM | 15 While capturing customer identity via solutions like social login is the first step to unifying individual customer actions and behaviors across channels, this data is virtually useless if it is not aggregated into a single repository of truth. Ensure that your master database has the ability to directly integrate and bidirectionally synch with existing business systems and third-party marketing platforms. This means selecting a solution equipped to handle and automatically index any type of data thrown your way, including social, transactional, behavioral, and much more. Break Down Data Silos
  16. 16. GIGYA.COM | 16 Establishing a “single repository of truth” is the foundation of an effective CIAM strategy. Of equal importance is ensuring that this repository is structured in a way that empowers business leaders across the organization to take action on the goldmine of data housed inside. Data In, Data Out 93% of executives believe their organization is losing an average of 14% of annual revenue without the ability to act on the customer data they collect (Oracle).
  17. 17. GIGYA.COM | 17 Improve business agility with a database that seamlessly connects to a corresponding web-based dashboard, and gives business leaders an actionable view of end-user data based on roles and permissions. This allows non-technical decision makers to run complex queries based on any number of indexed attributes, build custom audience segments with no code required, and save and export key reports. By providing those on the frontlines of your business with the ability to extract and harness the economic value of customer identity, you save valuable IT time and resources while improving the timeliness and efficacy of business-wide operations. Turning Data into Action
  19. 19. GIGYA.COM | Privacy, Please While internal data privacy is managed centrally and based primarily on policies put into place by the business itself, external data privacy is much messier. When it comes to managing customer identities and data, your business must adhere to the privacy policies created by countless lawmakers and third-party identity providers. This list of regulations is exhaustive and constantly evolving, with current policies including: Electronic Communications Policy Act European Union Directive Fair Credit Reporting Act Federal Trade Commission Act Payment Card Industry Data Security Standard 19
  20. 20. GIGYA.COM | Keeping Up with Compliance Gartner predicts that by the end of 2015, 50% of new retail customer identities will be based on consumers’ social network profiles, compared to just 5% in 2013. Social login is quickly becoming the preferred method of authentication for customers, which means a big challenge for IT execs trying to keep up with ever- changing social network data privacy policies. As you begin to incorporate registration systems and social login across your external facing sites and apps, make sure that you choose a provider that can take on the burden of managing these privacy updates. Look for solutions that provide automatic, real-time API updates to reflect policy and account changes, such as auto- deletion of non-basic account information when application permissions are revoked. 20
  21. 21. GIGYA.COM | 21 As we mentioned earlier, CIAM also raises the issue of data ownership. Internal identities are created by the business, and when an employee creates data during work hours, on a business-owned device or within a company application, this data belongs to that business. However, as a customer moves across the Internet on an owned device leveraging services and applications for personal use, this data belongs to her, and any business looking to access said data should do so in a transparent and permission-based manner. Data Ownership DID YOU KNOW? 71% of consumers state that they are very concerned about online companies selling or sharing information about them without their permission (Consumer Reports).
  22. 22. GIGYA.COM | 22 Be sure that your business’ data collection process is completely transparent. No matter the method you choose, let customers know upfront that you are looking to access their identities and specific data points. The Power of Permission Provide your customers the option to authorize or opt-out of these requests, and give them the power to view and update privacy settings at any time via straightforward user management controls. Building your CIAM process on transparent data collection practices ensures that your business is upholding the highest standards of data governance and leveraging only the highest quality data.
  23. 23. ABOUT GIGYA Gigya's Customer Identity Management Platform helps companies build better customer relationships by turning unknown visitors into known, loyal and engaged customers. With Gigya’s technology, businesses increase registrations and identify customers across devices, consolidate data into rich customer profiles, and provide better service, products and experiences by integrating data into marketing and service applications. Gigya's platform was designed from the ground up for social identities, mobile devices, consumer privacy and modern marketing. Gigya provides developers with the APIs they need to easily build and maintain secure and scalable registration, authentication, profile management, data analytics and third-party integrations. More than 700 of the world’s leading businesses such as Fox, Forbes, and Verizon rely on Gigya to build identity-driven relationships and to provide scalable, secure Customer Identity Management. For more details about Gigya, visit © 2014 Gigya Incorporated. All rights reserved. Gigya, the Gigya logo, and Customer Identity Management Platform are either registered trademarks or trademarks of Gigya Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners. Gigya does not own any end user data or maintain any other rights to this data, other than utilizing it to make Gigya's services available to our clients and their end users. Gigya acts as an agent or back-end vendor of its client's website or mobile application, to which the end user of our client granted permissions (if applicable). Gigya facilitates the collection, transfer and storage of end user data solely on behalf of its clients and at its clients' direction. For more information, please see Gigya's Privacy Policy, available at To learn how Gigya can help provide you with the tools and technology needed to develop a successful CIAM strategy, visit or call us at 888.660.1469.