James Thew - Fotolia

A single, integrated consumer ID system is best, says Martin Kuppinger

A bi-modal, integrated IAM system will help avoid the pitfalls associated with other approaches to consumer identity, according to Martin Kuppinger

A single system is the best way to approach consumer identity and access management (Ciam), according to Martin Kuppinger, principal analyst at KuppingerCole.

“One Ciam that is owned by the business but operated by IT as a service with tight integration to employee IAM [identity and access management] is my recommendation,” he told the Consumer Identity Summit in Paris.

According to Kuppinger, this approach will ensure the result is consistent, efficient, feature-rich, integrated, compliant and secure, while removing any doubt about ownership.

“Running Ciam, employee IAM and cloud identity services independently of each other will not work. It’s better to define one IAM strategy and integrate everything well,” he said.

Kuppinger recommended a central Ciam system that is used by all business departments within a defined framework, such as standard privacy settings.

“Decentralised Ciam, where each business department does its own Ciam per use case or per portal is typically complex, costly and risky from a legal requirements point of view,” he said.

There is a growing demand for Ciam capability as businesses see the benefit of getting to know their customer better to provide better services, customer experiences and consented tailored marketing.

Implementing Ciam as a service owned by the business, either operated by IT or a cloud service provided by IT, eliminates the challenges of “shadow IT” that arise when the business runs Ciam independently from IAM as a cloud service.

Read more about consumer identity

This approach is also preferable to IT-owned Ciam, where IT typically considers Ciam as an IT tool that commonly leads to a technology-focused approach, rather than a customer-focused approach.

“Tight integration with employee IAM enables the organisation to have a single view of IAM,” said Kuppinger.

This approach, he said, is preferable to having a separate Ciam that will not necessarily include proper access governance and be capable of dealing with complex lifecycles for access to back-end applications.

“Trying to extend existing employee IAM to include consumers results in problems with scalability, ownership and features,” he said.

The strength in combining Ciam and IAM

A combination of Ciam and IAM, or “bi-modal” IAM, provides the strong foundation in lifecycles typically found in traditional or employee IAM, while delivering the scale and flexibility typically found in Ciam systems.

This recommendation is closely allied to his view of Ciam as “IAM at scale plus customer experience”. Similarly, he views knowing and serving customers better as requiring a combination of Ciam, governance and customer interaction.

However, Kuppinger also recommended that organisations should prepare to change service providers within the next few years.

“The Ciam market is quite young,” he said. “Within five or even one to two years from now, the market leaders may be different.

“So expect that you might have to change your Ciam service provider, and prepare for it by following a service-oriented approach, where you state the services provided by the engines and that you know how to exchange the engine.”

Read more on Identity and access management products