5 - Evaluating Options

Choosing the Best CIAM Approach


Before you select a CIAM solution, you have to identify the right approach for your organization. Your choices generally include modifying existing infrastructure, building a CIAM solution in-house or adopting a purpose-built solution.


Let’s review the basic definition of these three common approaches and the key considerations of each, plus take a snapshot look at the thoroughness of each approach.


Modifying An Existing Infrastructure

Approach: Repurpose a traditional enterprise IAM stack (Active Directory, Oracle, Novell, CA).

You may be tempted to squeeze more value out of your enterprise IAM stack. While there are elements of traditional stacks that match the capabilities required for CIAM solutions, they are few.


It makes sense when you think about it. Most IAM solutions were built decades ago for web applications. Back then, all apps were on-premises, and users (employees) and endpoints (enterprise-owned devices) were controlled. These legacy systems were built to favor employee efficiency over user experience.


In the customer-facing enterprise, delivering a seamless experience is a top priority. Furthermore, the scalability and security required to enable customer access anytime and on any device far exceed the capabilities for which traditional IAM was intended.


Key Considerations:

  • Lack of horizontal scalability and elasticity hamstrings your ability to accommodate typical spikes in customer engagement.

  • Lack of easy integration for strong authentication and no strong password encryption (PBKDF2/scrypt/bcrypt) open security risks.

  • Not being architected with customers in mind leaves no ability for self-service registration and account management.

Building A Solution In-house

Approach: Build your own identity platform on top of NoSQL (Cassandra, MongoDB).

Before building a custom CIAM solution or extending one you’ve already built, you should consider the full weight of a DIY approach. The staffing required for ongoing maintenance, the long list of standards and best practices for the many capabilities you’ll need to build, the defending of your security to S&R teams, and the often lengthy implementation time are just a handful of the issues many organizations face after they’re knee-deep in building a custom CIAM solution.


To assess the full scope of architecting a homegrown CIAM solution, you need to analyze all aspects of customer engagement and determine the features, standards, best practices and regulatory requirements associated with each. This exercise will produce a lengthy to-do list and will likely illuminate the many advantages of purchasing a CIAM solution.


Key Considerations:

  • Lack of support for standards requires developing your own identity-centric APIs, resulting in project-specific solutions that aren’t easily extensible across the organization.

  • Managing passwords yourself increases overhead and risk.

  • It’s nearly impossible to synchronize changes out of these environments, dramatically increasing cost of maintenance.

Adopting A Purpose-built Solution

Approach: Choose a solution that is purpose-built for CIAM.

Purpose-built CIAM solutions cater to the specific challenges customer-facing enterprises have in today’s digital world. They have capabilities ranging from SSO and data access governance to data synchronization and encryption. In hybrid environments, they ease the process of cleaning up an existing, disparate identity infrastructure to create a scalable, unified profile.

Solutions built specifically for CIAM incorporate best practices to facilitate successful implementation. Those include scalability, privacy, registration and end-to-end security. These challenges are insurmountable when trying to repurpose an existing employee-centric IAM stack, and they’re often more intricate and time-consuming than expected with a DIY approach.


Key Considerations:

  • Synchronization capabilities ensure a smooth migration and unification of customer identity and profile data, even in hybrid environments.

  • Being purpose-built to address the scalability and elasticity requirements of peak and/or unpredictable usage makes meeting even stringent SLAs easy.

  • Out-of-the-box best practices for registration, SSO and other CIAM features make deployments and maintenance easier than with other approaches.


Chapter 6