When does an Identity and Access Management (IAM) solution become a Customer Identity Management (CIM) solution?
Honestly, the title of this post is a sort of misnomer because frankly an enterprise Identity and Access Management (IAM) solution can never be turned into a whole consumer facing Customer Identity Management (CIM) solution. Many have failed trying. But, why? This is the question this post will attempt to answer by defining what each of these two are and why they are interchangeable.
What is Identity?
In the physical world, people are identified by their facial features by others who know them. For access to sensitive information and to prove identity in secured regions, people use identity cards issued most commonly by government authorities such as driver’s license, passport, general identity cards etc. Their purpose is to make sure the right person is allowed access to the right resources and at the same time prevent misuse by unscrupulous persons.
What is Digital Identity?
Digital identity is the Web translation of a physical identity card in the real world. Except that digital identities issued by no authority is accepted universally on the Web forcing people to create multiple identities for themselves as and when the need arises. But such a digital identity is only valid within the domain of the issuing website. For instance, a Gmail email address can only be used to access mails addressed to that Gmail id. And identity lifecycle begins with provisioning (creation of the identity) and then goes on to updating, use, maintenance and deprovisioning.
What is Access?
Access is akin to a gatekeeping on a network. Publicly available resources like website content can be readily accessed by opening the website in a browser. But private network resources like emails can be accessed only after a successful login.
A successful login happens after a successful authentication. Authentication is the validation of the credentials of a person presented to the respective network. For instance, Gmail provides access to received emails only when the right email address and password combination is presented to the Gmail network through its login page. The next process is authorization which provides the authenticated identity access to the right resources based on the domain’s authorization protocols.
What is enterprise Identity and Access Management?
Identity and Access Management is the combination of all the above processes undertaken by one domain authority to provision identities, authenticate them, and authorize them to access network resources. Enterprise IAM solutions are usually employed within an enterprise where the network is relatively small and the identities are provisioned only for employees. The purpose is to create a coherent framework for employees to access resources at work and collaborate with other employees working in different locations of the enterprise. The main motive, however, of enterprise IAM architectures is to protect the network resources from unauthorized access. For instance, different levels of employees would have different levels of access to resources based on the authorization protocols. Access is defined by the person’s identity, roles and responsibilities. Security is a key focus and driving force behind the installation of an IAM solution at an enterprise.
What is Customer Identity Management?
Businesses often make the mistake of placing enterprise IAM and Customer Identity Management in the same territory. But rightly speaking they are two ends of a spectrum. Customer Identity Management is a consumer focussed architecture while enterprise IAM is a security focussed architecture. That alone brings a world of difference because it changes the entire orientation of the architecture necessitating the addition of several additional features that would otherwise be absent.
At the same time, it would also be wrong to say that security is not a driver for a Customer Identity Management system since security is equally important even in a consumer facing environment. But, at the basic level, Customer Identity Management solution has many aims both from the customer and implementing business’ perspectives.
From a customer perspective, a Customer Identity Management solution strives to provide a better customer experience (CX) through frictionless use, self management of profiles, ease of authentication products like Social Login and Single Sign-On, privacy and security for personal information entrusted with the business, a cross-device and a continuous cross-channel experience, geographical independence, highly available and responsive. The absence of even a single factor among the above contributes to a negative or bad CX which can potentially put off the customer resulting in revenue loss. The Web has added a layer of service across all businesses making the service and transaction (prior and post) experience as important as the product itself. Because most vendors have the products but it is how they sell and how they value their customers is what makes the difference. A Customer Identity Management solution is not just a repository of customer identities and credentials but a solution that enriches the brand-customer relationship.
From the business perspective, the Customer Identity Management solution is aimed at producing a single view of every customer drawing from consumer data across different channels and devices which eventually also helps provide a unified CX for the customer. Additionally, the Customer Identity Management solution also helps in creating and nurturing the brand-customer relationship enabling provision of a personalized approach since each customer is identified as a single individual with a different set of traits and tastes. Not only this the the Customer Identity Management solution also works as a focal point for all the marketing, CMS, segmentation, CRM technologies businesses use to implement their marketing strategies.
How is enterprise IAM different from a Customer Identity Management solution?
Enterprise IAM and Customer Identity Management differ in the following ways:
Scale: Enterprise IAM is restricted to a distributed enterprise at best. But a Customer Identity Management solution is designed to serve a customer base irrespective of their geographic location making it truly distributed. A CIM solution is also designed to be truly scalable and dynamic in its database implementation to continually evolve and keep accepting new fields of consumer data.
Self-management: Enterprise IAM solutions don’t usually allow for self-management of profiles including provisioning, password recovery, deletion of accounts and so forth. All of these processes are carried out by the controlling administrator of the solution. However, in case of Customer Identity Management solutions, the using customer is allowed to perform all of these functions without waiting for permissions or access from the administrator.
Distributed Access: Enterprise IAM solutions are usually designed only to work from the designated workstations but definitely not aimed at implementing a cross device, cross channel interaction which is the case with a Customer Identity Management solution.
Why an enterprise IAM can’t be transformed into a Customer Identity Management solution?
Several businesses look at employing the shortcut of transforming an enterprise IAM into a CIM solution on the premise that both essentially provide the same functions of provisioning, authentication and authorization. Of course, these functions are at the heart of both the solutions but beyond the similarities are hard to find. Transforming an enterprise IAM into a Customer Identity Management solution would mean altering the entire architecture itself. As defined above, there are several defining functions in a CIM solution that an enterprise IAM solution doesn’t possess which means altering its architecture. Of course, businesses can also imagine of a situation where the same enterprise IAM solution is used to interact with customers (imagining they are employees). However, such an idea may also be futile again for the simple reasons that an enterprise IAM solution doesn’t provide the functionalities and extensions that a critical to establishing and nurturing relationships with customers.