2 - CIAM vs. Enterprise IAM
“Consumer use cases are different from employee use cases.
CIAM implementations require specialized functions to support the consumer user
experience and to leverage standard IAM capabilities in different ways.”2
Enterprises shouldn’t be fooled into believing an IAM solution that’s purpose-built for employees is a good fit for their customer interactions. Why? Because customer needs are very different than those of employees.
Your employees are expected—if not explicitly required—to comply with and conform to your systems and technologies. There isn’t a great need to fine-tune digital experiences in the workplace, unless they begin to detract from employee efficiency.
Customers, on the other hand, have a choice. They either choose you or they choose your competitor. Their decision is based on a number of factors, ranging from experience to security. From both your company’s and your customers’ perspectives, there are several key differences that set CIAM apart from employee IAM.
The unique requirements of customer identity—scale, performance, privacy, usability and multi-channel support—have made CIAM its own market segment with competitive offerings. These requirements are widely agreed to be distinct from traditional employee IAM solutions. As a whole, the industry recognizes that treating customer identities as an extension of existing enterprise IAM solutions isn’t the right approach.
Given the growing number of CIAM solutions available, choosing wisely is important. Done poorly, CIAM can be a burden and significantly detract from the customer experience and business agility. And if it’s not secure enough, you run the risk of being the next brand making headlines for a major breach. Striking the right balance between experience and security is key.
At the most basic level, a CIAM solution needs to solve for the complete spectrum of activities related to delivering a secure, seamless customer experience:
Convenient self-service registration, account management and account recovery features
Single Sign-on (SSO)
Customer authentication to internal and partner applications, using a common set of credentials or social login
Multi-factor Authentication (MFA)
Secure, fully customizable MFA that balances security and convenience for customers
Unified Profile Across Channels
Creating a unified view of the customer from disparate identity repositories that is accessible to all applications
Scale and Performance
Low-latency, high-performance access to identity and profile data from many millions of customers
Enforcing customer consent and governing access to identity data on an attribute-by-attribute level to ensure privacy regulatory compliance
Securing customer identity and profile data from authentication to the data layer
You may have noticed there there is some overlap between employee and customer IAM. For example, SSO, profile unification and security are requirements when managing both employee and customer identities. However, customer IAM requires different capabilities and poses unique risks. We detail specific CIAM solution requirements later in Chapter 7.
(2) Mary Ruddy and Lori Robinson, Consumer Identity and Access Management is a Digital Identity Imperative, Gartner, Dec 30, 2015.
Analyst Report: KuppingerCole Leadership Compass, CIAM Platforms
White Paper: Getting Customer IAM Right
White Paper: Multi-factor Authentication for Customers