9 - Ensuring Success

Measuring CIAM Success as a Whole


Because CIAM spans both security and business agendas and value, you need to define a set of criteria that measures its impact across the organization. Successful teams will track and communicate the positive impact their CIAM solution has had on customer acquisition rates, conversion rates, retention rates, password reset cost reduction, identity administration and more.


Forrester Research has developed a balanced and comprehensive CIAM scorecard(9) that highlights the importance of CIAM to marketing and business stakeholders. It can help security teams more easily get the funding they need for revamping and improving their CIAM solutions for customer-facing web properties and mobile apps.


To measure CIAM success, Forrester highlights these key areas to consider:

  1. Work for the top line by creating customer-facing IAM metrics.
    If a customer-facing app isn’t performing, CIAM metrics like slow logins and high abandonment rates can highlight the importance of smooth CIAM to marketing and business stakeholders, and help security and risk functions get funds for improving CIAM.

  2. Improve the company’s security posture.
    To reduce the risk of security breach, business leaders and CIOs can use CIAM metrics, like uncorrelated accounts, weak or expired passwords, or time to deprovision user access, to expose weaknesses that cybercriminals can exploit.

  3. Highlight and quantify surprising operational inefficiencies.
    Identify process bottlenecks and eliminate them. CIAM metrics often lead to the identification of significant operational inefficiencies, like improper resource allocation and unusually long wait times for access permission.

  4. Demonstrate the benefits of CIAM automation—including reduction of compliance costs.
    Track how CIAM reduces the number of password resets and authentication times to help pass compliance audits, and to prove the ROI of your CIAM project.


  5. Increase employee, partner and customer service and satisfaction, while improving business agility.
    Use metrics to show how automatic CIAM features like self-service enrollment, password resets and profile updates can reduce the time it takes to complete access requests, saving the organization money and improving satisfaction and productivity.

  6. Ensure smooth, on-time completion of CIAM projects.
    Define and track common quantifiable goals, like reduced password resets and identity compliance findings, that are priorities everyone can identify with.

(9) Andras Cser and Merritt Maxim, Identity And Access Management Metrics For Business Value Performance Management: The Identity And Access Management Playbook, Forrester, May 27, 2016.