Digital innovation being demanded by every business unit is transforming IT’s role to that of the main driver of new growth initiatives, prompting a shift in perspective and strategy for CIOs that begins with a well-planned and executed approach to managing customer identities. While legacy IAM might seem like a natural starting point for meeting this challenge, customer identity and access management (CIAM) has significantly different requirements and outcomes when compared to employee-facing IAM.
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
1. Don’t Let Your Corporate Strategy
Be Hostage to Your IT Strategy
2. 1
In Gartner’s recent report, “Top 10 Strategic Predictions for 2015 and Beyond:
Digital Business is Driving Big Change,”1
there are some startling strategic
planning assumptions. Among them:
Gartner also recently stated that “Every Budget Is an IT Budget,”2
noting that
“IT is now ubiquitous.” We see digital innovation being demanded by every
business unit in order to capitalize on an increasingly mobile customer base
that expects dynamic and personalized experiences across an expanding
range of touchpoints.
This reality is transforming IT’s role to that of the main driver of new growth
initiatives, prompting a shift in perspective and strategy for CIOs that begins
with a well-planned and executed approach to managing customer identities.
While legacy IAM might seem like a natural starting point for meeting this chal-
lenge, customer identity and access management (CIAM) has significantly dif-
ferent requirements and outcomes when compared to employee-facing IAM.
“By 2018, 50% of IT/IAM programs will be responsible for both enterprise
and consumer-facing IAM infrastructure, up from less than 20% today.”3
“By 2017, U.S. custom-
ers’ mobile engage-
ment behavior will
drive mobile commerce
revenue in the U.S. to
50% of U.S. digital com-
merce revenue.”
“By 2017, 70% of suc-
cessful digital business
models will rely on
deliberately unstable
processes designed
to shift as customers’
needs shift.”
“By 2017, 50% of
consumer product
investments will
be redirected to
customer experience
innovations.”
1 Gartner, Top 10 Strategic Predictions for 2015 and Beyond: Digital Business Is Driving ‘Big
Change’, Gartner Foundational November 2015, Daryl C. Plummer, et al.
2 Gartner, Every Budget Is an IT Budget, Gartner Foundational November 2015, Michael Smith
3 Gartner, Finding the Right Consumer IAM Products, 8 April, 2015, Kreizman, Gaehtgens, Iverson
3. 2
So, what are the big challenges when
managing customer identities?
User
Experience
Legacy IAM systems are designed primarily around security for good reason, but to
create the personalized and engaging user experiences today’s customers demand, you
must not only store customer information in a centralized and secure manner, but also
ensure that this data is available for use in real-time by every business unit.
Scale
For the largest enterprises, employee, partner and vendor identities are measured in
hundreds of thousands, but customer identities are measured in hundreds of millions. To
deliver a user experience that keeps your brand competitive there must be no compro-
mise in performance at any time for any layer in your stack, regardless of the volume, vari-
ety or velocity of incoming data streams.
Data
Structure
The vast majority of customer-generated information is unstructured, and doesn’t play
well with traditional hierarchical databases and directories. To optimize your omni-channel
marketing, sales and service initiatives, you must be capable of making a wide variety of
customer data from many sources actionable for your business.
Integrations
Authentication integrations with business applications like Google and Workday often
provided by IAM systems are entirely different from those needed to support custom-
er-facing interactions and activities. Providing unified and relevant user experiences
requires direct data synchronization between marketing, service and sales applications
and a centralized identity repository. If you’re building out your own solution or piecing
one together from other third-party services, each technology that you adopt for business
initiatives means custom coding and expensive connectors. Besides exorbitant develop-
ment costs, this process can also significantly slow your time to market.
Security
Web and mobile APIs have become the backbone of digital business. This is a reality that
legacy IAM still grapples with when trying to manage consumer data, since it was primarily
designed for employee and vendor access. To deliver an impactful customer experience
while remaining highly secure, authentication and authorization standards like SAML and
OAuth should be used to secure high volume API transactions, on both client and server
sides. PII should be encrypted at rest, in use and in motion, passwords should be hashed
and risk-based, two-factor authentication should be in place for end-users. Finally, strong
rules and permissions-based access control and audit logging are vital to ensuring that your
IT organization maintains granular administrative control of your system.
Compliance
Privacy compliance isn’t typically a factor for traditional, employee-facing IAM, since the
business owns all the data being managed. However, to integrate social network login—
crucial for maintaining a competitive edge in today’s digital marketplace—you must stay
compliant with ever-changing third-party privacy policies. You also need to maintain com-
pliance with regional policies and regulations, which vary widely from country to country.
Manually managing these tasks eats up significant IT bandwidth.
4. 3
The “Homegrown” Approach
Build something yourself to consolidate disparate data silos.
This approach is usually chosen to maximize security and control, but can
severely limit the scope of the resulting system and comes with a number of
pitfalls that grow over time. Considerable resources are required to retrofit
legacy identity management systems to manage customer data, and then
connect the business enablement technologies needed to monetize it. The
end-result is often an inflexible system with limited capabilities that is difficult
and expensive to maintain.
Also, this approach may leave companies beholden to the system’s original,
in-house developers, who perhaps have relatively little knowledge of CIAM
principles, likely never created proper documentation, and may take their
knowledge with them when they leave the organization. Integrating new
technologies with a homegrown system requires additional custom coding
and pricy connectors, with the burden of ongoing maintenance and compli-
ance resting solely on the IT organization, creating continuous cost and risk.
The “Frankenstein” Approach
Stitch together existing IAM systems.
In this approach, companies may leverage an existing enterprise data ware-
house (EDW) or CRM system’s IAM capabilities to unify their data, or deploy
an off-the-shelf IAM solution to do the job. This may offer a significant reduc-
tion in labor costs, and will often result in a better-performing system than the
homegrown approach. However, high service-to-license ratios mean savings
on labor are more than offset by perpetual product license and maintenance
fee structures that are designed for a relatively small numbers of users, rather
than the millions of users in customer identity use cases.
If most or all of a system is comprised of on-premises as opposed to SaaS
solutions, then upgrades must occur manually, at considerable expense. Also
affecting cost of ownership is the fact that custom connectors will be required
to add new technologies to support line of business initiatives.
We have seen companies approach
these challenges in three different ways:
5. 4
The “Buy It, Don’t Build It” Approach
Implement a specialized, cloud-based system that is built to manage
customer identities.
Increasingly, businesses adapting to the digital marketplace are opting to
hand off CIAM functionality to a provider who specializes in managing the
customer identity use case. Best-of-breed cloud CIAM platforms are built with
a focus on user experience, scalability, flexible implementation and API-based
security. These solutions consistently deliver the best bang-for-the-buck CIAM
outcomes, with drastically reduced labor, licensing and maintenance costs.
A specialized CIAM platform can get you to market in a fraction of the time
of custom deployments and offers superior flexibility for adjusting to new
market trends and technologies, allowing you to offload maintenance as well
as compliance and security risks.
The bottom line: what you pay and
what you get
When adding up the costs of building and maintaining a custom CIAM solution,
going with a specialized provider starts to make a lot of sense. Here’s a simple
example of how these two approaches stack up for total cost of ownership.
6. 5
CIAM is much less expensive to implement for large-scale systems than DIY
solutions, with a streamlined implementation that gets you to market in a
fraction of the time. Add the factor of outcome—a better performing, more
scalable, flexible and secure system—and it’s easy to see why enterprises
are turning to specialized CIAM providers to manage consumer identities
and drive superior customer experiences.