Putting the ‘C’ in CIAM
By Kimberly Biddings VP of Product, BIO-key International
In setting up identity and access management (IAM) solutions, different users make for different approaches. What works for securing an organization’s internal networks won’t fit the needs of customers. The difference between IAM and customer identity and access management (CIAM) is vast. While IAM represents the cost of doing business, CIAM has a direct impact on revenue. Where IAM focuses on security and efficiency, in CIAM convenience is king.
Setting up a CIAM platform that will work not only now, but also tomorrow will be key. Part of the convenience customers expect is a streamlined system that doesn’t change with every new technology. In looking for CIAM solutions it’s important to see the differences between IAM and CIAM and prepare to streamline systems that will make a customer’s experience secure and convenient in a rapidly changing space.
Employee expectations and realities
IAM is distinct from CIAM in its scope. While a company might have hundreds or thousands of employees to authenticate, their customer base will generally be much larger. As a group, employees are more homogenous and have a higher tolerance for the frustrations that sometimes accompany authentication. For example, an employee may be willing to practice good cyber hygiene like updating their passwords monthly, going through extra layers of security with one-time passwords or the use of hardware tokens, and generally are willing to take more steps in the process of securely accessing company networks. The company can prescribe a path for them that does the best job in securing critical data, and then ask their employees to jump through hoops to maintain it.
All of this means that internal access is more predictable. Equipment can be issued to employees to standardize the devices being used to login and generally things like the locations and time zones of employees are known. As a result more rigid systems can be applied in IAM when dealing with internal networks.
Those tricky customers
Customers on the other hand, are a different animal altogether. They demand flexibility and can always go to another brand to find it. Putting the customer experience at the center of any CIAM approach is crucial, as 88 percent of people report they will go to another site if the user experience (UX) is bad, and user authentication is commonly the first step in that journey. With potentially millions of customers on the line, streamlining the authentication experience across devices, geographies, and demographics is essential. In order to provide bespoke online experiences more and more personal data is being collected and stored. A personalized experience is no longer a nice novelty, but an expected piece of the customer experience with 71 percent of people frustrated by impersonal shopping experiences.
Choices and challenges
With revenue on the line, companies need the most flexible, convenient method possible for consumers to access their data and unlock their personalized online experiences. Single click sign-on methods, like signing in with a social or google account, have risen in popularity but they still don’t satisfy the needs of every customer. Despite Google and Facebook being fairly ubiquitous, not everyone has a social media account and some don’t use Google’s services. It would be a mistake to limit customer’s access based on whether or not they use a third-party service. Furthermore, a successful authentication method needs to be device independent, as businesses hope to reach customers across touchpoints including laptops, mobile devices, and even over the phone.
This is where centralized biometrics offer a unique solution. While traditional CIAM strategies rely upon a customer either remembering something like a password, or having something like a social media account, biometrics measure something you are. While a password can disrupt a streamlined login experience if it is lost and needs to be replaced, having a template of a palm scan, or voice recognition implemented means never forgetting your login credentials.
Centralized biometric systems, like identity-bound biometrics, enroll a customer’s biometric with the organization so they can authenticate from anywhere. This device independent approach means that customers can gain access across touchpoints without having to enter in any new information or rely on having a particular device with them at the time. Biometrics can be a single step authenticator, removing the need for passwords or a second layer of authentication and still remain secure. This empowers cross integration with payment platforms- another key piece in the CIAM puzzle. As Visa and other card carriers look to move to biometric confirmation for more secure payment methods and fraud prevention, centralized biometrics will be important in ensuring customers don’t need a separate login for things like payment after they have already accessed their account.
As technology brings us custom tailored online experiences and consumers expectations rise, establishing innovative approaches to CIAM is key. Since everyone has a biometric measurement that is immutable to themselves, centralized biometrics are an egalitarian option that allows access to everyone. A streamlined process that addresses customer pain points while still maintaining security is what CIAM is crying out for, biometrics may well be the answer.
About the author
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.