There’s a new IAM in town. A hipper, often fancier IAM.
It’s called customer identity and access management (CIAM). And it’s helping all kinds of businesses improve their bottom lines, each and every day.
What’s CIAM and why should you care?
CIAM handles not only internal IAM (the identity and access management for your employees, contractors and other stakeholders), but also the IAM you need for all the other people who access your web and mobile applications from outside your organization.
With a strong CIAM solution–one that scales to include multiple customer bases, lines of business and partner solutions–you can:
- Register and authenticate all customers, contractors, vendors, suppliers, volunteers, outsourced workers, and other external users.
- Manage all of these identities, not just those of employees.
- Offer customers and others access to any internal, on-premises and cloud applications.
Those are just the basic advantages, though. CIAM solutions go beyond security to improve your customer relationships.
How? Simple. Digital interactions take customers and other parties from “nameless and faceless” to “known.” Meanwhile, your business is building profiles based on demographics and psychological behavior. Soon, you have a powerful collection of data about your best customers, partners, suppliers and more.
So, what’s the catch? There really isn’t one! Well, that’s not entirely true.
There can be some confusion around which CIAM vendor is the right fit for you. Some handle a few aspects of it, while others handle different ones. How can you figure out which CIAM solution is ideal for your business?
The good news: It’s easier than you think…with a little help
When you find an expert to help you with CIAM implementation, managing the solutions and the systems involved, you can take full advantage of everything CIAM can bring to your business. Let’s walk through a real life case study of this kind of powerful partnership.
In 2013, the CFA Institute (a global association of investment professionals that sets the standard for excellence in the industry) decided they needed to modernize their IAM with CIAM. So, they partnered with Simeio Solutions and 18 months later, they were up and running.
What have CFA’s results been like? Since the implementation was complete they’ve:
- Successfully reduced downtime associated with ID management by 74%
- Improved user experience ratings by 20%
- Significantly decreased the number of help desk calls and manual setups through automation
- Encountered zero critical production issues
However, it wasn’t an easy to achieve these kinds of results. Along the way, CFA learned a number of valuable lessons about the world of CIAM. You can learn from their experience, too.
Here are their tips for an effective implementation.
1. Get senior management onboard early
Most likely, you’re going to be dealing with legacy systems and programming from the last century. You might run into leaders who are attached to that legacy system or are just resistant to change in general. So, be ready to pitch the new CIAM solution a bit.
Make sure that senior management is aware of the benefits of CIAM and have them agree to provide support. Putting together a business case is a great way to do this. Then ask them to make it clear that this is a company-wide effort and they need everyone to support it.
2. Choose an implementation partner who’s in it for the long haul
You need an implementation partner with experience and dedication. CIAM is a complex undertaking and they must be committed to the long haul. Also important is a cultural fit with your internal teams and other stakeholders. You should still expect a bumpy ride, but with commitment from your organization (and your partner) you can make it through.
3. Accept only the best for project management
Again, this is a complex undertaking. And, it can go downhill fast without proper project management. You need to find the best project managers in your company and ask them to lead the project—even if they’re from another part of the business. Where they currently sit in your organization is not important if they’re the best.
4. Look outside the company IAM box for dependencies
Your CIAM solution does not operate in a vacuum. In some cases, it will involve a number of different service providers. You’ll need to look at what they’re doing and what their dependencies are. Will they integrate with your CIAM? And, if you’re in an industry that has regulatory and legislative mandates or standards, you have to make sure these dependencies conform.
5. There should be absolutely no failure to communicate
Busy professionals tend to assume that in a project with multiple parties, communication is a no-brainer and that everyone will just naturally communicate. That’s not the case. So, you’ll need to facilitate the communications between your teams, your CIAM partner’s teams, your external service provider teams and any other stakeholders. If you don’t, a very important discussion that was necessary might not happen, causing disruptions and delays.
6. Test, test, test
Testing has to be comprehensive and complete. So, you need a good test plan. One that starts with careful unit testing and ends up beyond the boundaries of CIAM. You’ll need to test integration with databases, front-ends, back-ends and entire systems carefully and thoroughly.
7. Expect surprises around every corner
Implementing CIAM might seem simple and straightforward, but it isn’t. Legacy systems you didn’t know existed tend to pop up. External service provider personnel change. Ancient code appears. Temporary emergency workarounds for problematic applications in the past that became permanent introduce complexity. So, have a contingency plan. Work with your CIAM provider to decide how to handle unforeseen circumstances.
8. Watch this on-demand webinar—it’s free
451 Research Analyst Garrett Bekker and Elaine Cheng of the CFA Institute joined Ed Pascua, our SVP, in a recent webinar to talk about CIAM, its implications, benefits and more. If you want to dive deeper into details about CIAM and get the full story of the CFA’s implementation, we invite you to check out “Managing External Identities: Best Practices for a Frictionless User Experience.”
With almost 20 years of writing and editing under her belt – including CNN and HomeDepot.com content – Jayne is currently immersed in cybersecurity, #AI and infosec trends. She’s is the Editor in Chief of this blog and the Director of Content and Social for Simeio Solutions.