Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Identity Beyond Employees:
How Customer Experience
Impacts Your IAM Practices
Eve Maler, Principal Analyst
May 28, 2014
Customer experience
is not monolithic
© 2014 Forrester Research, Inc. Reproduction Prohibited 3
Users are escaping captivity
Benefit
in
sharing
credentials
Degr...
© 2014 Forrester Research, Inc. Reproduction Prohibited 4
Users are escaping captivity
Benefit
in
sharing
credentials
Degr...
© 2014 Forrester Research, Inc. Reproduction Prohibited 5
Users are escaping captivity
Benefit
in
sharing
credentials
Degr...
© 2014 Forrester Research, Inc. Reproduction Prohibited 6
Users are escaping captivity
Benefit
in
sharing
credentials
Degr...
© 2014 Forrester Research, Inc. Reproduction Prohibited 7
Users are escaping captivity
Benefit
in
sharing
credentials
Degr...
© 2014 Forrester Research, Inc. Reproduction Prohibited 8
Users are escaping captivity
Benefit
in
sharing
credentials
Degr...
© 2014 Forrester Research, Inc. Reproduction Prohibited 9
But the Internet has become a bad
neighborhood
© 2014 Forrester Research, Inc. Reproduction Prohibited 10
We see the disproportionate targeting of
credentials in the dat...
© 2014 Forrester Research, Inc. Reproduction Prohibited 11
What do customers experience when
security goes bad?
› A few: m...
© 2014 Forrester Research, Inc. Reproduction Prohibited 12
What do customers experience when
security goes bad?
› A few: m...
© 2014 Forrester Research, Inc. Reproduction Prohibited 13
What do customers experience when
security goes bad?
› A few: m...
© 2014 Forrester Research, Inc. Reproduction Prohibited 14
What do customers experience on a
good day?
› Onerous account
r...
© 2014 Forrester Research, Inc. Reproduction Prohibited 15
When user self-service
fails…you pay
› In CSR costs
› In user e...
© 2013 Forrester Research, Inc. Reproduction Prohibited
Source: Google - The New Multi-screen World: Understanding Cross-p...
© 2014 Forrester Research, Inc. Reproduction Prohibited 17
“Mobile first” means IT security has less
room to maneuver than...
© 2014 Forrester Research, Inc. Reproduction Prohibited 18
“Mobile first” means IT security has less
room to maneuver than...
© 2014 Forrester Research, Inc. Reproduction Prohibited 19
“Mobile first” means IT security has less
room to maneuver than...
Responsive design for CIAM
enables security and experience
© 2012 Forrester Research, Inc. Reproduction Prohibited
Typical external users and IAM needs in
a franchise-type business
...
© 2012 Forrester Research, Inc. Reproduction Prohibited
• Optional• Optional• Optional
Possible segmentation of identity
s...
© 2014 Forrester Research, Inc. Reproduction Prohibited 23
Ways CIAM is unique
› CX can have a direct impact on the top li...
© 2014 Forrester Research, Inc. Reproduction Prohibited 24
Source: May 22, 2014 “Introducing Forrester's Customer IAM Secu...
© 2014 Forrester Research, Inc. Reproduction Prohibited 25
Source: May 22, 2014 “Introducing Forrester's Customer IAM Secu...
© 2014 Forrester Research, Inc. Reproduction Prohibited 26
Security best practices that are
usability-friendly: leveraging...
© 2014 Forrester Research, Inc. Reproduction Prohibited 27
Usability Deployability Security
Memorywise-
Effortless
Accessi...
© 2014 Forrester Research, Inc. Reproduction Prohibited 28
Usability Deployability Security
Memorywise-
Effortless
Accessi...
© 2014 Forrester Research, Inc. Reproduction Prohibited 29
Security best practices that are
usability-friendly: leveraging...
© 2014 Forrester Research, Inc. Reproduction Prohibited 30
Security best practices that are
usability-friendly: leveraging...
© 2014 Forrester Research, Inc. Reproduction Prohibited 31
31
Usability best practices
that cost nothing to remember:
clar...
© 2014 Forrester Research, Inc. Reproduction Prohibited 32
© 2014 Forrester Research, Inc. Reproduction Prohibited 33
© 2014 Forrester Research, Inc. Reproduction Prohibited 34
© 2014 Forrester Research, Inc. Reproduction Prohibited 35
35
Usability best practices
that cost nothing to remember:
feed...
Sew together experiences
that maximize success
© 2013 Forrester Research, Inc. Reproduction Prohibited
People use multiple touchpoints at once
Source: Google - The New M...
© 2014 Forrester Research, Inc. Reproduction Prohibited 38
So, prepare for channel-jumping
› Unify back-end records so tha...
© 2014 Forrester Research, Inc. Reproduction Prohibited 39
So, prepare for channel-jumping
› Unify back-end records so tha...
© 2014 Forrester Research, Inc. Reproduction Prohibited 40
So, prepare for channel-jumping
› Unify back-end records so tha...
© 2014 Forrester Research, Inc. Reproduction Prohibited 41
IT and the business are expected to work
hand in hand
© 2014 Forrester Research, Inc. Reproduction Prohibited 42
So, negotiate!
› Hammer out agreement on formal levels of risk
...
© 2014 Forrester Research, Inc. Reproduction Prohibited 43
Source: May 22, 2014 “Forrester's Customer IAM Security Maturit...
Thank you
Eve Maler
+1 425.345.6756
emaler@forrester.com
@xmlgrrl
THE IDENTITY INDUSTRY IS EXPLODING
TODAY
NEW PARADIGM IN SECURITY
 Single-point access to applications
within the firewall
– Proprietary
– On-premise
– Web only
–...
THE CONNECTED CUSTOMER
Single
Channel
Multichannel
Multiple
Identities
Omnichannel
Customers
experience a
single type of
t...
EMERGING IDENTITY LAYER
Simplify
access
Manage
identities
Single
customer
view
Connect
apps
Scale and
grow
OPEN ACCESS
IDENTITY WEAKNESSES EXPLOITED
~110M
accounts
jeopardized
~5M
usernames &
phone numbers
stolen
~7M
passwords
stolen
~250K
p...
 Secures Access to
Any App, on Any
Device from Any
Location
 Enterprise Grade
 Flexible Hybrid
Deployment
 Committed t...
SINGLE CUSTOMER VIEW
TODAY’S IDENTITY PROTOCOL
LANDSCAPE
SAML
LDAP
X.509
MODERN IDENTITY PROTOCOL STACK
OAuth 2.0
MODERN IDENTITY PROTOCOL STACK
OpenID Connect SCIM
OAuth 2.0
Security for APIs
APIs FOR IDENTITY
OpenID Connect SCIM
Security for APIs
User Authentication API User Management API
APIs FOR IDENTITY
Security for APIs
User Authentication API User Management API
APIs FOR IDENTITY
(Not identity-enabled APIs)
FUNDAMENTAL TENETS TO SCALE
• No more passwords
• Automate as much as possible
– Eliminate IT Administrative overhead
– Ap...
IMPACT EXPERIENCEAND REVENUE
Confidential — do not distribute
Copyright © 2014 Ping Identity Corp. All rights reserved.
62...
Copyright © 2014 Ping Identity Corp. All rights reserved.
63
 Half of the Fortune 100
 4 of the 6 Largest US Banks
 8 o...
WHAT IS ACTIONABLE?
• Apps and devices need a modern identity
protocol stack
– Starts with OAuth 2.0, OpenID Connect and
S...
Thank You
Confidential — do not distribute
Copyright © 2014 Ping Identity Corp. All rights reserved.
65
Eve Maler
+1 425.3...
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Upcoming SlideShare
Loading in …5
×

Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices

2,135 views

Published on

Customer identity and access management (CIAM) is a high-priority imperative in the age of the customer. If your customers can’t register or log in for service, and can’t conduct transactions in an easily usable manner, it really doesn’t much matter how your website, mobile app, or phone channel is architected; they may move on to your competition.Learn how customer experience influences IAM and security and what actions you can take to meet both sets of goals.

Published in: Technology
  • Be the first to comment

Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices

  1. 1. Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices Eve Maler, Principal Analyst May 28, 2014
  2. 2. Customer experience is not monolithic
  3. 3. © 2014 Forrester Research, Inc. Reproduction Prohibited 3 Users are escaping captivity Benefit in sharing credentials Degree of freedom to walk away from relationship Baseline Greater benefit Large benefit None (captive) Some at cost A lot
  4. 4. © 2014 Forrester Research, Inc. Reproduction Prohibited 4 Users are escaping captivity Benefit in sharing credentials Degree of freedom to walk away from relationship Baseline Greater benefit Large benefit None (captive) Some at cost A lot Regular employee Contractor Privileged employee Employee of partner
  5. 5. © 2014 Forrester Research, Inc. Reproduction Prohibited 5 Users are escaping captivity Benefit in sharing credentials Degree of freedom to walk away from relationship Baseline Greater benefit Large benefit None (captive) Some at cost A lot Regular employee Contractor Nonpaying affiliate Paying affiliate Privileged employee Employee of partner
  6. 6. © 2014 Forrester Research, Inc. Reproduction Prohibited 6 Users are escaping captivity Benefit in sharing credentials Degree of freedom to walk away from relationship Baseline Greater benefit Large benefit None (captive) Some at cost A lot Regular employee Contractor Nonpaying affiliate Paying affiliate Bank customer Privileged employee Payout beneficiary Employee of partner
  7. 7. © 2014 Forrester Research, Inc. Reproduction Prohibited 7 Users are escaping captivity Benefit in sharing credentials Degree of freedom to walk away from relationship Baseline Greater benefit Large benefit None (captive) Some at cost A lot Regular employee Contractor Nonpaying affiliate Paying affiliate Bank customer Privileged employee Social network user Retail customer Payout beneficiary Employee of partner
  8. 8. © 2014 Forrester Research, Inc. Reproduction Prohibited 8 Users are escaping captivity Benefit in sharing credentials Degree of freedom to walk away from relationship Baseline Greater benefit Large benefit None (captive) Some at cost A lot Regular employee Contractor Nonpaying affiliate Paying affiliate Bank customer Privileged employee Social network user Retail customer Service- paying customer Payout beneficiary Employee of partner
  9. 9. © 2014 Forrester Research, Inc. Reproduction Prohibited 9 But the Internet has become a bad neighborhood
  10. 10. © 2014 Forrester Research, Inc. Reproduction Prohibited 10 We see the disproportionate targeting of credentials in the data Source: December 30, 2013, “Market Overview: Employee And Customer Authentication Solutions In 2013, Part 1 Of 2” Forrester report
  11. 11. © 2014 Forrester Research, Inc. Reproduction Prohibited 11 What do customers experience when security goes bad? › A few: major consequences such as identity theft
  12. 12. © 2014 Forrester Research, Inc. Reproduction Prohibited 12 What do customers experience when security goes bad? › A few: major consequences such as identity theft › Many: loss of trust in the brand
  13. 13. © 2014 Forrester Research, Inc. Reproduction Prohibited 13 What do customers experience when security goes bad? › A few: major consequences such as identity theft › Many: loss of trust in the brand › Everyone: an involuntary password reset flow
  14. 14. © 2014 Forrester Research, Inc. Reproduction Prohibited 14 What do customers experience on a good day? › Onerous account registration forms › Those @%@#$ password policies… › …that are both hard to choose and hard to remember… › …and usually aren’t even secure › Those @%@#$ security questions
  15. 15. © 2014 Forrester Research, Inc. Reproduction Prohibited 15 When user self-service fails…you pay › In CSR costs › In user experience friction
  16. 16. © 2013 Forrester Research, Inc. Reproduction Prohibited Source: Google - The New Multi-screen World: Understanding Cross-platform Consumer Behavior, August 2012 People cross devices to accomplish a single goal
  17. 17. © 2014 Forrester Research, Inc. Reproduction Prohibited 17 “Mobile first” means IT security has less room to maneuver than ever › Business owners want in- app registration and login.
  18. 18. © 2014 Forrester Research, Inc. Reproduction Prohibited 18 “Mobile first” means IT security has less room to maneuver than ever › Business owners want in- app registration and login. › Individuals demand user experiences with a clear purpose.
  19. 19. © 2014 Forrester Research, Inc. Reproduction Prohibited 19 “Mobile first” means IT security has less room to maneuver than ever › Business owners want in- app registration and login. › Individuals demand user experiences with a clear purpose. › Security task flows on mobile devices feel different.
  20. 20. Responsive design for CIAM enables security and experience
  21. 21. © 2012 Forrester Research, Inc. Reproduction Prohibited Typical external users and IAM needs in a franchise-type business 21 External Managed Unmanaged Sole Group • Retail customer • Requires self-registration • Can be inactivated • All partners • Must follow per-country regulations • May need high assurance • Multi-employee partner • Complex record structure • Needs delegated administration and entitlement management • Sole proprietor partner • Simple record structure
  22. 22. © 2012 Forrester Research, Inc. Reproduction Prohibited • Optional• Optional• Optional Possible segmentation of identity sources 22 Unified IAM framework RP interface IdP interface • Other partners IdP interface • Retail customers RP interface IdP interface IdP interface RP interface • Managed by cloud broker • Social IdPs • Employees • Some partners • Natively managed
  23. 23. © 2014 Forrester Research, Inc. Reproduction Prohibited 23 Ways CIAM is unique › CX can have a direct impact on the top line › Multiple customer-facing properties › Complete lack of mobile device security controls › Scale and volume, along several dimensions
  24. 24. © 2014 Forrester Research, Inc. Reproduction Prohibited 24 Source: May 22, 2014 “Introducing Forrester's Customer IAM Security Maturity Assessment Model” Forrester report What engagement channels are you providing? …and what is the importance of each?
  25. 25. © 2014 Forrester Research, Inc. Reproduction Prohibited 25 Source: May 22, 2014 “Introducing Forrester's Customer IAM Security Maturity Assessment Model” Forrester report What life cycle elements now become relevant? …and what authentication role does each channel serve at each moment?
  26. 26. © 2014 Forrester Research, Inc. Reproduction Prohibited 26 Security best practices that are usability-friendly: leveraging context User identification based on something they . . . Know. Have. Are. Do.
  27. 27. © 2014 Forrester Research, Inc. Reproduction Prohibited 27 Usability Deployability Security Memorywise- Effortless Accessible Resilient-to-Physical-Observation Scalable-for- Users Negligible-Cost-per- User Resilient-to-Targeted-Impersonation Nothing-to-Carry Server-Compatible Resilient-to-Throttled-Guessing Physically- Effortless Nothing-to-Provision- to-User Resilient-to-Unthrottled-Guessing Easy-to-Learn Mature Resilient-to-Internal-Observation Efficient-to-Use Multiple-Purposes Resilient-to-Leaks-from-Other-Verifiers Infrequent-Errors Available-Offline Resilient-to-Phishing Easy-Recovery- from-Loss Resilient-to-Theft No-Trusted-Third-Party Requiring-Explicit-Consent Unlinkable Risk-based techniques improve “UDS”
  28. 28. © 2014 Forrester Research, Inc. Reproduction Prohibited 28 Usability Deployability Security Memorywise- Effortless Accessible Resilient-to-Physical-Observation Scalable-for- Users Negligible-Cost-per- User Resilient-to-Targeted-Impersonation Nothing-to-Carry Server-Compatible Resilient-to-Throttled-Guessing Physically- Effortless Nothing-to-Provision- to-User Resilient-to-Unthrottled-Guessing Easy-to-Learn Mature Resilient-to-Internal-Observation Efficient-to-Use Multiple-Purposes Resilient-to-Leaks-from-Other-Verifiers Infrequent-Errors Available-Offline Resilient-to-Phishing Easy-Recovery- from-Loss Resilient-to-Theft No-Trusted-Third-Party Requiring-Explicit-Consent Unlinkable Risk-based techniques improve “UDS”
  29. 29. © 2014 Forrester Research, Inc. Reproduction Prohibited 29 Security best practices that are usability-friendly: leveraging mobile As a secondary channel ›True OOB authentication ›Contextual fairy dust with device identification and reputation
  30. 30. © 2014 Forrester Research, Inc. Reproduction Prohibited 30 Security best practices that are usability-friendly: leveraging mobile As a secondary channel ›True OOB authentication ›Contextual fairy dust with device identification and reputation As a primary channel ›In-app integration for seamless authentication ›Contextual fairy dust to strengthen the singular channel
  31. 31. © 2014 Forrester Research, Inc. Reproduction Prohibited 31 31 Usability best practices that cost nothing to remember: clarity and context sensitivity
  32. 32. © 2014 Forrester Research, Inc. Reproduction Prohibited 32
  33. 33. © 2014 Forrester Research, Inc. Reproduction Prohibited 33
  34. 34. © 2014 Forrester Research, Inc. Reproduction Prohibited 34
  35. 35. © 2014 Forrester Research, Inc. Reproduction Prohibited 35 35 Usability best practices that cost nothing to remember: feedback
  36. 36. Sew together experiences that maximize success
  37. 37. © 2013 Forrester Research, Inc. Reproduction Prohibited People use multiple touchpoints at once Source: Google - The New Multi-screen World: Understanding Cross-platform Consumer Behavior, August 2012
  38. 38. © 2014 Forrester Research, Inc. Reproduction Prohibited 38 So, prepare for channel-jumping › Unify back-end records so that the user experiences no latency in “what you know” about him
  39. 39. © 2014 Forrester Research, Inc. Reproduction Prohibited 39 So, prepare for channel-jumping › Unify back-end records so that the user experiences no latency in “what you know” about him › Leverage contextual cues to enable a channel to be “in-band” for primary tasks and “out-of-band” for authentication tasks
  40. 40. © 2014 Forrester Research, Inc. Reproduction Prohibited 40 So, prepare for channel-jumping › Unify back-end records so that the user experiences no latency in “what you know” about him › Leverage contextual cues to enable a channel to be “in-band” for primary tasks and “out-of-band” for authentication tasks › Match session length to the entirety of the risk: the nature of the transaction, channel, user…
  41. 41. © 2014 Forrester Research, Inc. Reproduction Prohibited 41 IT and the business are expected to work hand in hand
  42. 42. © 2014 Forrester Research, Inc. Reproduction Prohibited 42 So, negotiate! › Hammer out agreement on formal levels of risk › Map tasks and channels to them › Seek the highest security maturity scores for the most important tasks and channels
  43. 43. © 2014 Forrester Research, Inc. Reproduction Prohibited 43 Source: May 22, 2014 “Forrester's Customer IAM Security Maturity Assessment Model” Forrester tool So, negotiate! › Hammer out agreement on formal levels of risk › Map tasks and channels to them › Seek the highest security maturity scores for the most important tasks and channels Deregister device We allow users to deregister a device explicitly. Yes We authenticate users before allowing this task to proceed. Yes We keep track of devices that have been associated with a user. Yes We notify the customer in an email or SMS text message if a device has been deregistered. No A customer can have only a limited number (e.g., 10) of registered devices across all channels. No
  44. 44. Thank you Eve Maler +1 425.345.6756 emaler@forrester.com @xmlgrrl
  45. 45. THE IDENTITY INDUSTRY IS EXPLODING
  46. 46. TODAY
  47. 47. NEW PARADIGM IN SECURITY  Single-point access to applications within the firewall – Proprietary – On-premise – Web only – Single domain Legacy Security Model  Cloud, Social, Mobile & Data drive a new approach – Open standards – Hybrid, datacenter and cloud – Web, API and mobile – Federated by default Next-Gen Identity Model 76% of Network Intrusions Exploited Weak or Stolen Passwords (1) Traditional Identity Management not Working (1) Verizon Data Breach Investigations Report 2013
  48. 48. THE CONNECTED CUSTOMER Single Channel Multichannel Multiple Identities Omnichannel Customers experience a single type of touch-point Customers see multiple touch- points acting independently. Customers see multiple touch- points as part of the same brand. Customers experience a brand, not a channel within a brand. Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 49
  49. 49. EMERGING IDENTITY LAYER Simplify access Manage identities Single customer view Connect apps Scale and grow
  50. 50. OPEN ACCESS
  51. 51. IDENTITY WEAKNESSES EXPLOITED ~110M accounts jeopardized ~5M usernames & phone numbers stolen ~7M passwords stolen ~250K passwords stolen ~38M usernames & passwords stolen ~318K accounts hacked ~50M usernames & passwords stolen ~50M user accounts compromised  2013 was the most historic year for cyber attacks  Several prominent brands experienced high profile data breaches  Hundreds of millions of usernames, passwords and accounts were jeopardized  Stolen social media credentials fetch more than credit card numbers on cybercrime black markets
  52. 52.  Secures Access to Any App, on Any Device from Any Location  Enterprise Grade  Flexible Hybrid Deployment  Committed to Open Standards  Web, Mobile, and API  Committed to Open Standards  Web, Mobile, and API  Simple to Advanced Use-Case Support in a Single Platform CENTRALIZE CONTROL Ping Identity – Ushering in the New Era of Identity
  53. 53. SINGLE CUSTOMER VIEW
  54. 54. TODAY’S IDENTITY PROTOCOL LANDSCAPE SAML LDAP X.509
  55. 55. MODERN IDENTITY PROTOCOL STACK OAuth 2.0
  56. 56. MODERN IDENTITY PROTOCOL STACK OpenID Connect SCIM OAuth 2.0
  57. 57. Security for APIs APIs FOR IDENTITY OpenID Connect SCIM
  58. 58. Security for APIs User Authentication API User Management API APIs FOR IDENTITY
  59. 59. Security for APIs User Authentication API User Management API APIs FOR IDENTITY (Not identity-enabled APIs)
  60. 60. FUNDAMENTAL TENETS TO SCALE • No more passwords • Automate as much as possible – Eliminate IT Administrative overhead – Application registration is dynamic • Ease of use – Effortless self service – Developer-friendly – IT-friendly – User-friendly
  61. 61. IMPACT EXPERIENCEAND REVENUE Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 62 For a more detailed analysis on the Total Economic Impact of Ping solutions, please join us for a webinar on September 26 at 11am ET. https://www.pingidentity.com/about-us/event-detail.cfm?customel_datapageid_1455=71219 $12M $21M $45M Incremental revenue from faster time-to- market following M&A activity Incremental revenue from reduced application dropout rates Incremental revenue from white-labeled apps
  62. 62. Copyright © 2014 Ping Identity Corp. All rights reserved. 63  Half of the Fortune 100  4 of the 6 Largest US Banks  8 of the 10 Largest Biopharmas  3 of the 5 Largest Healthcare Plans CUSTOMER SUMMARY GLOBAL LEADERS & INNOVATORS 1,000+ global customers 98% customer satisfaction 93% customer retention SI, TECH & SAAS PARTNERS  Offices: Denver, Boston, Vancouver, London, San Francisco, Halifax, Tel Aviv, Tokyo  Employees: 350  Founded: 2002 COMPANY BACKGROUND STANDARDS BODY PARTICIPATION THE IDENTITY SECURITY COMPANY
  63. 63. WHAT IS ACTIONABLE? • Apps and devices need a modern identity protocol stack – Starts with OAuth 2.0, OpenID Connect and SCIM • No more passwords – Federated access by default • Ease of use means automate everything – Or enable self-service as a backup
  64. 64. Thank You Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 65 Eve Maler +1 425.345.6756 emaler@forrester.com @xmlgrrl Jeff Nolan +1 650.430.3947 jnolan@pingidentity.com @jeffnolan

×