What is CIAM?

and why is it now so important?

· CyberSecurity,CIAM,GDPR,Asgardeo,Transformation


I work in an industry that uses more acronyms than any other, and I do my best to either avoid them, or to make sure that my audience understands what they mean. I’m conscious that most people forget that others don’t know what they know, and they mistakenly assume a common understanding.

A current point in case is CIAM. In the last few weeks, I’ve been asking professional people I meet (who I assumed would know), what they think it is. The result of my rudimentary research is that most, just don’t know.

CIAM refers to Customer Identity and Access Management which is a system enabling organisations to capture and manage all forms of customer identity and profile data safely and securely.
The reasons we need to do that are firstly to better and more flexibly control customer access to our applications and services, and secondly, to help gain customer intelligence to improve customer retention, whilst all the time complying with privacy and data regulations such as GDPR.

The components of a CIAM. 

broken image


As with most technology there are varying maturity levels when it comes to CIAM. The pandemic was certainly a catalyst which accelerated the need for organisations to advance their development in this area. We saw small businesses starting the journey without much of a prior online presence (but having to quickly transition to online sales and service fulfilment). Whilst more advanced organisations needed to increase their efforts to provide a more personalised customer experience and in doing so, differentiate themselves from their competitors.

In your own journey you could be at a stage of providing basic Single-Sign-On (SSO) to your customers or perhaps at a point where you are applying machine learning to gain insights with Identity and Access Management. Regardless, the fact is that the user experience for your customers, whatever your platform, is what creates a first impression both for your capabilities and also, the customers level of trust in you. It is this, that has grown a fascinating and essential market for Customer Identity and Access Management (CIAM).

A good CIAM system drives the layer of interactions with your customer. Enterprises often start in the basics of CIAM by providing SSO and identity provisioning to their customers. As they grow, the CIAM platform needs to integrate securely with their business APIs (Application Programming Interfaces) to enable different applications to exchange data and functionality easily and securely, and then later, be able to integrate with various marketing, CRM, and data management platforms for more additional cohesiveness. Finally, it always needs to be an intuitive platform that can predict user behaviour to aid decision making.

Whilst this isn’t yet on everyone’s radars, the reality is that this is a huge market with substantial demand, and as a technology it’s something that every business should be considering.

According to Markets and Markets, businesses will be spending $25Bn on Customer Identity and Access Management within the next 12 months. 

If you get the right CIAM solution, it will ensure that when a customer interacts with you, they have an easy, intuitive, and seamless experience and that increases the effectiveness of the platform and leads to deeper customer engagement. A good CIAM solution is also essential in terms of cybersecurity and resilience, protecting your customers from data breaches and ensuring the customer journey is secured by safeguarding their identities.

Why Should YouConsider a CIAM Solution? 

broken image

A CIAM productshould have the following capabilities:

  • User onboarding and verification
  • User and attribute management
  • Strong and adaptive authentication
  • Privacy and consent management
  • Customer self-care services
  • Integration with business apps and tools
  • Analytics and fraud detection

Enhancing the customer experience is at the heart of digital transformation. Your customers are increasingly sophisticated, and they view digital interactions as the primary way to interact with you, your products and your services, consequently, they expect easy to use, deeper online relationships which need to be delivered simply, securely, and seamlessly. CIAM plays a vital role to connect applications and APIs to customers.

Privacy by Design and Privacy by Default 

In all of this you need to be cognisant of the General Data Protection Regulation both in terms of complying with the law, but also in ensuring your CIAM gives you the tools to make this manageable. The GDPR states that the processing organisation should adopt internal policies and implement measures that meet the principles of data protection by design and data protection by default.

User Rights 

broken image

As I've shown above, a user’s “right to be forgotten” is outlined in GDPR, which gives individuals the right to request the organisation to erase their personal data collected with immediate effect. However erasing all records of this individual’s activity may impact your business processes, so the best way to comply is to only remove relevant data that can identify the individual.

When you start to look at the CIAM market it is quickly apparent that the Asgardeo solution from WSO2 is huge and highly regarded. Asgardeo is a key component of the WSO CIAM Platform. (WSO2 have recently secured a further $93Million in Growth Capital in a round led by Goldman Sachs Asset Management) and when you look at their platform they provide a Privacy Toolkit, which helps with easily anonymising personal data records related to a deleted user to ensure compliance with the right to be forgotten rule.

There are obviously other CIAM platforms available, but I do like the ethos and approach of WSO2. Their aim is to help customers advance their maturity in CIAM wherever they are in their journey. The Asgardeo solution quickly enables developers who are not specialists in CIAM to very quickly establish CIAM fundamentals, such as single sign-on, social media login, and multi-factor authentication, into their web and mobile apps. By very quickly, I mean they can sign up for Asgardeo (there is a free forever tier) and within minutes begin to update their apps to support these seamless login experiences. Over time the next stage in CIAM maturity is establishing a 360 degree view of their customers' activity and integrating that single identity into all their business systems (such as marketing, sales, call centre, finance, etc.) so that the business can enhance that customer's experience by knowing about all their activity and personalising their experiences with offers, discounts, loyalty programs, etc - all from an easy to use Identity as a Service (IDaaS) cloud-based authentication platform.

I always aim to provoke thought and I hope I’ve done so with this article. The really important message is that every business should be on a CIAM journey to create a secure and friction-free experience so they can grow their market and delight and retain their customers.

Rob May 



Written in partnership with WSO2 - June 2022