Advertisement
Check these out next
Stop treating your customers like your employees
May. 28, 2015•0 likes•2,143 views
0 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Technology
Lacking common practices and patterns, identity professionals have applied tried-and-true enterprise-centric techniques to their customer-centric use cases. This is a mistake. Customer Identity is significantly different from Employee Identity. This talk walks through some of those difference.
Ian GlazerFollow
Chair, ID Pro Discussion Group at Kantara InitiativeAdvertisement
Advertisement
Advertisement
Recommended
No Person is an Island: How Relationships Make Things BetterIan Glazer
Spreadsheets to CRM - GrahamDean Graham
Building an Online Marketing FoundationGabrielle Branch
Does Google Love Your Business? Deluxe Corporation
SEO for Beginners Feb 2020 - Bristol MediaJon Payne
Self-Service: The Golden Ticket for a Personalized Customer ExperienceDesk
Stop treating your customers like your employees
- Stop Treating Your Customers Like Your Employees Ian Glazer Senior Director, Identity iglazer@salesforce.com @iglazer
- “Please continue to hold. Your call is very important to us and it will be answered in the order it was received.”
- Work?
- Home?
- “Your usage of this service constitutes consent to our Terms of Service. If you have any questions please consult our Acceptable Use Policy.”
- Work?
- Home?
- Disappointing, but not surprising
- A Little History
- Identity for Employees
- Many years of common practices and patterns
- Right Access
- Right Access Right People
- Right Access Right People Right Place
- Right Access Right People Right Place Right Time
- Identity for Customers
- Great Innovation
- Lacking Common Practices & Patterns
- Right Experience XP
- Right PeopleRight Experience XP
- Right People Right PlaceRight Experience XP
- Right TimeRight People Right PlaceRight Experience XP
- Deliver the right experience
- New Stakeholders
- Sales Marketing Alumni Affairs Community Dev.
- But without common practices and patterns…
- “Please continue to hold…”
- Disappointing, but not surprising
- The Opportunity Before Us
- External Identity Customer Identity Consumer Identity
- Growth opportunity for the business
- Growth opportunity for identity professionals
- The opportunity to delight
- Complete Picture for a Richer Relationship
- Complete Picture for a Richer Relationship Delighted Customers
- Customer Identity is IAM’s “Killer App”
- You can’t get to the boardroom by selling user provisioning
- Customer Identity is our chance to be business enablers
- We are not here
- What is customer identity management?
- Identity World View Identity is at the core of every interaction Connected Customers Connected Employees Connected Partners Connected Products User Name Password Login
- Business World View Customer is at the core of every interaction Delighted Customers Connected Employees Connected Partners Connected Products User Name Password Login
- Customer identity makes interactions possible
- X-Channel X-Business Function X-Organization
- Cross-Channel YOUR CONTENT HERE Just change the background layer (right-click > arrange) Don’t have an account? Forgot your password? Mobile Web API
- Cross-Channel Brick & Mortar Sales Social Listening Call Center
- Cross Business Function Delighted Customers Sales Service MarketingProduct
- Cross Organization
- X-Channel X-Business Function X-Organization
- How is customer identity different from employee identity?
- Different Ends of the Spectrum
- IAM Techniques
- IAM Techniques Employee- Centric IAM • Traditional • Organization is owner & authority • Lots of User Provisioning • Web Access Management plus some federation
- IAM Techniques Employee- Centric IAM • Traditional • Organization is owner & authority • Lots of User Provisioning • Web Access Management plus some federation Customer- Centric IAM • Modern • Individual is owner; no single authority • Profile Management • Federation and social sign-on
- Employee-Centric Technologies Customer-centric System of Record Attribute Management and Propagation Islands of Identity Single Sign-On Mobile Device Management Consent
- Employee-Centric Technologies Customer-centric HR(s) System of Record User Provisioning Directory Synchronization Pushing Attributes Attribute Management and Propagation Most legacy systems Reducing to Active Directory Islands of Identity Proprietary WAM for legacy Federation for newer apps & SaaS Single Sign-On Common Mobile Device Management Implied in employer/employee relationship Consent
- Employee-Centric Technologies Customer-centric HR(s) System of Record Internal: CRM and LOB databases External: Social Providers, Banks, Universities, Governments, etc User Provisioning Directory Synchronization Pushing Attributes Attribute Management and propagation Profile Management Lookup at time of use and JIT Pulling attributes Most legacy systems Reducing to Active Directory Islands of Identity Legacy systems but federation- ready apps increasing Proprietary WAM for legacy Federation for newer apps & SaaS Single Sign-On Standards-based federation Some proprietary social providers Common Mobile Device Management Uncommon, if not forbidden Implied in employer/employee relationship Consent Must be gathered and adhered to consistently
- Different Lifecycles
- Join Move Leave Traditional IAM Lifecycle
- Relationship Value Progression
- Anonymous Pseudonymous Known Higher ValueLower Value
- Anonymous Join Pseudonymous Move Known Move
- Access Path Progression
- Web Mobile Thing Developer
- Web Join Mobile Join/Move Thing Move Developer Move
- Join. Move. Leave?
- Long Relationships = Privacy Implications
- HR used to provide the privacy coverage Identity need Internal-facing identity system are rarely subject to Privacy Impact Assessment Customer identity requires: • Data retention and protection • Persistence and respect of privacy preferences • Attribute release consent management Previously ignored privacy challenges
- Different Techiques Different Lifecycles
- Customer identity is larger than employee identity
- Customer Identity Components IAM Components
- Customer Identity Components Federation User Profile Mgt Assurance Proofing
- Customer Identity Components IAM Components IAM-like Components Non-IAM Components
- Broker social login to content portals and other 3rd party properties Ability add and protect attributes passed to other platforms Ability to pass entitlements OpenID Connect unlocks many doors • But there’s plenty of proprietary too Security Token Services • SAML • OAuth 2.0 • OpenID Connect • Proprietary Federation Social Provider Connectivity Protocol Brokering Federation
- • Automated – via a social provider or directory service • Manual – Self-service sign-up • Consistent branding control throughout Self-service control over: • Social providers can be used • Apps can access data • Attributes can be used • Marketing preferences • Manual - Mechanisms to ask the user for a little more data • Automated – data verification and record enhancement Registration Services Profile Management Profile Enhancement User Profile Management
- Techniques to raise identity assurance 2nd Factors: • Can work but user experience suffers • Adaptive access control must play a roll here • Ideally this is recognition’s territory Plugins for different proofing providers • Often based on geography Two modes: • Asynchronous for offline proofing • Synchronous for user quizzes • But mind the user experience Integration with internal proofing sources Assurance and Proofing Identity Assurance Identity Proofing
- Service providers have to be better neighbors Follow Finance model of FS-ISAC Teams to help people get their accounts back Part of expected customer service Attribute release consent from the social provider isn’t sufficient Service Provider should provide generic consent management layer Shared Signals Account Take-Over Response Consent Management IAM-like components Not core traditional IAM services
- Meaningful integration designed to create 360° view of the customer • Sales • Service • Marketing • eCommerce • Content Management Conversion rates Segmentation Usage via Channel Behavior analysis to fuel marketing, service, sales, and recognition Encryption and Tokenization “Who access what data and what were the values at that time?” • Think DAM for customer data Integration Analytics Information Protection Non-IAM Components Peer services
- More than just IAM components
- How is customer identity different from enterprise identity?
- Technologies needed are different
- Customer Identity Components IAM Components IAM-like Components Non-IAM Components
- Lifecycles are different
- Anonymous Pseudonymous Known Web Mobile Thing Developer Join Move / Change Leave
- Techniques are different
- IAM Techniques Employee- Centric IAM • Traditional • Organization is owner & authority • Lots of User Provisioning • Web Access Management plus some federation Customer- Centric IAM • Modern • Individual is owner; no single authority • Profile Management • Federation and social sign-on
- Privacy expectations are different
- Goals are different
- Right Access Right People Right Place Right Time Employee-centric IAM Goals
- Right Experience Right People Right Place Right Time XP Customer-centric IAM Goals
- Stakeholders are different
- We are not here
- Sales Marketing Alumni Affairs Community Dev.
- The opportunities are greater
- The opportunity to delight
- Stop using Employee-Centric IAM for your customers
- Stop treating your customers like employees
- Start delighting them
- “Your time is important to me. Continue to enjoy the conference & thanks for your attention.”
- Thank you
Editor's Notes
- When it comes to identity services for customers, consumers, citizens our industry doesn’t have the same maturity. There is a great deal of innovation in this area to be sure. In pursuit of external identity this industry has created notions of user-centric identity and personal data stores – all great achievements. But there is not a lot in the way of common patterns or practices. To serve our citizens and our customers we need to deliver the right experience to the right person at the right time and in the right place.
- And we have to serve an entirely new set of stakeholders within the business. We have to deliver an experience to a connected fridge or an iBeacon as well as an app.
- And we have to do so on behalf of sales, marketing, or alumni affairs.
- In the absence of best practices, as an industry, we have defaulted to using what we know works for employees on our customers. “Please continue to hold…” And this is a little sad, but not surprising.
- External identity management, customer identity management, consumer identity management – call it what you will. It is a growth opportunity for the business as well as identity professionals. It is an opportunity to deliver services to our citizens like we have never done so before. It is an opportunity to delight the most important thing that every organization in every industry has – it’s customers. And it is an opportunity we cannot, must not squander. External identity is IAM’s killer app. After years of search we have found it! External identity is the “email” of IAM. It transforms us identity professionals into business enablers and that is tremendously exciting. However, IAM isn’t the star of the external identity show. Much in the same way that TCP/IP isn’t the star of the Web, IAM isn’t the start of this new opportunity. IAM can help support it but IAM isn’t the entire solution.
- It is an opportunity to delight the most important thing that every organization in every industry has – it’s customers. And it is an opportunity we cannot, must not squander.
- Every part of the business gets an accurate current picture of the customer Baby-steps towards recognition The first one to form a relationship will win If you don’t, your competitor will
- External identity is IAM’s killer app. After years of search we have found it! It’s our “email.”
- However, IAM isn’t the star of the external identity show. Much in the same way that TCP/IP isn’t the star of the Web, IAM isn’t the start of this new opportunity. IAM can help support it but IAM isn’t the entire solution.
- From an identity professional’s view of the world, identity is the center of every interaction. But from the business’ point of view the customer is the center of every interaction. In order to serve that customer best we need a complete picture of them. This picture needs to be cross-channel, cross-business function, and cross-organization. We might be tempted to think of cross-channel as web, mobile, and API, but it is more than that. In a non-IT-centric setting, cross-channel includes things such as brick and mortar sales and points of presence, social listening, and call centers. In order to fully address the business, each business function must be able to share a complete picture of the customer. This means that sales, service, product, marketing, everyone has to be on the same page as to who is the customer and how do we delight them. And we need to share that picture across multiple organizations. Our partners extend our brand and extend our services. Sharing, with customer’s permission, the picture of the customer across organizational boundaries improves service. Consider when a service professional comes to your house to repair your hot water heater. They already know what model heater you have. They are up to date on how to repair it. They also know the service history of the unit. This can only happen when the water heater’s manufacturer and the service company work in concert to delight the customer
- But from the business’ point of view the customer is the center of every interaction. In order to serve that customer best we need a complete picture of them. This picture needs to be cross-channel, cross-business function, and cross-organization.
- We might be tempted to think of cross-channel as web, mobile, and API, but it is more than that. In a non-IT-centric setting, cross-channel includes things such as brick and mortar sales and points of presence, social listening, and call centers.
- We might be tempted to think of cross-channel as web, mobile, and API, but it is more than that. In a non-IT-centric setting, cross-channel includes things such as brick and mortar sales and points of presence, social listening, and call centers.
- Consistent view across multiple touch points Consistent experience across multiple parts of the organization Salesforce as system of record for “customer” Reduced identity integration In order to fully address the business, each business function must be able to share a complete picture of the customer. This means that sales, service, product, marketing, everyone has to be on the same page as to who is the customer and how do we delight them.
- And we need to share that picture across multiple organizations. Our partners extend our brand and extend our services. Sharing, with customer’s permission, the picture of the customer across organizational boundaries improves service. Consider when a service professional comes to your house to repair your hot water heater. They already know what model heater you have. They are up to date on how to repair it. They also know the service history of the unit. This can only happen when the water heater’s manufacturer and the service company work in concert to delight the customer
- There is a wide spectrum of approaches to identity management. On one end of the spectrum you have employee-centric identity. It is traditional. The enterprise owns the identities in this world and furthermore the enterprise is authoritative for those identities. There’s a lot of user provisioning as well as web access management, which an increasing amount of federation. At the other end of the spectrum is customer identity. It requires a modern approach to identity management. In this setting, the individual owns their identity and there is no singular authority for that identity. We observe profile management instead of user provisioning. There is a lot of federation and social sign-on as well. Put simply, the techniques and tricks we have used to serve our employees are not the same ones that are needed for customer identity. THIS IS A TABLE TO BE RENDERED IN THE SLIDE. Looking a bit deeper at enterprise-centric identity we see that the system of record is HR. Often this really means multiple HR systems of record but you get the idea. In terms of attribute management and propagation, user provisioning and directory synchronization of various forms is employed. We tend to find islands of identity in our legacy systems but we are getting down to one large identity continent – AD. In terms of SSO, often proprietary WAM-based approaches are used with an increasing amount of federation thrown in, especially for access to modern apps and SaaS. Mobile device management is common and consent is inherent implied in the relationship between employer and employee. Customer-centric identity is different. We find that the systems of record are CRM and major line-of-business databases. And those are just the internal systems of record. There are also the external systems of record that include social providers, banks, universities, governments and the like. Attribute propagation is handled by user profile management and lookup at the time of use. We still see islands of identity, especially in legacy applications, but thankfully fewer as apps are built federation-ready. In terms of SSO, we see identity standards-based federation and with a bit of proprietary from the social providers. Mobile device management is uncommon if not forbidden. And lastly, consent must be gathered from the user and adhered to consistently. But it isn’t just the different in technology and approaches that makes customer identity different from employee identity. We see different lifecycles as well. Where Join, Move, Leave has served employee-centric identity well. But in customer identity we observe different lifecycles: transaction value progression and access path progression. As the relationship grows more valuable the need for stronger identity grows. To be clear a valuable relationship isn’t necessarily one in which money is changing hands. My relationship to my local government is extremely valuable. My relationship to my university is extremely valuable. What we tend to find is that people move from being an anonymous user on a web site or app to a pseudonymous user, relying on social providers as a way to log in. Eventually the organization turns those pseudonymous users into ones that have been proofed and vetted. Mapping this to JML is hard. We observe that the anonymous stage maps well to the Join event. The transformation to pseudonymous maps to the Move (change) lifecycle event, and so too with the transformation from pseudonymous to proofed. We also recognize that the same person will access enterprise services across multiple channels from the web, to apps, to connected devices, and even directly via APIs. It used to be that people “Joined” to an organization via a web site, but increasing that “Join” event happens with an app. A person working with connected devices or “Things” or even APIs maps well to the “Move” event. Although we can map from these two progressions to Join, Move, Leave, the map is poor and incomplete. Neither progression has a step that maps to “Leave.” No “Leave”? Do relationships ever really end? My relationship with my university begins as a prospect, turns into a student, but it certainly doesn’t end when I graduate. I posit that in most cases external identity relationships are never completely severed, they just change. And this means that external identity brings with it a set of previously ignored privacy requirements. For employee-centric identity, HR used to provide the privacy coverage identity teams needed. Rarely was an internal-facing identity system subject to the Privacy Impact Assessment. But that won’t work in an external identity scenario. Customer identity requires data retention and protection policies and services. It requires persistent and respected privacy preferences. It requires attribute consent management. These are not things employee identity has commonly dealt with.
- There is a wide spectrum of approaches to identity management. On one end of the spectrum you have employee-centric identity. It is traditional. The enterprise owns the identities in this world and furthermore the enterprise is authoritative for those identities. There’s a lot of user provisioning as well as web access management, which an increasing amount of federation. At the other end of the spectrum is customer identity. It requires a modern approach to identity management. In this setting, the individual owns their identity and there is no singular authority for that identity. We observe profile management instead of user provisioning. There is a lot of federation and social sign-on as well.
- There is a wide spectrum of approaches to identity management. On one end of the spectrum you have employee-centric identity. It is traditional. The enterprise owns the identities in this world and furthermore the enterprise is authoritative for those identities. There’s a lot of user provisioning as well as web access management, which an increasing amount of federation.
- At the other end of the spectrum is customer identity. It requires a modern approach to identity management. In this setting, the individual owns their identity and there is no singular authority for that identity. We observe profile management instead of user provisioning. There is a lot of federation and social sign-on as well. Put simply, the techniques and tricks we have used to serve our employees are not the same ones that are needed for customer identity.
- Put simply, the techniques and tricks we have used to serve our employees are not the same ones that are needed for customer identity.
- Looking a bit deeper at enterprise-centric identity we see that the system of record is HR. Often this really means multiple HR systems of record but you get the idea. In terms of attribute management and propagation, user provisioning and directory synchronization of various forms is employed. We tend to find islands of identity in our legacy systems but we are getting down to one large identity continent – AD. In terms of SSO, often proprietary WAM-based approaches are used with an increasing amount of federation thrown in, especially for access to modern apps and SaaS. Mobile device management is common and consent is inherent implied in the relationship between employer and employee.
- Customer-centric identity is different. We find that the systems of record are CRM and major line-of-business databases. And those are just the internal systems of record. There are also the external systems of record that include social providers, banks, universities, governments and the like. Attribute propagation is handled by user profile management and lookup at the time of use. We still see islands of identity, especially in legacy applications, but thankfully fewer as apps are built federation-ready. In terms of SSO, we see identity standards-based federation and with a bit of proprietary from the social providers. Mobile device management is uncommon if not forbidden. And lastly, consent must be gathered from the user and adhered to consistently.
- But it isn’t just the different in technology and approaches that makes customer identity different from employee identity. We see different lifecycles as well. Where Join, Move, Leave has served employee-centric identity well. But in customer identity we observe different lifecycles: transaction value progression and access path progression.
- As the relationship grows more valuable the need for stronger identity grows. To be clear a valuable relationship isn’t necessarily one in which money is changing hands. My relationship to my local government is extremely valuable. My relationship to my university is extremely valuable. What we tend to find is that people move from being an anonymous user on a web site or app to a pseudonymous user, relying on social providers as a way to log in. Eventually the organization turns those pseudonymous users into ones that have been proofed and vetted. Mapping this to JML is hard. We observe that the anonymous stage maps well to the Join event. The transformation to pseudonymous maps to the Move (change) lifecycle event, and so too with the transformation from pseudonymous to proofed.
- As the relationship grows more valuable the need for stronger identity grows. To be clear a valuable relationship isn’t necessarily one in which money is changing hands. My relationship to my local government is extremely valuable. My relationship to my university is extremely valuable. What we tend to find is that people move from being an anonymous user on a web site or app to a pseudonymous user, relying on social providers as a way to log in. Eventually the organization turns those pseudonymous users into ones that have been proofed and vetted. Mapping this to JML is hard. We observe that the anonymous stage maps well to the Join event. The transformation to pseudonymous maps to the Move (change) lifecycle event, and so too with the transformation from pseudonymous to proofed.
- We also recognize that the same person will access enterprise services across multiple channels from the web, to apps, to connected devices, and even directly via APIs. It used to be that people “Joined” to an organization via a web site, but increasing that “Join” event happens with an app. A person working with connected devices or “Things” or even APIs maps well to the “Move” event.
- We also recognize that the same person will access enterprise services across multiple channels from the web, to apps, to connected devices, and even directly via APIs. It used to be that people “Joined” to an organization via a web site, but increasing that “Join” event happens with an app. A person working with connected devices or “Things” or even APIs maps well to the “Move” event.
- Although we can map from these two progressions to Join, Move, Leave, the map is poor and incomplete. Neither progression has a step that maps to “Leave.”
- No “Leave”? Do relationships ever really end? My relationship with my university begins as a prospect, turns into a student, but it certainly doesn’t end when I graduate. I posit that in most cases external identity relationships are never completely severed, they just change. And this means that external identity brings with it a set of previously ignored privacy requirements. For employee-centric identity, HR used to provide the privacy coverage identity teams needed. Rarely was an internal-facing identity system subject to the Privacy Impact Assessment. But that won’t work in an external identity scenario. Customer identity requires data retention and protection policies and services. It requires persistent and respected privacy preferences. It requires attribute consent management. These are not things employee identity has commonly dealt with.
- ? My relationship with my university begins as a prospect, turns into a student, but it certainly doesn’t end when I graduate. I posit that in most cases external identity relationships are never completely severed, they just change.
- For employee-centric identity, HR used to provide the privacy coverage identity teams needed. Rarely was an internal-facing identity system subject to the Privacy Impact Assessment. But that won’t work in an external identity scenario. Customer identity requires data retention and protection policies and services. It requires persistent and respected privacy preferences. It requires attribute consent management. These are not things employee identity has commonly dealt with.
- But it isn’t just the different in technology and approaches that makes customer identity different from employee identity. We see different lifecycles as well. Where Join, Move, Leave has served employee-centric identity well. But in customer identity we observe different lifecycles: transaction value progression and access path progression.
- There are more stakeholders. Subsequently, there are more requirements. There are more opportunities. From a component perspective, customer identity requires more than traditional enterprise identity. To be sure, there are some familiar components: federation, profile management, and assurance and proofing. There are some IAM-ish components as well: shared signals, consent management, and account take-over response. And then there are some non-IAM components: integration into business automation systems, analytics, and information protection.
- There are more stakeholders. Subsequently, there are more requirements. There are more opportunities. From a component perspective, customer identity requires more than traditional enterprise identity. To be sure, there are some familiar components: federation, profile management, and assurance and proofing. There are some IAM-ish components as well: shared signals, consent management, and account take-over response. And then there are some non-IAM components: integration into business automation systems, analytics, and information protection.
- There are more stakeholders. Subsequently, there are more requirements. There are more opportunities. From a component perspective, customer identity requires more than traditional enterprise identity. To be sure, there are some familiar components: federation, profile management, and assurance and proofing. There are some IAM-ish components as well: shared signals, consent management, and account take-over response. And then there are some non-IAM components: integration into business automation systems, analytics, and information protection.
- But it isn’t just the different in technology and approaches that makes customer identity different from employee identity. We see different lifecycles as well. Where Join, Move, Leave has served employee-centric identity well. But in customer identity we observe different lifecycles: transaction value progression and access path progression.
- The technology needed is different. Instead of user provisioning and WAM, external identity requires social sign-on and profile management. Furthermore external identity requires more than just IAM technologies, but also things such as integration into marketing and sales automation systems, as well as complete information protection services The lifecycles are different. Where Join, Move, Leave served us well for employee-centric identity management, those lifecycles events don’t work external identity. External identity presents the relationship value and access channel progressions. Furthermore, the relationships we form with our customers do not end. There is no Leave. The privacy expectations are different. The fact that there is no “Leave” means that, as a service provider, be it public or private sector, we have different privacy and information protection duties. There is no HR in the realm of external identity; it thus falls to identity teams and their peers to address privacy requirements. The goals are different. Whereas with enterprise identity management we sought to delivery the right access to the right people at the right time in the right place, external management requires the delivery of the right experience to the right person as the right time in the right place. Lastly, the opportunity is greater. For the business, regardless of its mission, the opportunity is to deliver services more easily, more cost effectively, and at a higher quality using external identity. Selfishly, as an identity professional, our opportunity is that external identity transforms identity management, our profession, into a business enabler instead of its traditional role as a cost center. This is the time to act. It is time to expand our notion of identity and the tools needed to deliver. Stop treating your customers like employees. Start delighting them. “Your time is important to me. Continue to enjoy the conference and thanks for your attention.”
- Instead of user provisioning and WAM, external identity requires social sign-on and profile management. Furthermore external identity requires more than just IAM technologies, but also things such as integration into marketing and sales automation systems, as well as complete information protection services
- There are more stakeholders. Subsequently, there are more requirements. There are more opportunities. From a component perspective, customer identity requires more than traditional enterprise identity. To be sure, there are some familiar components: federation, profile management, and assurance and proofing. There are some IAM-ish components as well: shared signals, consent management, and account take-over response. And then there are some non-IAM components: integration into business automation systems, analytics, and information protection.
- As the relationship grows more valuable the need for stronger identity grows. To be clear a valuable relationship isn’t necessarily one in which money is changing hands. My relationship to my local government is extremely valuable. My relationship to my university is extremely valuable. What we tend to find is that people move from being an anonymous user on a web site or app to a pseudonymous user, relying on social providers as a way to log in. Eventually the organization turns those pseudonymous users into ones that have been proofed and vetted. Mapping this to JML is hard. We observe that the anonymous stage maps well to the Join event. The transformation to pseudonymous maps to the Move (change) lifecycle event, and so too with the transformation from pseudonymous to proofed.
- At the other end of the spectrum is customer identity. It requires a modern approach to identity management. In this setting, the individual owns their identity and there is no singular authority for that identity. We observe profile management instead of user provisioning. There is a lot of federation and social sign-on as well. Put simply, the techniques and tricks we have used to serve our employees are not the same ones that are needed for customer identity.
- The fact that there is no “Leave” means that, as a service provider, be it public or private sector, we have different privacy and information protection duties. There is no HR in the realm of external identity; it thus falls to identity teams and their peers to address privacy requirements.
- No “Leave”? Do relationships ever really end? My relationship with my university begins as a prospect, turns into a student, but it certainly doesn’t end when I graduate. I posit that in most cases external identity relationships are never completely severed, they just change. And this means that external identity brings with it a set of previously ignored privacy requirements. For employee-centric identity, HR used to provide the privacy coverage identity teams needed. Rarely was an internal-facing identity system subject to the Privacy Impact Assessment. But that won’t work in an external identity scenario. Customer identity requires data retention and protection policies and services. It requires persistent and respected privacy preferences. It requires attribute consent management. These are not things employee identity has commonly dealt with.
- Whereas with enterprise identity management we sought to delivery the right access to the right people at the right time in the right place, external management requires the delivery of the right experience to the right person as the right time in the right place.
- For the business, regardless of its mission, the opportunity is to deliver services more easily, more cost effectively, and at a higher quality using external identity. Selfishly, as an identity professional, our opportunity is that external identity transforms identity management, our profession, into a business enabler instead of its traditional role as a cost center.
- However, IAM isn’t the star of the external identity show. Much in the same way that TCP/IP isn’t the star of the Web, IAM isn’t the start of this new opportunity. IAM can help support it but IAM isn’t the entire solution.
- For the business, regardless of its mission, the opportunity is to deliver services more easily, more cost effectively, and at a higher quality using external identity. Selfishly, as an identity professional, our opportunity is that external identity transforms identity management, our profession, into a business enabler instead of its traditional role as a cost center.
- It is an opportunity to delight the most important thing that every organization in every industry has – it’s customers. And it is an opportunity we cannot, must not squander.
Advertisement