Taking Identity Out of the Corner and Into the Light Part One: CIAM 2.0
Over the wall. Drilling down. Synergize. Drill the ocean. What do all these phrases have in common? You hear them in business all the time, and everyone has their own interpretation of what they mean.
For many years, the same could be said of “digital transformation.” It was an umbrella term used to mean whatever the person talking about it wanted it to mean.
Digital transformation has been a top priority for every Fortune 500 firm for the past few years. However, in the shadow of COVID-19, we are seeing organizations worldwide congeal around a unified concept of what digital transformation is and the technology and processes needed to make it successful.
Changing Perceptions on Digital Transformation
Proof of this change is the increased interest shown by CEOs and business leaders on digital transformation. Previously, it was felt that digital transformation was the purview of the CIO. Now, instead of going along for the ride, CEOs are in the driver’s seat as a force actively pushing digital transformation.
In fact, around 75 percent of executives have commented that digital transformation was a key point on the agenda of the CEO, Executive Leadership Committee, and BOD throughout the initiative’s lifecycle.
It is now being seen as an end-to-end enterprise endeavor with the board and the executive team putting their full weight behind it. This change is due in part to the fact that business leaders have seen the link between digital technology and increased revenues.
This is a welcome development to those who have been the cheerleaders of digital transformation for years. It also means that those of us more familiar with the tech side of the cybersecurity landscape need to get better at communicating the financial/business value that digital transformation offers.
Digital Transformation and Identity Security
It’s not fair to give all the credit for the changes we see in digital transformation today to reactions to COVID-19. The pandemic only sped up the pace of a trend that was inevitable.
The three forces that powered the accelerated adoption of digital channels were economic downturn, digital acceleration, and preference shifts. In a snap, digital adoption that should have taken a decade happened in days.
The changes in the digital landscape were drastic. And they are unpredictable. There is no linear progression, nor is there a guarantee that technologies or cybersecurity initiatives currently adopted will have the sticking power to be around weeks or months from now. Everything depends on how satisfied organizations and their customers are with their new experience.
What will be constant from now on is change. The digital revolution requires a modern, flexible approach to identity. Organizations are assembling the personnel and technology to maintain their competitive advantage during these transformative times. Cybersecurity is and will continue to be the bedrock supporting digital transformation.
In this and the four subsequent posts, we will discuss key identity trends leaders with progressive vision are embracing to position themselves ahead of their competition. These trends include:
- The Next Wave of CIAM
- Maturation of Zero Trust
- Improving the Identity Stack
- Evolution of IDaaS
- A New Breed of Managed Security Services
The Next Wave of CIAM
CIAM stands for consumer or customer IAM. This is a natural starting point for digital identity transformation because what customers expect from websites and applications has drastically changed.
Customers equal revenue, and that’s the language CEOs and executives understand. Their adoption of digital transformation initiatives stems from an understanding of how it impacts customer loyalty, customer retention, and revenue generation. Customer-facing goals, like those addressed by CIAM, are at the top of the 90 percent of businesses objectives for digital transformation.
CIAM is not new. Any of us who have signed in with our Google account or use other social sign-in have had to interact with CIAM in one way or another. What is new about CIAM 2.0 is a focus on revenue-specific digital initiatives.
Before going further, it is good to differentiate IAM from CIAM.
What CIAM Is, and What CIAM Is Not
CIAM is not IAM marketed to customers like some digital identity version of “New Coke.” CIAM started in the B2B and B2C space and is now growing into the B2Gig economy and the growing acceptance of the Internet of Things.
IAM is about security within the enterprise environment. Security is first and foremost because the end-user is a paid employee who will jump through a reasonable number of hoops in order to access the tools and applications needed to do their job.
CIAM, on the other hand, is about customer engagement, customer loyalty, and customer retention. Sure, you and I understand the important role that cybersecurity plays in effective CIAM. However, business leaders could give two shakes of a cat’s tail about security when talking about CIAM. You try to pitch CIAM to them from a security standpoint and will quickly find yourself on the other side of the door.
Why? Because many businesses have invested millions of dollars in IAM solutions that have slowed things down, crashed at the drop of a hat, and just aren’t user-friendly. There is no way that they are going to want their customers interacting with technology like that.
They know that CIAM has a real and immediate impact on revenue. Poor user experience is a proverbial headshot for organizations in today’s digital-first economy.
The CIAM needs of one organization can be similar yet simultaneously drastically different from those of another organization. There are so many nuances involved when dealing with customers as opposed to interacting with enterprises.
Catering to Customers with Refined Taste
If all you know of whiskey is a $10 bottle of Kentucky blend and then one day someone hands you a glass of Macallan Valerio Adami 1926 that recently auctioned for over $1 million, you will never go back to drinking $10 a bottle of whiskey again. You know how good it can be, so anything less is just frustrating.
This is what has happened with your customers and their user experience when visiting websites or using applications. You can’t offer customers a clunky user experience and tell them it is in the name of security. They know what CIAM feels like when it works correctly, and anything less is just frustrating.
CIAM has to function seamlessly and improve the customer’s experience. If you interrupt their experience and force them to remember things like passwords or take multiple selfies or images of documents, they are going to get frustrated. At the same time, you have to instill confidence in customers that at every stage of the buying experience their privacy and their security are paramount.
There are too many options available for customers to get the same product and the same service that you offer. They won’t put up with a poor experience.
Second wave CIAM must be scalable and able to address customer volume while being able to handle unpredictable infrequent user spikes. Proof of this is seen when you look at certain investment applications that have crashed when unexpected rises in prices of cryptocurrency have led to an increased volume of trading. The customer backlash is fierce, and the public is unforgiving.
The final aspect of CIAM is the ability to offer a seamless experience that puts the customer first while giving the customer control over their privacy preferences. Customers need to manage their privacy preferences regardless of where they are or how they are connecting to your app or website. CIAM must comply with the regulatory compliances put in place by the government.
CIAM is a collection of tools that can help you get to know your customers and give your customers a unified and personalized user experience across multiple channels. Their customer satisfaction increases. Customer loyalty increases. And, ultimately, business revenue increases.
Zero Trust has been a popular topic for some time now. Is it the next meaningless buzzword, or is it a practical, achievable approach to improve cybersecurity? This will be the topic of part two of our discussion.