There is no question - today's customers expect on-the-go access to their data and apps. And you can't do business without satisfying your customers' needs. But securing access to customer data is a very different animal from securing employee access to data. Consumer-facing access management needs to be designed from the ground up for ease of use across channels and scalability, so says a new report from Gartner, which warns there are critical gaps in the way many enterprises address consumer-facing identity and access management (IAM) today.
Much is required of consumer-facing access management systems, according to the report. Business-to-Consumer (B2C) IAM solutions need to support a great customer experience, be able to scale and perform well, be secure, enable web and mobile access and be priced appropriately.
To hit the right balance between security and experience, IT needs to come together with line-of-business partners in sales and marketing to strengthen the security and privacy of consumer-facing IAM implementations.
Key findings from the Gartner report:
Consumer-facing identity and access management must prioritize user-friendliness and may have to scale to very high volumes of users.
Self-service is different for consumers vs. enterprise users because of the focus on external identity federation, privacy and profile management.
Traditional IAM software suites can meet some consumer-facing requirements, but come with functionality not needed for consumer IAM and are often prohibitively costly.
There are product and service offerings designed to meet foundational consumer-facing needs.
The Gartner report recommends companies needing to secure customer access do the following:
Create a customer-friendly registration, profile update and privacy setting experience.
Implement directory services that are likely separate from internal directories and ensure that they can scale to meet demand.
Seek packaged solutions from vendors that specialize in consumer IAM when you have a greenfield project, or current implementations do not meet functional requirements or cost objectives.
Add identity and access management as a service (IDaaS) and open-source products to commercial software offerings as part of your selection strategy.