SlideShare a Scribd company logo
THE EVOLUTION OF IDENTITY
MANAGEMENT
CUSTOMER IDENTITY AND ACCESS MANAGEMENT
(CIAM) VS LEGACY IDENTITY AND ACCESS MANAGEMENT
WHITE PAPER
Connecting Identity.
Transforming Digital Business.
UBISECURE WHITE PAPER
2
INTRODUCTION
Once again, the way companies are doing business is transforming as we see that even the most
traditional industries such as manufacturing, energy production, utilities, construction, and processing
are embracing the Internet and connectivity. The trend is clear - companies need to gain competitive
advantages and diversify their offering. For energy companies producing electricity is no longer enough
as their markets now demand smart homes, smart metering and more.
Businesses in general are adding more and more online services to their portfolio, no matter what the
industry or vertical they are operating. Company boundaries are blurring as businesses interact closely
and utilize online services in growing numbers.
This growing business ecosystem includes a lot of different stakeholders from customers, partners, and
subcontractors to owners and investors. Companies need to engage each stakeholder category in
different ways. One service for all will not cut it. Each stakeholder has their own motivation to do
business with a provider. They have their own business processes, infrastructure, and identities. When
the number of external stakeholders grow, so does the need to better manage these identities. It is not
enough to know who is accessing your online services, but also in which role / capacity they enter, or
who they represent.
Traditional Identity Management solutions, legacy IAM, which concentrate on provisioning employee
identities from the HR -system to the Active Directory, and providing Single Sign-On to internal
applications are ill-suited for this situation. New ways of thinking is required to improve convenience
and loyalty towards customers, to deploy secure online services, to minimize the cost in customer
acquisition and external identity management.
This white paper looks at the evolution of identity management from legacy to customer-centric (or
thing centric), and explores the limitations of legacy IAM for modern, connected business cases.
UBISECURE WHITE PAPER
3
INTERNAL VS EXTERNAL IDENTITIES
When an investment decision is reached to deploy an Identity Management product there are always
business driven factors behind it. It might be about regulatory demands, desire to cut cost, improve
security etc. These driving factors are different when we look at internal vs external identities. This
translates to different demands to the solutions companies need to select in order to satisfy the
business objectives. Let's take a closer look at these different factors, and explain them.
PRODUCTIVITY VS CONVENIENCE
The technology behind is Single Sign-On, but the driver might be different. Internally the wish is to
increase productivity by enabling employees to login into company applications without repeated
password entry. For external identities SSO brings convenience for the business customer as they can
login from their corporate network to the online services with their own (business) IDs or with
credentials they already possess, like social login, Bank IDs or digital identities issued by mobile
network operators. For external users it’s a mix of federation and Single Sign-On that increases
convenience.
COMPLIANCE
There's a different emphasis for compliancy in internal and external identities. The driver internally is to
comply to the security policy, which might take into account local regulations. Compliance to local
regulations typically means that sometimes it might be necessary to enforce stronger authentication to
grant access to sensitive information, and maybe use a credential which has a security level described
UBISECURE WHITE PAPER
4
by the local legislation / regulation (e.g. NIST, eIDAS or PSD2). The biggest compliance obligation,
especially in the EU area comes from the General Data Protection Regulation (GDPR). Customer IAM
solutions are designed to help organisations in areas such as consent management, access /
management / erasure / transport of user data, whereas legacy IAM solutions are completely out of
their depth.
EFFICIENCY VS CUSTOMER ACQUISITION
Permission workflows such as inviting people to use a service or requesting access privileges with the
tools the legacy IAM provides can improve internal efficiency. But for external identities it's a tool to
facilitate customer acquisition process by enabling e.g. sales people to invite leads and customers to
use the services directly from the CRM, or allowing visitors to quickly register using their existing
credentials thus improving conversion and customer satisfaction, and reducing abandonment rates.
The workflows and therefore features between the legacy IAM and Customer IAM are very different in
these scenarios.
STANDARDIZATION VS. OPENNESS
IAM can be used internally to standardize access policies and methods, and connect to separate
internal identity silos whereas the same solution should enable the business to integrate various kinds
of technologies and standards that the external resources use. An internal corporate network
gravitates towards standardization whereas the external networks that a service provider wants to
connect will remain heterogeneous and diverse. Therefore legacy IAM solutions might not provide the
necessary functions or the same open protocols as CIAM solutions typically do.
CENTRALIZED VS DISTRIBUTED AND HETEROGENEOUS
Again, the underlying technology would be the IAM and much the same way as in standardization,
companies wish to centralize the access policies and decision points. Externally the IAM solution should
support also decision-making points within the customer organization (who can access) and let the
customers manage their own privileges. This means that even though internally the company might
select a single standard or process to follow, for external connected identities and networks they need
to embrace diverse options and allow for the flexibility that is required in the customer-facing
environment.
UBISECURE WHITE PAPER
5
INTERNAL CONTROL VS OUTSOURCED & TIERED MANAGEMENT
Employees and their access credentials as well as authorizations are controlled internally according to
position / job description / project memberships. Externally it makes much more sense to let the
customer organization attach (authorize) access privileges to their employees, or even authorise other
companies to access an online service as a representor of the company. This would save a lot of effort
for the company offering the online service to external companies i.e. customers. Again the functional
requirements between legacy IAM and Customer IAM are different.
OWNERSHIP VS TRUST
Companies want to own their employee identities at least to some extent. The concept of Bring Your
Own ID (BYOD) might change this to some degree, but still the ownership of access privileges (roles,
authorizations) should remain in the control of the company for internal identities. For external
identities trust is much more important as an online service provider should be able to trust the
identities coming from the customer domain, and trust that their access privileges are properly
maintained within the customer organization. The same applies to the other direction, customers need
to trust that the service provider treats their data (e.g. personally identifiable information, PII)
according to regulations, such as GDPR. When the provider can provide transparency, access to the
data and the possibility of managing, erasing and transporting the data of the customer it creates trust.
And trust is the basic building block of a successful business. Legacy IAM solutions are built around the
idea that the company owns and operates the data of a user, in customer-facing environment it should
be the other way around and this again is reflected in the technical features.
Most of the underlying technologies for managing internal and external identities are similar. However,
when you can standardize a lot of the infrastructure, software platforms, processes, and authentication
methods within your internal environment, you must be able to support a wide range of diverse and
heterogeneous customer settings if you wish to offer the extended enterprise experience for your
corporate customers.
In essence the internal and external identity management practices are polarizing. Legacy identity and
access management products which concentrate on streamlining the employee life-cycle management
from start to finish have been around for years, and they have gravitated towards certain models best
suited for internal corporate processes. Customer Identity and Access Management needs to engage
customers, enable service providers develop and launch new business models, embrace and support a
diverse set of requirements, improve convenience for the end user, enable cost savings, shorten the
UBISECURE WHITE PAPER
6
sales cycle, and more. The fluid business ecosystems that can be nurtured and extended using properly
deployed external identity management can make a big impact on the bottom line for any service
provider, manufacturer, utility company, retailer, financial or healthcare institute, or even the
government.
WHY INVEST IN CUSTOMER IDENTITY AND ACCESS
MANAGEMENT
A lot of the arguments in favor for adopting customer identity and access management solutions for
both internal and external identity management are similar. There are however benefits which can be
clearly assigned only to CIAM or have a bigger impact on the bottom line.
COST MANAGEMENT (REDUCTION)
When we use a mobile device and implement the biometric factor in the authentication, it needs to be
done properly. Select iOS and Android devices have the capability to scan the fingerprint of the user
and their cameras can be used to implement facial recognition, or even iris scanning. The appropriate
Customer Identity and access management is a tool to reduce cost related to identities, but also to
improve effectiveness of the operations both internally and externally, and enable new online services
that in turn can be used to automate and smoothen things bringing in new ways to manage cost of
operations.
Here are some of the functions within your company where cost savings can be achieved:
• Help / Service desk calls: According to studies having self service functions for end users to
reset passwords reduced help desk calls related to forgotten passwords by over 90%. This
applies for both internal and external identities. However internally an employee might have
to remember only a few passwords, but if he's using 5-10 external services, the password
fatigue will play a major role and users either forget the passwords quickly or start using poor
/ repeated passwords.
• No password management: If the IAM solution can provide Single Sign-On and Bring Your
Own Identity for the customers of the service, password management related costs, such as
reset costs, can be avoided completely.
UBISECURE WHITE PAPER
7
• Account provisioning / registration: The service provider has to provision their own internal
accounts (employees), and legacy IAM can help in that by automation and workflows. A
greater effect can be seen in external identities if the provider can simply rely on business
identities coming from the customer network. There would be no need for separate account
provisioning and life-cycle management for the provider. Customer Identity and Access
Management products such as Ubisecure Identity Platform can link the customer to the
service and provide life-cycle management functions that the customer organization can
utilize. This would minimize cost related to customer account or identity management for the
provider.
BUSINESS PERFORMANCE
The simple metric for business performance is profit. If you are able to increase your profits you are
performing better. Identity, authorization and access management solutions can help in ways that you
might not have thought of. Here are some examples:
• Customer satisfaction: If you can provide for example SSO to your services, your customers
will be happy. A satisfied customer will spread the word, and you will get an increase in the
number of leads. If you can convert these leads into paying customers, you've managed to
improve your performance.
• Conversion: The step that you need your leads to take can be an easy one, or a difficult one.
Anything you can do to lower the threshold for your lead to turn into a paying customer
increases your performance. Customer IAM can be used to improve tracking therefore giving
better insight into leads and weed out the most promising ones quickly. Identity management
solution such as Ubisecure Identity Platform, which is linked to your CRM to enable instant
invites directly from the CRM workspace will definitely improve your conversion rates. The
support for multiple 3rd party authentication methods from social to government issued
digital identities can be smoothen out the wrinkles in registration flows.
RISK MANAGEMENT
One of the concerns for companies in moving towards online or cloud services is security. Moving your
next generation Nobel prize winning solar panel blueprints into the connected service might be a risk
that you're not willing to take. Customer IAM can help you manage risk, but naturally it boils down to
UBISECURE WHITE PAPER
8
your security policy and possibly to regulations. Here are some of the areas where you can mitigate
risk:
• Adequate authentication: Not everything needs to be locked tight. Having different methods
available for end user authentication helps you select the appropriate level of identity
verification. Lobby services might use social identities, customer extranets would utilize SSO
from the customer network, and some parts of your service might require strong two-factor
authentication, if e.g. confirming purchase orders above a certain threshold.
• No user repositories to hack: Bring Your Own Identity is a way to help your customers use
their existing identities. If they can do so, there's no need for you to create a large database
with user names and passwords and other customer information that could be potentially
accessed from the Internet or gaining access through social engineering and persistent
threats. Blogs such as krebsonsecurity.com and others are filled with reports on big hacks on
a weekly basis, and if you can avoid becoming the next blog article it will definitely be worth
it.
CONVENIENCE
Another advantage of an IdP is Single Sign-On. Once the user has been authenticated into one
application, he can move between the applications without re-authentication. If the initial
authentication was done using a lower level of assurance method, step-up authentication is required to
access the more confidential areas, and the IdP can take care of this using visually the same kind of
login flow. If the user first authenticated with a higher level of assurance method, moving to resources
that require lower level of assurance methods will not trigger a new authentication request.
• Single Sign-On: Single Sign-On is a cost issue, reducing management cost for the service
provider. It's also a big advance in convenience for the end user if they can login into your
systems using something that they already have or directly from their own corporate domain,
and won’t be bothered with new login screens as they browse through your services or hop
from one of your brands to another.
• Verified Social Identities: Social identities such as Facebook or G-Suite accounts by
themselves are almost worthless as a digital identity. But if you enable your customers to
register a Facebook account, and verify it with another, stronger method you end up with a
verified social identity, which can be used to give your customers and other stakeholders
convenient access to your services.
UBISECURE WHITE PAPER
9
• Bring Your Own Identity: On top of corporate Single Sign-On and verified social identities, you
can ease the life of your customer by allowing them to access your services with credentials
they already own. A good Customer IAM can link these credential to the relevant customer
information.
• Adaptive Authentication: Strong authentication is not always needed. By using appropriate
authentication related to the context, you can improve the customer experience.
COMPLIANCE
Some industries such as financial and healthcare have existing national or international regulations that
can affect how you treat customer information and their electronic identities. In the payment industry
you also have PCI-DSS standards (and the upcoming PSD2 directive), which you should follow. Identity,
authorization and access management solutions in general have capabilities that you can use to meet
the demands set forth in the law or regulations.
A much broader compliance requirement comes from the European Union’s General Data Protection
Regulation. If you store Personally Identifiable Information (PII) of even a single EU citizen in your
databases, you are obliged to be compliant with the regulation on May 2018. Customer Identity and
Access Management solutions include a lot of functionality that can help your organisation to
implement technical solutions for compliance.
Here are a few examples:
• Audit trails. It is essential that you can provide proof of the actions taken within your services.
Audit logs of the applications used by your customers provide intelligence and proof of their
transactions within the service. CIAM provides the link to the identity and under what kind of
authorisation the user had conducted these transactions. GDPR reverses the burden of proof
to the provider in case of e.g. consent. The provider must be able to prove that they had the
users consent if the data subject (user) contests an action involving their personal data.
• Proper authentication: Granting access to a resource based on a Facebook identity most
probably wouldn't be compliant with regulations that touch the issue of end user
authentication. A CIAM solution that can integrate to all eIDAS or NIST -level authentication
credentials will guarantee that you have the proper identity assurance in place.
• Government issued / recognized identity attribute: Sometimes, especially when dealing with
egovernment services, the online service will expect to receive a unique attribute of the user
UBISECURE WHITE PAPER
10
as part of the authentication event. In Scandinavia the social security number is something
that practically all egovernment services will expect. As the IDaaS is connected to the national
eID infrastructure, it can easily deliver this required attribute to the online service.
DELIVERY MODELS
It matters how you acquire your solution. Experience has shown us that it is best to start with a handful
of applications and then extend the Customer IAM solution to cover more services, include additional
authentication methods, new workflows, and back-end integrations.
For private cloud and on-premise installations Ubisecure can offer the quickest and risk-free delivery
model with a pre-configured solution. With 15 years of experience in delivering IAM software to
various customers we've created a best practice deployment model which can be up and running in
weeks instead of months. After the initial deployment, the delivered solution is fully configurable, and
can be extended and modified to accommodate new services, authentication and federation needs,
REST integrations, customized workflows etc. With Ubisecure products, no coding is required, not even
when integrating the online services to the Customer IAM solution thanks to our extensive support for
industry protocols and off the-shelf integration components.
CONCLUSIONS
Legacy IAM is driven by the IT department, and their need to improve security and reduce admin costs.
Legacy IAM is not designed to boost customer experience or convenience. It’s not designed to increase
conversion and the creation of new digital business processes.
Customer Identity and Access Management is driven by the business. It’s about empowering the
customer and increasing trust. With Customer IAM, the goal is to grow existing business, and create
new opportunities by forming business ecosystems with subcontractors, customers, partners and other
stakeholders. The underlying technology for both legacy IAM and Customer IAM can be similar, but
what differentiates these two will be the functionality built on top of those basic building blocks.
UBISECURE WHITE PAPER
12
Ubisecure is a pioneering European b2b and b2c Customer Identity & Access Management (CIAM)
software provider and cloud identity services enabler dedicated to helping its customers realise the
true potential of digital business.
Ubisecure provides a powerful Identity Platform to connect customer digital identities with customer-
facing SaaS and enterprise applications in the cloud and on-premise. The platform consists of
productised CIAM middleware and API tooling to help connect and enrich strong identity profiles;
manage identity usage, authorisation and progressive authentication policies; secure and consolidate
identity, privacy and consent data; and streamline identity based workflows and decision delegations.
Uniquely, Ubisecure’s Identity Platform connects digital services and Identity Providers, such as social
networks, mobile networks, banks and Governments, to allow Service Providers to use rich, verified
identities to create frictionless login, registration and customer engagement while improving privacy
and consent around personal data sharing to meet requirements such as GDPR and PSD2.
Ubisecure is accredited by the Global Legal Entity Identifier Foundation (GLEIF) to issue Legal Entity
Identifiers (LEI) under its RapidLEI brand, a cloud-based service that automates the LEI lifecycle to
deliver LEIs quickly and easily. The company has offices in London and Finland.
To learn more about Customer IAM and Company Identity
solutions visit www.ubisecure.com or contact us at
sales-team@ubisecure.com

More Related Content

What's hot

Chapter 07 pertemuan 9- donpas - keunggulan kompetitif ti dan si strategis
Chapter 07 pertemuan 9- donpas - keunggulan kompetitif ti dan si strategisChapter 07 pertemuan 9- donpas - keunggulan kompetitif ti dan si strategis
Chapter 07 pertemuan 9- donpas - keunggulan kompetitif ti dan si strategis
UNIVERSITAS TEKNOKRAT INDONESIA
 
Achieving Effective Identity and Access Governance
Achieving Effective Identity and Access GovernanceAchieving Effective Identity and Access Governance
Achieving Effective Identity and Access Governance
Enterprise Management Associates
 
Edi new
Edi newEdi new
Edi new
Bandri Nikhil
 
Business application of internet
Business application of internetBusiness application of internet
Business application of internet
Nelson Kuriakose
 
4. e commerce, m-commerce and emerging technologies 2018
4. e commerce, m-commerce and emerging technologies 20184. e commerce, m-commerce and emerging technologies 2018
4. e commerce, m-commerce and emerging technologies 2018
Ashish Desai
 
IBM: Redefining Enterprise Systems
IBM: Redefining Enterprise SystemsIBM: Redefining Enterprise Systems
IBM: Redefining Enterprise Systems
IBM India Smarter Computing
 
Lightwell Healthcare B2B Gateway Solution Guide
Lightwell Healthcare B2B Gateway Solution GuideLightwell Healthcare B2B Gateway Solution Guide
Lightwell Healthcare B2B Gateway Solution Guide
Lightwell
 
BHR-FocusPointTech-Final
BHR-FocusPointTech-FinalBHR-FocusPointTech-Final
BHR-FocusPointTech-FinalJoe Chopek
 
Electronic Data Interchange
Electronic Data InterchangeElectronic Data Interchange
Electronic Data InterchangeNikhil Agarwal
 
Ifw framework for banking industry presentation
Ifw framework for banking industry presentationIfw framework for banking industry presentation
Ifw framework for banking industry presentationRavi Sarkar
 
Property & Casualty Commercial Lines Underwriting: The New Playbook
Property & Casualty Commercial Lines Underwriting: The New PlaybookProperty & Casualty Commercial Lines Underwriting: The New Playbook
Property & Casualty Commercial Lines Underwriting: The New Playbook
Cognizant
 
Ebusinesspa
EbusinesspaEbusinesspa
Ebusinesspa
vincent david
 
ELECTRONIC DATA INTERCHANGE
ELECTRONIC DATA INTERCHANGE ELECTRONIC DATA INTERCHANGE
ELECTRONIC DATA INTERCHANGE
alraee
 
E-business ppt
E-business pptE-business ppt
E-business ppt
raviteja reddy
 
Edi (electronic data interchange)retail marketing
Edi (electronic data interchange)retail marketingEdi (electronic data interchange)retail marketing
Edi (electronic data interchange)retail marketing
LEARNCOMMERCE
 
IT Strategic Planning (Case Studies)
IT Strategic Planning (Case Studies)IT Strategic Planning (Case Studies)
IT Strategic Planning (Case Studies)
Nurhazman Abdul Aziz
 
Solutions360 core story 2010
Solutions360 core story 2010Solutions360 core story 2010
Solutions360 core story 2010
John Graham
 
Equipping IT to Deliver Faster, More Flexible Service Management
Equipping IT to Deliver Faster, More Flexible Service ManagementEquipping IT to Deliver Faster, More Flexible Service Management
Equipping IT to Deliver Faster, More Flexible Service Management
Cognizant
 

What's hot (19)

Chapter 07 pertemuan 9- donpas - keunggulan kompetitif ti dan si strategis
Chapter 07 pertemuan 9- donpas - keunggulan kompetitif ti dan si strategisChapter 07 pertemuan 9- donpas - keunggulan kompetitif ti dan si strategis
Chapter 07 pertemuan 9- donpas - keunggulan kompetitif ti dan si strategis
 
Achieving Effective Identity and Access Governance
Achieving Effective Identity and Access GovernanceAchieving Effective Identity and Access Governance
Achieving Effective Identity and Access Governance
 
Edi new
Edi newEdi new
Edi new
 
Business application of internet
Business application of internetBusiness application of internet
Business application of internet
 
4. e commerce, m-commerce and emerging technologies 2018
4. e commerce, m-commerce and emerging technologies 20184. e commerce, m-commerce and emerging technologies 2018
4. e commerce, m-commerce and emerging technologies 2018
 
e-commerce
e-commercee-commerce
e-commerce
 
IBM: Redefining Enterprise Systems
IBM: Redefining Enterprise SystemsIBM: Redefining Enterprise Systems
IBM: Redefining Enterprise Systems
 
Lightwell Healthcare B2B Gateway Solution Guide
Lightwell Healthcare B2B Gateway Solution GuideLightwell Healthcare B2B Gateway Solution Guide
Lightwell Healthcare B2B Gateway Solution Guide
 
BHR-FocusPointTech-Final
BHR-FocusPointTech-FinalBHR-FocusPointTech-Final
BHR-FocusPointTech-Final
 
Electronic Data Interchange
Electronic Data InterchangeElectronic Data Interchange
Electronic Data Interchange
 
Ifw framework for banking industry presentation
Ifw framework for banking industry presentationIfw framework for banking industry presentation
Ifw framework for banking industry presentation
 
Property & Casualty Commercial Lines Underwriting: The New Playbook
Property & Casualty Commercial Lines Underwriting: The New PlaybookProperty & Casualty Commercial Lines Underwriting: The New Playbook
Property & Casualty Commercial Lines Underwriting: The New Playbook
 
Ebusinesspa
EbusinesspaEbusinesspa
Ebusinesspa
 
ELECTRONIC DATA INTERCHANGE
ELECTRONIC DATA INTERCHANGE ELECTRONIC DATA INTERCHANGE
ELECTRONIC DATA INTERCHANGE
 
E-business ppt
E-business pptE-business ppt
E-business ppt
 
Edi (electronic data interchange)retail marketing
Edi (electronic data interchange)retail marketingEdi (electronic data interchange)retail marketing
Edi (electronic data interchange)retail marketing
 
IT Strategic Planning (Case Studies)
IT Strategic Planning (Case Studies)IT Strategic Planning (Case Studies)
IT Strategic Planning (Case Studies)
 
Solutions360 core story 2010
Solutions360 core story 2010Solutions360 core story 2010
Solutions360 core story 2010
 
Equipping IT to Deliver Faster, More Flexible Service Management
Equipping IT to Deliver Faster, More Flexible Service ManagementEquipping IT to Deliver Faster, More Flexible Service Management
Equipping IT to Deliver Faster, More Flexible Service Management
 

Similar to Customer IAM vs Employee IAM (Legacy IAM)

White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyWhite Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
Gigya
 
White Paper: DIY vs CIAM
White Paper: DIY vs CIAMWhite Paper: DIY vs CIAM
White Paper: DIY vs CIAM
Gigya
 
Internal vs. external identity access management
Internal vs. external identity access managementInternal vs. external identity access management
Internal vs. external identity access management
Tatiana Grisham
 
White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management
Gigya
 
Becoming Customer Centric: A Business and IT Roadmap
Becoming Customer Centric: A Business and IT RoadmapBecoming Customer Centric: A Business and IT Roadmap
Becoming Customer Centric: A Business and IT Roadmap
Plus Consulting
 
Whitepaper: Identity Relationship Management - Happiest Minds
Whitepaper: Identity Relationship Management - Happiest MindsWhitepaper: Identity Relationship Management - Happiest Minds
Whitepaper: Identity Relationship Management - Happiest Minds
Happiest Minds Technologies
 
Understanding Customer Identity & Access Management - Bahaa Abdul Hadi.pdf
Understanding Customer Identity & Access Management - Bahaa Abdul Hadi.pdfUnderstanding Customer Identity & Access Management - Bahaa Abdul Hadi.pdf
Understanding Customer Identity & Access Management - Bahaa Abdul Hadi.pdf
Bahaa Abdulhadi
 
Understanding Customer Identity & Access Management - Bahaa Abdul Hadi.pdf
Understanding Customer Identity & Access Management -  Bahaa Abdul Hadi.pdfUnderstanding Customer Identity & Access Management -  Bahaa Abdul Hadi.pdf
Understanding Customer Identity & Access Management - Bahaa Abdul Hadi.pdf
Bahaa Abdulhadi
 
_Understanding Customer Identity & Access Management- Bahaa Abdul Hussein.pdf
_Understanding Customer Identity & Access Management- Bahaa Abdul Hussein.pdf_Understanding Customer Identity & Access Management- Bahaa Abdul Hussein.pdf
_Understanding Customer Identity & Access Management- Bahaa Abdul Hussein.pdf
Bahaa Abdul Hussein
 
Why should I do SOC2?
Why should I do SOC2?Why should I do SOC2?
Why should I do SOC2?
VISTA InfoSec
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
Prashanth BS
 
Intro To Secure Identity Management
Intro To Secure Identity ManagementIntro To Secure Identity Management
Intro To Secure Identity Management
Product Marketing Services
 
Digitizing Insurance - A Whitepaper by RapidValue Solutions
Digitizing Insurance - A Whitepaper by RapidValue SolutionsDigitizing Insurance - A Whitepaper by RapidValue Solutions
Digitizing Insurance - A Whitepaper by RapidValue SolutionsRadhakrishnan Iyer
 
Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Identity Data & Credential Self-Service
Identity Data & Credential Self-ServiceIdentity Data & Credential Self-Service
Identity Data & Credential Self-Service
Ubisecure
 
Building it infrastructure framework that drives innovation and business perf...
Building it infrastructure framework that drives innovation and business perf...Building it infrastructure framework that drives innovation and business perf...
Building it infrastructure framework that drives innovation and business perf...
GlobalStep
 
Contemporary_Issues_IN_CUSTOMER_RELATIONSHIP_ MANAGEMENT
Contemporary_Issues_IN_CUSTOMER_RELATIONSHIP_ MANAGEMENTContemporary_Issues_IN_CUSTOMER_RELATIONSHIP_ MANAGEMENT
Contemporary_Issues_IN_CUSTOMER_RELATIONSHIP_ MANAGEMENT
PoulomiMukherjee12
 
Enterprise Digital Transformation | The Future of Business Growth
Enterprise Digital Transformation | The Future of Business GrowthEnterprise Digital Transformation | The Future of Business Growth
Enterprise Digital Transformation | The Future of Business Growth
Inexture Solutions
 
Mitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersMitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersBroadridge
 

Similar to Customer IAM vs Employee IAM (Legacy IAM) (20)

White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT StrategyWhite Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
White Paper: Don't Let Your Corporate Strategy be Hostage to Your IT Strategy
 
White Paper: DIY vs CIAM
White Paper: DIY vs CIAMWhite Paper: DIY vs CIAM
White Paper: DIY vs CIAM
 
Internal vs. external identity access management
Internal vs. external identity access managementInternal vs. external identity access management
Internal vs. external identity access management
 
White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management
 
Becoming Customer Centric: A Business and IT Roadmap
Becoming Customer Centric: A Business and IT RoadmapBecoming Customer Centric: A Business and IT Roadmap
Becoming Customer Centric: A Business and IT Roadmap
 
Whitepaper: Identity Relationship Management - Happiest Minds
Whitepaper: Identity Relationship Management - Happiest MindsWhitepaper: Identity Relationship Management - Happiest Minds
Whitepaper: Identity Relationship Management - Happiest Minds
 
Understanding Customer Identity & Access Management - Bahaa Abdul Hadi.pdf
Understanding Customer Identity & Access Management - Bahaa Abdul Hadi.pdfUnderstanding Customer Identity & Access Management - Bahaa Abdul Hadi.pdf
Understanding Customer Identity & Access Management - Bahaa Abdul Hadi.pdf
 
Understanding Customer Identity & Access Management - Bahaa Abdul Hadi.pdf
Understanding Customer Identity & Access Management -  Bahaa Abdul Hadi.pdfUnderstanding Customer Identity & Access Management -  Bahaa Abdul Hadi.pdf
Understanding Customer Identity & Access Management - Bahaa Abdul Hadi.pdf
 
_Understanding Customer Identity & Access Management- Bahaa Abdul Hussein.pdf
_Understanding Customer Identity & Access Management- Bahaa Abdul Hussein.pdf_Understanding Customer Identity & Access Management- Bahaa Abdul Hussein.pdf
_Understanding Customer Identity & Access Management- Bahaa Abdul Hussein.pdf
 
Why should I do SOC2?
Why should I do SOC2?Why should I do SOC2?
Why should I do SOC2?
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
 
Intro To Secure Identity Management
Intro To Secure Identity ManagementIntro To Secure Identity Management
Intro To Secure Identity Management
 
A smarter way to manage identities
A smarter way to manage identitiesA smarter way to manage identities
A smarter way to manage identities
 
Digitizing Insurance - A Whitepaper by RapidValue Solutions
Digitizing Insurance - A Whitepaper by RapidValue SolutionsDigitizing Insurance - A Whitepaper by RapidValue Solutions
Digitizing Insurance - A Whitepaper by RapidValue Solutions
 
Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732Iam cloud security_vision_wp_236732
Iam cloud security_vision_wp_236732
 
Identity Data & Credential Self-Service
Identity Data & Credential Self-ServiceIdentity Data & Credential Self-Service
Identity Data & Credential Self-Service
 
Building it infrastructure framework that drives innovation and business perf...
Building it infrastructure framework that drives innovation and business perf...Building it infrastructure framework that drives innovation and business perf...
Building it infrastructure framework that drives innovation and business perf...
 
Contemporary_Issues_IN_CUSTOMER_RELATIONSHIP_ MANAGEMENT
Contemporary_Issues_IN_CUSTOMER_RELATIONSHIP_ MANAGEMENTContemporary_Issues_IN_CUSTOMER_RELATIONSHIP_ MANAGEMENT
Contemporary_Issues_IN_CUSTOMER_RELATIONSHIP_ MANAGEMENT
 
Enterprise Digital Transformation | The Future of Business Growth
Enterprise Digital Transformation | The Future of Business GrowthEnterprise Digital Transformation | The Future of Business Growth
Enterprise Digital Transformation | The Future of Business Growth
 
Mitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersMitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker Dealers
 

More from Ubisecure

User Management, Enablement, Directory
User Management, Enablement, DirectoryUser Management, Enablement, Directory
User Management, Enablement, Directory
Ubisecure
 
Identity Platform Use Cases
Identity Platform Use CasesIdentity Platform Use Cases
Identity Platform Use Cases
Ubisecure
 
Single Sign-On
Single Sign-OnSingle Sign-On
Single Sign-On
Ubisecure
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & Authorisation
Ubisecure
 
Using Strong / Verified Identities
Using Strong / Verified IdentitiesUsing Strong / Verified Identities
Using Strong / Verified Identities
Ubisecure
 
Using Social & Business Identities
Using Social & Business IdentitiesUsing Social & Business Identities
Using Social & Business Identities
Ubisecure
 
Delegation of Authority
Delegation of AuthorityDelegation of Authority
Delegation of Authority
Ubisecure
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
Ubisecure
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
Ubisecure
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for Applications
Ubisecure
 
Introduction to Mobile Connect
Introduction to Mobile ConnectIntroduction to Mobile Connect
Introduction to Mobile Connect
Ubisecure
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAM
Ubisecure
 
Telia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldTelia - The New Norm of the Digital World
Telia - The New Norm of the Digital World
Ubisecure
 
SSH - Credentialess Cloud Access
SSH - Credentialess Cloud AccessSSH - Credentialess Cloud Access
SSH - Credentialess Cloud Access
Ubisecure
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for Microservices
Ubisecure
 
Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital Identity
Ubisecure
 
Nixu - Passwords must Die!
Nixu - Passwords must Die!Nixu - Passwords must Die!
Nixu - Passwords must Die!
Ubisecure
 
Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018
Ubisecure
 
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
Ubisecure
 
FICORA - Building a Trust Network on Strong Identification
FICORA - Building a Trust Network on Strong IdentificationFICORA - Building a Trust Network on Strong Identification
FICORA - Building a Trust Network on Strong Identification
Ubisecure
 

More from Ubisecure (20)

User Management, Enablement, Directory
User Management, Enablement, DirectoryUser Management, Enablement, Directory
User Management, Enablement, Directory
 
Identity Platform Use Cases
Identity Platform Use CasesIdentity Platform Use Cases
Identity Platform Use Cases
 
Single Sign-On
Single Sign-OnSingle Sign-On
Single Sign-On
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & Authorisation
 
Using Strong / Verified Identities
Using Strong / Verified IdentitiesUsing Strong / Verified Identities
Using Strong / Verified Identities
 
Using Social & Business Identities
Using Social & Business IdentitiesUsing Social & Business Identities
Using Social & Business Identities
 
Delegation of Authority
Delegation of AuthorityDelegation of Authority
Delegation of Authority
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for Applications
 
Introduction to Mobile Connect
Introduction to Mobile ConnectIntroduction to Mobile Connect
Introduction to Mobile Connect
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAM
 
Telia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldTelia - The New Norm of the Digital World
Telia - The New Norm of the Digital World
 
SSH - Credentialess Cloud Access
SSH - Credentialess Cloud AccessSSH - Credentialess Cloud Access
SSH - Credentialess Cloud Access
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for Microservices
 
Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital Identity
 
Nixu - Passwords must Die!
Nixu - Passwords must Die!Nixu - Passwords must Die!
Nixu - Passwords must Die!
 
Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018
 
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
 
FICORA - Building a Trust Network on Strong Identification
FICORA - Building a Trust Network on Strong IdentificationFICORA - Building a Trust Network on Strong Identification
FICORA - Building a Trust Network on Strong Identification
 

Recently uploaded

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 

Recently uploaded (20)

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 

Customer IAM vs Employee IAM (Legacy IAM)

  • 1. THE EVOLUTION OF IDENTITY MANAGEMENT CUSTOMER IDENTITY AND ACCESS MANAGEMENT (CIAM) VS LEGACY IDENTITY AND ACCESS MANAGEMENT WHITE PAPER Connecting Identity. Transforming Digital Business.
  • 2. UBISECURE WHITE PAPER 2 INTRODUCTION Once again, the way companies are doing business is transforming as we see that even the most traditional industries such as manufacturing, energy production, utilities, construction, and processing are embracing the Internet and connectivity. The trend is clear - companies need to gain competitive advantages and diversify their offering. For energy companies producing electricity is no longer enough as their markets now demand smart homes, smart metering and more. Businesses in general are adding more and more online services to their portfolio, no matter what the industry or vertical they are operating. Company boundaries are blurring as businesses interact closely and utilize online services in growing numbers. This growing business ecosystem includes a lot of different stakeholders from customers, partners, and subcontractors to owners and investors. Companies need to engage each stakeholder category in different ways. One service for all will not cut it. Each stakeholder has their own motivation to do business with a provider. They have their own business processes, infrastructure, and identities. When the number of external stakeholders grow, so does the need to better manage these identities. It is not enough to know who is accessing your online services, but also in which role / capacity they enter, or who they represent. Traditional Identity Management solutions, legacy IAM, which concentrate on provisioning employee identities from the HR -system to the Active Directory, and providing Single Sign-On to internal applications are ill-suited for this situation. New ways of thinking is required to improve convenience and loyalty towards customers, to deploy secure online services, to minimize the cost in customer acquisition and external identity management. This white paper looks at the evolution of identity management from legacy to customer-centric (or thing centric), and explores the limitations of legacy IAM for modern, connected business cases.
  • 3. UBISECURE WHITE PAPER 3 INTERNAL VS EXTERNAL IDENTITIES When an investment decision is reached to deploy an Identity Management product there are always business driven factors behind it. It might be about regulatory demands, desire to cut cost, improve security etc. These driving factors are different when we look at internal vs external identities. This translates to different demands to the solutions companies need to select in order to satisfy the business objectives. Let's take a closer look at these different factors, and explain them. PRODUCTIVITY VS CONVENIENCE The technology behind is Single Sign-On, but the driver might be different. Internally the wish is to increase productivity by enabling employees to login into company applications without repeated password entry. For external identities SSO brings convenience for the business customer as they can login from their corporate network to the online services with their own (business) IDs or with credentials they already possess, like social login, Bank IDs or digital identities issued by mobile network operators. For external users it’s a mix of federation and Single Sign-On that increases convenience. COMPLIANCE There's a different emphasis for compliancy in internal and external identities. The driver internally is to comply to the security policy, which might take into account local regulations. Compliance to local regulations typically means that sometimes it might be necessary to enforce stronger authentication to grant access to sensitive information, and maybe use a credential which has a security level described
  • 4. UBISECURE WHITE PAPER 4 by the local legislation / regulation (e.g. NIST, eIDAS or PSD2). The biggest compliance obligation, especially in the EU area comes from the General Data Protection Regulation (GDPR). Customer IAM solutions are designed to help organisations in areas such as consent management, access / management / erasure / transport of user data, whereas legacy IAM solutions are completely out of their depth. EFFICIENCY VS CUSTOMER ACQUISITION Permission workflows such as inviting people to use a service or requesting access privileges with the tools the legacy IAM provides can improve internal efficiency. But for external identities it's a tool to facilitate customer acquisition process by enabling e.g. sales people to invite leads and customers to use the services directly from the CRM, or allowing visitors to quickly register using their existing credentials thus improving conversion and customer satisfaction, and reducing abandonment rates. The workflows and therefore features between the legacy IAM and Customer IAM are very different in these scenarios. STANDARDIZATION VS. OPENNESS IAM can be used internally to standardize access policies and methods, and connect to separate internal identity silos whereas the same solution should enable the business to integrate various kinds of technologies and standards that the external resources use. An internal corporate network gravitates towards standardization whereas the external networks that a service provider wants to connect will remain heterogeneous and diverse. Therefore legacy IAM solutions might not provide the necessary functions or the same open protocols as CIAM solutions typically do. CENTRALIZED VS DISTRIBUTED AND HETEROGENEOUS Again, the underlying technology would be the IAM and much the same way as in standardization, companies wish to centralize the access policies and decision points. Externally the IAM solution should support also decision-making points within the customer organization (who can access) and let the customers manage their own privileges. This means that even though internally the company might select a single standard or process to follow, for external connected identities and networks they need to embrace diverse options and allow for the flexibility that is required in the customer-facing environment.
  • 5. UBISECURE WHITE PAPER 5 INTERNAL CONTROL VS OUTSOURCED & TIERED MANAGEMENT Employees and their access credentials as well as authorizations are controlled internally according to position / job description / project memberships. Externally it makes much more sense to let the customer organization attach (authorize) access privileges to their employees, or even authorise other companies to access an online service as a representor of the company. This would save a lot of effort for the company offering the online service to external companies i.e. customers. Again the functional requirements between legacy IAM and Customer IAM are different. OWNERSHIP VS TRUST Companies want to own their employee identities at least to some extent. The concept of Bring Your Own ID (BYOD) might change this to some degree, but still the ownership of access privileges (roles, authorizations) should remain in the control of the company for internal identities. For external identities trust is much more important as an online service provider should be able to trust the identities coming from the customer domain, and trust that their access privileges are properly maintained within the customer organization. The same applies to the other direction, customers need to trust that the service provider treats their data (e.g. personally identifiable information, PII) according to regulations, such as GDPR. When the provider can provide transparency, access to the data and the possibility of managing, erasing and transporting the data of the customer it creates trust. And trust is the basic building block of a successful business. Legacy IAM solutions are built around the idea that the company owns and operates the data of a user, in customer-facing environment it should be the other way around and this again is reflected in the technical features. Most of the underlying technologies for managing internal and external identities are similar. However, when you can standardize a lot of the infrastructure, software platforms, processes, and authentication methods within your internal environment, you must be able to support a wide range of diverse and heterogeneous customer settings if you wish to offer the extended enterprise experience for your corporate customers. In essence the internal and external identity management practices are polarizing. Legacy identity and access management products which concentrate on streamlining the employee life-cycle management from start to finish have been around for years, and they have gravitated towards certain models best suited for internal corporate processes. Customer Identity and Access Management needs to engage customers, enable service providers develop and launch new business models, embrace and support a diverse set of requirements, improve convenience for the end user, enable cost savings, shorten the
  • 6. UBISECURE WHITE PAPER 6 sales cycle, and more. The fluid business ecosystems that can be nurtured and extended using properly deployed external identity management can make a big impact on the bottom line for any service provider, manufacturer, utility company, retailer, financial or healthcare institute, or even the government. WHY INVEST IN CUSTOMER IDENTITY AND ACCESS MANAGEMENT A lot of the arguments in favor for adopting customer identity and access management solutions for both internal and external identity management are similar. There are however benefits which can be clearly assigned only to CIAM or have a bigger impact on the bottom line. COST MANAGEMENT (REDUCTION) When we use a mobile device and implement the biometric factor in the authentication, it needs to be done properly. Select iOS and Android devices have the capability to scan the fingerprint of the user and their cameras can be used to implement facial recognition, or even iris scanning. The appropriate Customer Identity and access management is a tool to reduce cost related to identities, but also to improve effectiveness of the operations both internally and externally, and enable new online services that in turn can be used to automate and smoothen things bringing in new ways to manage cost of operations. Here are some of the functions within your company where cost savings can be achieved: • Help / Service desk calls: According to studies having self service functions for end users to reset passwords reduced help desk calls related to forgotten passwords by over 90%. This applies for both internal and external identities. However internally an employee might have to remember only a few passwords, but if he's using 5-10 external services, the password fatigue will play a major role and users either forget the passwords quickly or start using poor / repeated passwords. • No password management: If the IAM solution can provide Single Sign-On and Bring Your Own Identity for the customers of the service, password management related costs, such as reset costs, can be avoided completely.
  • 7. UBISECURE WHITE PAPER 7 • Account provisioning / registration: The service provider has to provision their own internal accounts (employees), and legacy IAM can help in that by automation and workflows. A greater effect can be seen in external identities if the provider can simply rely on business identities coming from the customer network. There would be no need for separate account provisioning and life-cycle management for the provider. Customer Identity and Access Management products such as Ubisecure Identity Platform can link the customer to the service and provide life-cycle management functions that the customer organization can utilize. This would minimize cost related to customer account or identity management for the provider. BUSINESS PERFORMANCE The simple metric for business performance is profit. If you are able to increase your profits you are performing better. Identity, authorization and access management solutions can help in ways that you might not have thought of. Here are some examples: • Customer satisfaction: If you can provide for example SSO to your services, your customers will be happy. A satisfied customer will spread the word, and you will get an increase in the number of leads. If you can convert these leads into paying customers, you've managed to improve your performance. • Conversion: The step that you need your leads to take can be an easy one, or a difficult one. Anything you can do to lower the threshold for your lead to turn into a paying customer increases your performance. Customer IAM can be used to improve tracking therefore giving better insight into leads and weed out the most promising ones quickly. Identity management solution such as Ubisecure Identity Platform, which is linked to your CRM to enable instant invites directly from the CRM workspace will definitely improve your conversion rates. The support for multiple 3rd party authentication methods from social to government issued digital identities can be smoothen out the wrinkles in registration flows. RISK MANAGEMENT One of the concerns for companies in moving towards online or cloud services is security. Moving your next generation Nobel prize winning solar panel blueprints into the connected service might be a risk that you're not willing to take. Customer IAM can help you manage risk, but naturally it boils down to
  • 8. UBISECURE WHITE PAPER 8 your security policy and possibly to regulations. Here are some of the areas where you can mitigate risk: • Adequate authentication: Not everything needs to be locked tight. Having different methods available for end user authentication helps you select the appropriate level of identity verification. Lobby services might use social identities, customer extranets would utilize SSO from the customer network, and some parts of your service might require strong two-factor authentication, if e.g. confirming purchase orders above a certain threshold. • No user repositories to hack: Bring Your Own Identity is a way to help your customers use their existing identities. If they can do so, there's no need for you to create a large database with user names and passwords and other customer information that could be potentially accessed from the Internet or gaining access through social engineering and persistent threats. Blogs such as krebsonsecurity.com and others are filled with reports on big hacks on a weekly basis, and if you can avoid becoming the next blog article it will definitely be worth it. CONVENIENCE Another advantage of an IdP is Single Sign-On. Once the user has been authenticated into one application, he can move between the applications without re-authentication. If the initial authentication was done using a lower level of assurance method, step-up authentication is required to access the more confidential areas, and the IdP can take care of this using visually the same kind of login flow. If the user first authenticated with a higher level of assurance method, moving to resources that require lower level of assurance methods will not trigger a new authentication request. • Single Sign-On: Single Sign-On is a cost issue, reducing management cost for the service provider. It's also a big advance in convenience for the end user if they can login into your systems using something that they already have or directly from their own corporate domain, and won’t be bothered with new login screens as they browse through your services or hop from one of your brands to another. • Verified Social Identities: Social identities such as Facebook or G-Suite accounts by themselves are almost worthless as a digital identity. But if you enable your customers to register a Facebook account, and verify it with another, stronger method you end up with a verified social identity, which can be used to give your customers and other stakeholders convenient access to your services.
  • 9. UBISECURE WHITE PAPER 9 • Bring Your Own Identity: On top of corporate Single Sign-On and verified social identities, you can ease the life of your customer by allowing them to access your services with credentials they already own. A good Customer IAM can link these credential to the relevant customer information. • Adaptive Authentication: Strong authentication is not always needed. By using appropriate authentication related to the context, you can improve the customer experience. COMPLIANCE Some industries such as financial and healthcare have existing national or international regulations that can affect how you treat customer information and their electronic identities. In the payment industry you also have PCI-DSS standards (and the upcoming PSD2 directive), which you should follow. Identity, authorization and access management solutions in general have capabilities that you can use to meet the demands set forth in the law or regulations. A much broader compliance requirement comes from the European Union’s General Data Protection Regulation. If you store Personally Identifiable Information (PII) of even a single EU citizen in your databases, you are obliged to be compliant with the regulation on May 2018. Customer Identity and Access Management solutions include a lot of functionality that can help your organisation to implement technical solutions for compliance. Here are a few examples: • Audit trails. It is essential that you can provide proof of the actions taken within your services. Audit logs of the applications used by your customers provide intelligence and proof of their transactions within the service. CIAM provides the link to the identity and under what kind of authorisation the user had conducted these transactions. GDPR reverses the burden of proof to the provider in case of e.g. consent. The provider must be able to prove that they had the users consent if the data subject (user) contests an action involving their personal data. • Proper authentication: Granting access to a resource based on a Facebook identity most probably wouldn't be compliant with regulations that touch the issue of end user authentication. A CIAM solution that can integrate to all eIDAS or NIST -level authentication credentials will guarantee that you have the proper identity assurance in place. • Government issued / recognized identity attribute: Sometimes, especially when dealing with egovernment services, the online service will expect to receive a unique attribute of the user
  • 10. UBISECURE WHITE PAPER 10 as part of the authentication event. In Scandinavia the social security number is something that practically all egovernment services will expect. As the IDaaS is connected to the national eID infrastructure, it can easily deliver this required attribute to the online service. DELIVERY MODELS It matters how you acquire your solution. Experience has shown us that it is best to start with a handful of applications and then extend the Customer IAM solution to cover more services, include additional authentication methods, new workflows, and back-end integrations. For private cloud and on-premise installations Ubisecure can offer the quickest and risk-free delivery model with a pre-configured solution. With 15 years of experience in delivering IAM software to various customers we've created a best practice deployment model which can be up and running in weeks instead of months. After the initial deployment, the delivered solution is fully configurable, and can be extended and modified to accommodate new services, authentication and federation needs, REST integrations, customized workflows etc. With Ubisecure products, no coding is required, not even when integrating the online services to the Customer IAM solution thanks to our extensive support for industry protocols and off the-shelf integration components.
  • 11. CONCLUSIONS Legacy IAM is driven by the IT department, and their need to improve security and reduce admin costs. Legacy IAM is not designed to boost customer experience or convenience. It’s not designed to increase conversion and the creation of new digital business processes. Customer Identity and Access Management is driven by the business. It’s about empowering the customer and increasing trust. With Customer IAM, the goal is to grow existing business, and create new opportunities by forming business ecosystems with subcontractors, customers, partners and other stakeholders. The underlying technology for both legacy IAM and Customer IAM can be similar, but what differentiates these two will be the functionality built on top of those basic building blocks.
  • 12. UBISECURE WHITE PAPER 12 Ubisecure is a pioneering European b2b and b2c Customer Identity & Access Management (CIAM) software provider and cloud identity services enabler dedicated to helping its customers realise the true potential of digital business. Ubisecure provides a powerful Identity Platform to connect customer digital identities with customer- facing SaaS and enterprise applications in the cloud and on-premise. The platform consists of productised CIAM middleware and API tooling to help connect and enrich strong identity profiles; manage identity usage, authorisation and progressive authentication policies; secure and consolidate identity, privacy and consent data; and streamline identity based workflows and decision delegations. Uniquely, Ubisecure’s Identity Platform connects digital services and Identity Providers, such as social networks, mobile networks, banks and Governments, to allow Service Providers to use rich, verified identities to create frictionless login, registration and customer engagement while improving privacy and consent around personal data sharing to meet requirements such as GDPR and PSD2. Ubisecure is accredited by the Global Legal Entity Identifier Foundation (GLEIF) to issue Legal Entity Identifiers (LEI) under its RapidLEI brand, a cloud-based service that automates the LEI lifecycle to deliver LEIs quickly and easily. The company has offices in London and Finland. To learn more about Customer IAM and Company Identity solutions visit www.ubisecure.com or contact us at sales-team@ubisecure.com