Recently, many companies have accelerated their approaches to building digital businesses to address rapid market changes as well as the disruption caused by the pandemic. As the boundaries between digital and physical worlds blur, many digital transformation leaders turn their focus towards customer identity, governance and access management. To learn more about CIAM and demystify the process of developing a strong security and governance roadmap quickly, we turned to Auth0’s Antonio Fuentes.
The evolving expectations of enterprises and what they hope to achieve with CIAM
We've been in the business of providing solutions for CIAM customers for about eight years now, and we believe that enterprises have multiple goals. First, CIAM solutions are expected to provide a great user experience to end-users. Doing that means that CIAM is impacting the conversion funnel, and in doing so, the experiences directly impact revenue. Secondly, enterprises want to build infrastructure to know more about their customers, or a customer-360 view their customers. Thirdly, CIAM is expected to provide a security benefit. Fourth, CIAM solutions are also expected to provide seamless scalability.
The value of speed for successful CIAM implementation
When you are a small organization, your pool of resources is quite limited. Most small organizations don’t have the expertise to implement an identity system in-house. The top concern in smaller organizations is to launch a product as fast as possible. On the other hand, larger organizations have different goals, and generally, are worried about providing better products and services, achieving compliance, and keeping their users, user data, and PII safe. Faster implementation means that larger organizations can focus on what they do best.
The pandemic-induced market shifts and the most in-demand security and IAM features
I would say that there has been growth in every single area. With the pandemic, more and more businesses have accelerated their digital transformation; in fact, we have customers who have stated that the pandemic accelerated their move to digital experiences by 7-10 years. We see a race to remain competitive in a new time of more and more digital channels, and with that comes growth in the number of organizations that are implementing IAM for the first time and those who are expanding and adding features and functions. With the growth of our digital presence, there is also a growth in malicious activity, which drives demand for features like MFA. So, I think it would be inaccurate to say that a single area has more demand than others.
The adoption rates of CIAM after the pandemic hit
In my experience talking to customers, the pandemic has placed more focus on the end-user. The traditional view of IAM holds that it solves important problems for IT, Operations, Security, and so forth. But with more people flooding the digital channels due to the pandemic, the end-users' needs have emerged as an important reason people adopt CIAM. As a result, the balance between increasing security and reducing friction is a new focus. And when I say reducing friction, I mean making customer journeys easier, getting customers to what they want, the fastest way possible, regardless of whether they are holding a phone, using a laptop, or calling a customer support agent. In many cases, what we call customer journeys have now permanently shifted to digital channels.
A multitude of digital channels: how to adopt customer authentication faster without affecting the customer experience (CX)
Now more than ever, I think that end users are expecting digital experiences that span across multiple channels, such as online, in a store, on devices at home, social platforms, and so on. So, connecting those channels with seamless experiences has become a major expectation of a CIAM platform. One way in which CIAM solves this problem is by facilitating a single source of truth for customer information, including transactions and preferences, which can be used to build smart, personalized experiences and provide customer insights to build great omnichannel strategies. Another way is through user experience - whether you are holding a phone, using your TV, or logging into your exercise machine, CIAM systems can provide consistent, unified experiences that make use of the capabilities of each device the best way. Yet another way CIAM systems can help is by helping you manage compliance and consent so that you can focus on selling your product.
The evolved role of CEO over the last year to drive CIAM programs
I suspect more CEOs will lead digital transformations during the pandemic and will be instrumental in adapting their businesses to the pandemic's demands and market changes. I also believe that more and more CEOs will understand the role of CIAM in enabling revenue, unlocking customer 360-degree views, enabling personalization, user experience, and omnichannel strategies. Whereas some CEOs may have seen identity as a cost tied to security, IT, or operations in the past, more will see it as a strategic business enabler in the future. And when that happens, CIAM programs will involve multiple stakeholders, including Marketing, Product, Finance, and IT. In addition to that, more CEOs will have to understand the role of CIAM in meeting end-users and regulators expectations around experience and privacy.
An expert’s advice to digital transformation and security leaders who want to start their CIAM programs now
I would tell security leaders that a successful CIAM program starts with understanding what you are trying to achieve, from tactical goals to keep users safe to more strategic goals tied to user experience. No two CIAM programs will be the same. For example, some may have a consumer focus, while others may involve optimizing for business identity in a B2B scenario. But for cases where CIAM leaders are starting a program with consumers in mind, you could start by measuring how the user experience could be impacting your funnel and your revenue today, including customer abandonment, customer support center costs, operational costs of abuse, or the potential cost of not having centralized customer profile data. Second, you should understand your current security posture, so you can benchmark and build for better security. Third, I would also recommend predicting the needs of your business the way you see it in five years, when you may have more scalability requirements, more products, and customers. And last, for CIAM success, you’ll need to negotiate the needs between stakeholders that handle Product Management, Security, Business systems, Customer analytics, Privacy, Marketing, and IT.