As the amount of data generated by always-connected consumers continues to increase, IT departments are scrambling to deploy technologies that are able to put that data to use. Understanding how to safely leverage this data using established business systems is a major challenge. Historically, this task fell to legacy identity and access management (IAM) technologies, which could easily manage hundreds or thousands of corporate employee identities and devices. Customer identities and devices, however, number in the millions, and managing that much data exposes several shortcomings in traditional IAM technology.
Scale and Scope
The largest on-premises IAM systems are designed to accommodate users and devices that number in the hundreds of thousands – occasionally, millions. Managing consumer-generated data can multiply those numbers by 100 or more. In addition, IAM solutions integrate primarily with internal applications and processes in order to simplify and enhance the employee or partner experience. Managing consumer identities entails integration with a set of applications that have different functionalities and purposes.
IAM systems are built on highly structured, relational data schemas. However, the majority of consumer data is unstructured. In order for these unstructured attributes to have value, they must be normalized so they can be queried alongside structured data.
IAM providers use perimeter-based security measures that are less-effective when handling customer identity data that must interact with multiple third-party services and identity providers, while remaining relevant and secure as profiles are progressively built over time.
Initially, IT professionals addressed these shortcomings by adapting IAM systems or building custom solutions themselves. Now, specialized customer identity and access management (cIAM) vendors are developing cloud-based platforms to manage the volumes of unstructured consumer data and generate actionable insights. Best-in-breed cIAM systems feature:
- Enhanced user experiences – Self-service registration and password management plus single sign-on access across websites, mobile applications and other Web properties reduces friction and drives customer engagement.
- Valuable customer insights – Omni-channel data synchronization maintains a single, definitive customer view gained through functionality – such as progressive profiling – which provides a deeper understanding of customers and builds trust over time.
- Security and compliance – API-focused transactional security, data encryption and redundancy, plus automatic compliance with social network privacy policies and government regulations keep businesses safe and compliant in a changing marketplace.
- Robust cloud platform – The cloud’s flexibility enables plug-and-play integrations that accelerate time-to-market, as well as scalable architectures for rapid change and growth. The streamlined deployment process reduces development costs associated with custom integrations.
Cloud-based cIAM platforms offload the burden of safely managing structured and unstructured customer data. The technology excels at connecting multiple APIs in a multi-tenant environment, delivers extreme operational flexibility, and includes built-in software integrations for greater agility and flexibility. Customer and internal data assets remain discreet, minimizing the impact of breaches.
Security Takes Center Stage
Cloud and on-premises solutions face the same types of attacks and breaches. According to a 2014 Alert Logic Cloud Security Report, overall attacks remain much more likely to occur in on-premises environments than in the cloud. But, breaches are on the rise in cloud-based environments, likely due to wider adoption of cloud-based over on-premises solutions, and the migration of “higher value” data into the cloud. In response, cloud providers strive to build strong security measures into their core architectures.
Cloud-based cIAM platforms rely on API-focused security, rather than firewalls, which tend to control access for classes of users. These identity-based security policies have evolved with cloud technology. API-based protocols used by identity providers have a largely open-source background, allowing them to easily adapt. Best practices for working with self-provisioned identities indicate that each transaction should carry within it the attributes required to authenticate and authorize users.
Since leveraged customer data will typically be acted on at many endpoints, best-in-breed cIAM solutions have strong authentication, authorization and auditing policies in place, such as OAuth 2.0 and SAML. In addition, personally identifiable information is encrypted when stored and transmitted. Strong roles and permissions policies enforce tight control over user access, and robust audit logging tracks errors and bugs in the system.
Finally, risk-based authentication minimizes friction for users by evaluating risk on each login instance and triggering a two-factor authentication only when necessary. As the “Internet of Things” grows in scale and complexity, this methodology will become increasingly important for practically all digital transactions.
Best-in-breed cIAM platforms also provide auto-compliance with data-privacy policies. A recent survey found that 96 percent of U.S. consumers are at least somewhat concerned about their data privacy. Working with user-provisioned data means businesses must stay in compliance with frequently changing social network privacy policies, as well as with government regulations that apply to any service that interacts with that data. Maintaining this level of compliance on an ongoing basis is risky and time-consuming. Cloud cIAM solutions automate this process.
Cloud Platforms Deliver the Best Solution for Managing Customer Identity Data
Many revenue-driving business systems rely on customer identity management functionality that is outside of the scope of legacy IAM technology. Best-in-breed cloud-based cIAM platforms offer a streamlined deployment that shortens time-to-market, scales to fit business needs, and enables faster and easier integration with applications that help businesses monetize their customer data. Finally, cIAM’s API-based security ensures more secure transactions, while building customer trust and protecting data privacy.
Suresh Sridharan is Senior Director of Technology & Product Strategy at Gigya (News - Alert), the leading customer identity management platform with more than 700 customers, including Fox, Forbes and Verizon. He is a 20-year veteran in enterprise software and held key product management positions at Sun Microsystems (News - Alert), Oracle and Okta prior to joining Gigya. When Suresh is not helping IT teams realize the power of customer identity data, he enjoys spending time with his wife and two daughters, hiking and practicing yoga.
Edited by Stefania Viscusi