Part 2: The Value that Only CIAM Can Deliver

August 22, 2017
Dustin Maxey
Director of Product Marketing

In my first blog post in this series, I discussed the differences between employee identity and access management (IAM) and customer IAM (CIAM). Its impact on customer experience, the sheer number of users and the presence of strict privacy directives, among other differences, have granted CIAM its own place in the field and its own unique requirements.


As customer IAM has come into its own, some providers have begun to include capabilities you'd expect to find in marketing technology, such as customer analytics, editable forms and visualization dashboards. It's easy for non-technical decision makers to focus on features that align with marketing goals, but organizations can't dismiss core technical requirements. The true benefits of CIAM are only achievable with a solution that's purpose-built to address the security, scalability and multi-channel user access that customer IAM demands.


There are thousands of powerful platforms and services that specialize in helping marketers do what they need to do, from user behavior tracking to campaign personalization. But a so-called customer IAM solution that encompasses a broad yet shallow feature set won't have the depth of specialization to satisfy the requirements of both marketing teams and security and IAM professionals.

Unique capabilities of CIAM

Let's take a look at some of the critical requirements that can't be overlooked in favor of marketing-centric features and functionality. These can only be met by a deep, security-focused approach to customer IAM.


While CIAM offers many powerful benefits, it's a security platform at its core. In this year's Ponemon Data Breach Report, the average cost of a data breach per lost or stolen record was $141. Multiply that by millions of users, and you've got a costly problem on your hands. Not to mention the negative impact on your brand reputation and loss of trust with your customers.


It may be unwise to completely entrust your customer's security to a third party if their focus is on marketing conversions, rather than robust security features. Choosing a CIAM vendor with deep IAM knowledge and well-documented best practices, including end-to-end data encryption, active and passive alerts and sophisticated multi-factor authentication (MFA, is the best way to make sure you're protecting customer identities, from authentication down to the data layer.

Scalability and performance

It's easy to use terms like "scalable" and "high-performing", but much harder to achieve. Even the terms themselves have arbitrary meanings. Make sure a solution's availability and performance can meet your SLAs, and that there are referenceable customers who endorse its ability to handle your growth plans. Even the shortest period of downtime can have massive consequences when you're managing millions of customers.


Horizontal scalability, entry balancing, elasticity to handle peak usage scenarios and securing data at large scale are all possible with the right CIAM solution. Have your IT and security teams evaluate the finer details of what's under the hood to avoid lags, outages and scaling difficulties down the road.

Unifying identity and profile data

Single sign-on is essential to providing a consistent log-in and authentication experience across channels. Once customers have signed on, a single, unified view of customer data will help you deliver consistent omnichannel experiences. When you maintain a single source of truth, customers don't have to update their information in multiple places, and data can be applied across applications for improved personalization.


Many cloud-based Identity as a Service (IDaaS) solutions will tout the ability to achieve this unified profile. But this unification process often requires an organized, already unified set of all their identity and profile data. This cloud-ready set of customer data simply may not exist. If IDaaS is your choice, make sure the solution has the capability to work with your existing infrastructure and to facilitate that unified profile.

Privacy and controls

Enforcing customer consent before sharing data with applications is necessary to avoid privacy violations and ensure regulatory compliance. But you can't really ensure that only the necessary data is shared if you only have coarse-grain access control. Plus, governing access to data can be nearly impossible to manage on an app-by-app basis.


Customer IAM solutions with a powerful policy engine can enforce consent on an attribute-by-attribute level with centralized policies. They give customers insight and control over how their data is being shared and with whom. Look for fine-grained data access governance to make sure you have control over the flow of data across all applications and that you comply with privacy directives in any current or future environment.

Supercharge the core of your CIAM

Your IT architecture will only get more advanced and your use cases more varied as you adapt to future technology and new requirements. Your users will multiply. New laws and regulations will arise and others will change. New protocols and new applications will be developed. Your customers will demand faster, more innovative ways to engage.


Your customer IAM must be powerful enough to adapt to these evolving requirements. It must enable your digital transformation and growth, not become an obstacle. It must be built on the core components that only a dedicated CIAM solution can provide, supercharged far beyond what would be necessary for employees.


There's no denying that customer IAM will help solve marketing challenges, making marketing leaders an important part of your decision making team. But a solution that focuses primarily on answering today's marketing needs simply won't have the necessary depth to meet future CIAM needs--and ultimately won't satisfy your marketing team either.


IT must take the lead to determine the right CIAM solution, one that is built from the ground up with a focus on providing secure, scalable and high-performance access to all applications and channels for years to come.


To learn more about customer IAM and its unique requirements, visit our website.