Identity and Access Management: Expanding to Protect Company and Customer Data

The rise of eCommerce presents unique security and privacy challenges that legacy identity and access management (IAM) systems simply cannot completely address. These challenges center primarily around three areas: scalability, user experience, and performance.

Laptop Computer

Customer Identity and Access Management solutions provide enhanced security for your eCommerce customers.

The digital marketplace is much more complex than its brick and mortar counterpart. The widespread consumer use of social networks and connected devices complicates the security issue further, as consumers expect and demand both an enhanced user experience and a secure digital environment. Thus, legacy IAM systems that were built to work in a brick and mortar marketplace no longer fit the needs of today’s digital landscape.

The Evolution of Identity and Access Management

Legacy IAM systems were designed primarily to effectively manage employee identities, data, and permissions, thus ensuring the security of company data and streamlining business processes. These IAM systems were meant for internal use within an organization. This means that the IAM systems were only scalable to a point, built to handle anywhere from a handful to thousands of employee identities.

In such legacy systems, internal IT departments designed the policies, processes, and permissions given to employees across the company. With security at the crux of the issue, legacy IAM systems focused primarily on mitigating security risks and protecting valuable employee and company data. Data for legacy IAMs was stored in highly structured directories and relational databases.

Customer Identity and Access Management (CIAM) Systems Emerge

Gigya’s “IAM vs. CIAM: A Simple Choice” notes that with the explosive growth of social networks, connected devices, and the increasing complexity of digital marketplaces, organizations must boost their digital performance. That performance is dependent on managing customer identity.

What challenges are inherent in that? The article notes simply: “Managing self-provisioned profiles and customer-generated data within legacy IAM has proven overwhelming and costly.”

Legacy IAM systems excel in managing employee and vender relationships and protecting a company’s sensitive data. However, in ecommerce platforms, it is not only employee and company data which must be protected. You must also protect the data of your customers, while simultaneously providing them with a user experience that will keep them engaged and coming back to your eCommerce site again and again.

Forrester states: “Business leaders entrust their security teams to protect customers’ privacy and shield them from fraud and other malicious activities. To do this, security and risk professionals must implement solutions that authenticate customers’ identities across all channels – digital and nondigital – and help the firm manage their access to services and sensitive data.”

For security and risk professionals, the challenge is to strike a balance between providing a seamless customer experience and ensuring security. Forrester continues: “Customer identity and access management (CIAM) can significantly detract from customer experience if it is overly burdensome; however, if it’s not strong, it doesn’t provide enough security.”

How IAM and CIAM Systems Differ

So, how do IAM systems and CIAM systems stack up in terms of scalability, user experience, and performance?

In the area of scalability, CIAM systems are designed to scale according to need. In some cases, CIAM systems may adequately manage billions of distinct customer identities at any one time. This contrasts sharply with legacy IAM systems, which were simply not designed to handle anything close to that number of distinct identities.

In the area of user experience, identities come from a number of different sources over time as users voluntarily register within the system from a variety of devices across multiple channels. Personalized interactions determine the final user experience.

This differs from the user experience provided in IAM systems. With an IAM system in place, user experience is defined by the permissions and processes dictated by IT policies for the organization. Furthermore, such IAM systems were designed to handle data coming from a central internal source, usually HR departments.

Performance in a CIAM system is optimized for user experience, whereas performance in an IAM system is dictated by security protocols initiated by IT. Unlike IAM systems where data is highly structured, data in a CIAM environment is coming from a number of sources and is largely unstructured data.

Why CIAM Integration is Essential

Integrated CIAM systems manage customer identities as well as employee identities that were once managed in legacy IAM systems. This integration provides significant advantages. Forrester’s “Market Overview: Customer Identity and Access Management Solutions” lists two main advantages of CIAM systems:

1) CIAM systems provide a better customer experience.

The quality of the customer experience you provide is a competitive differentiator for your organization. Companies who improve the customer experience typically see improvement in their bottom line as well. Customers want to interact with your company via a number of mobile devices and various browsers. CIAM systems enable customers to have a seamless experience across multiple channels, while still protecting their sensitive data.

2) A good CIAM system provides valuable insight for marketing and sales.

While its primary goal is security, a CIAM system captures data that provides your organization with a more holistic view of your customers. Thus, CIAM systems in effect bridge the gap between security and marketing, filling in pieces of the overall customer profile to inform marketing decisions. An added benefit of this marketing advantage is that many organizations decide to allocate additional funding to IT departments based on the fact that good customer identity and access management usually yields a positive ROI.

Secure Sign In

Are you providing adequate security for your customers, employees, and valuable company data?

The Bottom Line

Legacy IAM systems are designed to ensure security of employee and company data. However, even for companies who have successfully implemented IAM systems, much more is needed to address the challenges of maintaining security for eCommerce customer data.

In the areas of scalability, user experience, and performance, a strong CIAM system provides an alternate solution that addresses the need for security while still aligning with business objectives and marketing goals.

CIAM systems scale from hundreds to potentially billions of users. Additionally, CIAM systems provide a better user experience, thereby bolstering your brand while still maintaining a secure environment for your customers and valuable data assets. Thus, CIAM systems help your organization to achieve a good balance between usability and security. To find out more about CIAM solutions for eCommerce, contact us today!

By Inframatix