Rawpixel.com - Fotolia
“The strengths of CIAM systems vary depending on their roots, which means organisations need to be clear what their objectives are to choose the right system or systems to meet those needs,” he told Consumer Identity World Europe 2017 in Paris.
The trend of CIAM adoption, said Kuppinger, is driven by a variety of use cases, including targeted marketing to increase revenue, authentication of customers to enable single sign-on, providing a better user experience, and regulatory compliance.
“In terms of complying with the EU’s General Data Protection Regulation (GDPR), for example, I believe handling consumer consent centrally and consistently will be very important,” he said.
When considering which systems to use, Kuppinger said there were many different functional criteria for organisations to consider, depending on the use cases that have been identified.
“Although IT will be charged with implementing and running the system, or procuring it from a cloud provider, the decision about what tool or tools to use should be taken by the business,” he said, cautioning against CIAM falling under shadow IT without proper access governance.
“It is important to operate CIAM well, and like IAM [identity and access management], it is important to know who has access to what and to control who has access to the CIAM and related systems.”
In deciding which tools are required, Kuppinger said the first step was understanding the requirements, use cases and objectives, and then matching these to the various different strengths of tools that have roots in enterprise IAM, marketing automation, identity as a service, web security and federation, or customer relationship management (CRM).
Read more about CIAM
- Consumer identity key to digital transformation.
- Consumer identity and access management has benefits for consumers and service providers alike, but is key to digital transformation, says KuppingerCole.
- Business demand for consumer identity management capability is growing to enable new business models, improve customer engagement and ensure General Data Protection Regulation compliance, says KuppingerCole.
- IAM + CRM is much more than simply IAM for external users, says Ivan Niccolai.
“Some CIAM systems also come from greenfield startups, but each tends to have a particular strength, such as workflow in those that have grown out of IAM and scalabilty in those that have grown out of identity as a service,” he said.
Once requirements are clearly identified, Kuppinger said other factors that need to be considered include security, compliance and governance requirements; understanding how IAM and CIAM fit into the bigger information security picture; and understanding how CIAM integrates with and differs from CRM and marketing automation systems.
“My suggestion is to run CIAM as an IT-operated service driven by the business, have a centralised CIAM strategy in your business, and integrate it well with related systems, but understand where it overlaps and integrates with existing identity management systems,” he said.