Before we get right into the meat, let’s look at where CIAM originates. I’ll set the scene for you.
Its 8:30 am on a Friday, you just had your morning coffee and you’re at your desk with a half-hour to spare to plan your weekend.
20 minutes have passed, and the whole office seems to have flooded in while you readied yourself for that 9 AM start. You figure you might as well spend the next 10 minutes getting ready to dive in, so you try logging in. Access denied. Maybe you fat-fingered it, so you try again. Still nothing.
You make a call out to your company help desk, and they ask you if you put in the right password. You did, and it’s aggravating that they didn’t think you tried that 10 times before you picked up the phone. It’s 9:25 AM now, and in 5 minutes you need to get on an online conference bridge for one of those morning meetings that everyone just adores. Happy Friday!
Identity and Access Management
If you’re familiar with that scenario, then you’re familiar with Identity and Access Management. Its been around for decades, but the field was a more internal, business-facing practice that focused on employees, and the framework around allowing access to productivity tools and resources that helped get the job done.
Hopefully, the aforementioned scenario hasn’t been your experience in recent years, being that internal IAM is now a commodity, not a revelation.
Now, with the onset of the internet, a growing online consumer base, and an overall shift from brick and mortar storefronts to the wonderful world of e-commerce and one-click buying, Identity and Access Management has become a pillar of consumer-based IT.
Whether it’s ordering pistachios at bottom-dollar prices or signing up for an online streaming service, your Identity is central to everything we do on the web. Our customer identities, in the eyes of a business, define who we are, where we are, why we are customers, what we like, what we hate, and much more.
Have you ever used your Xfinity/Comcast login to access a 3rd party streaming provider’s content? That is, simply put, an application of IAM principles to bring value to the customer by allowing you to have only one login credential to access multiple streaming providers from one hub. By verifying your account with Xfinity as a trusted source, third-party providers allow you to access content without ever having an account with them, so you can binge-watch Game of Thrones to your heart’s content right from your cable box.
Another way we see CIAM, and probably the most popular/well-known application of the principle is by using your social networks to access sites and services where you don’t already have an existing account. Social Login, (a type of Single Sign-on), If you’ve ever used Facebook to log in to services or sites like Allrecipes.com and Racked.com, is a concept most of us are already familiar with.
Using Facebook APIs, CIAM providers are able to use your login session with Facebook to create an account and session with a third party. Another key example of this is using your Facebook account to log in to Spotify, which then allows you to share playlists, songs, and your listening activity on Facebook without ever leaving the Spotify application.
These strides are excellent in terms of creating a seamless customer experience, but what about consent management and security? Data privacy regulations are at an all-time high, and with GDPR now being more than a buzzword, many corporations are trying to create these unique and seamless experiences without violating customer trust. On top that, where CIAM considerations differ greatly from IAM is that companies have to secure access to their resources for customers from mobile devices and other endpoints that they have no control over. So what do you do?
You need an Airtight CIAM solution that covers ALL the bases:
- Seamless user experiences with SSO to access all your applications with one set of credentials
- Personalized interactions through consent-based information gathering that is transparent with customers, building trust in your brand
- Secure user information within your organization with confidence, and give the user the right to be forgotten in all of your downstream applications, as well as in user-facing apps.
- Scalable for any number of users
- Usability of the solution on any device
Customers have a choice of where to do business, and with CIAM that leverages customer insight, privacy, and user experiences, you can make that choice easy.
RAAH Technologies is an Atlanta-based Cyber Security firm, specializing in Identity and Access Management and API Security. We are vendor agnostic, and in the case of CIAM, work with multiple partners to deliver solutions that encompass the aforementioned points. Some partners we work with, who are currently the best of breed in the industry at CIAM include Forgerock, Gigya (now an SAP company), Okta, and Ping. Just give us a shout at https://www.raahtech2.wpengine.com/contact to learn more about how we can help you!