CIAM Evolution
Combined Session
Wednesday, June 05, 2024 17:30—18:30
Location: B 07-08
Wednesday, June 05, 2024 17:30—18:30
Location: B 07-08
In an era dominated by digital connectivity, Customer Identity and Access Management (CIAM) stands as the gatekeeper of user interactions and data access. However, despite its proclaimed prowess, CIAM solutions are failing customers and businesses alike.
This presentation looks into the glaring gaps in identity management solutions, unraveling the reasons behind their failures, and proposing a paradigm shift in approach.
We will explore the systemic flaws plaguing CIAM solutions, highlighting their inability to cater to evolving user needs and safeguard sensitive data.
The conventional reliance on passwords as a primary security measure has become a glaring vulnerability. Moreover, the myopic focus of current vendors on technical functionality neglects the critical aspects of user experience and the profound business impacts of fractured identity management.
This session aims to dissect the broken facets of identity management, showcasing how passwords have outlived their efficacy and why the status quo of CIAM solutions is untenable. By examining real-world scenarios and industry trends, we'll illustrate the growing dissonance between user expectations and the capability of existing CIAM frameworks to meet those demands.
In IAM parlance, a "first party" context is when a single organisation owns both the identity provider as well as the relying party applications that are connected to it.
There is little doubt that OpenID Connect and OAuth 2.0 are great standards and have done much to enable federated identity ecosystems across the globe. While there is a tendency for IAM professionals to argue for the use of these protocols in virtually any situation, the reality is that they were designed and built with the third-party use case in mind, and there can often be significant obstacles to delivering an elegant customer experience in a first-party context.
In this session, Rob will explore some of the obstacles and objections he has faced when proposing OpenID Connect and OAuth 2 for real-world CIAM deployments, with particular focus on
- brand experience
- multi-channel interoperability
- developer productivity, and
- session management
In so doing, he will make the case for rethinking some of the advice we give and the standards we build.
When it comes to implementing a Customer Identity and Access Management (CIAM) system, many organizations often focus solely on selecting a product or vendor and negotiating the associated licensing costs.
While this method may indeed be the correct one, making the right technological choices in a business context requires a more nuanced approach and more careful analysis. Purchasing a product is not the only option available. The necessary analysis includes evaluating factors such as time-to-market, total cost of ownership, and the level of control and flexibility needed to integrate into the existing business and technology setting. Additionally, there are also questions about support for open standards and how quickly and cost-effectively future requirements can be addressed. Large organizations with extensive internal and external integrations, particularly those in regulated sectors like financial services, may have additional unique requirements.
In this session, we will explore various strategies for implementing an enterprise-level CIAM platform. These strategies include purchasing and deploying an off-the-shelf product, building a custom solution from scratch, and adopting a blended approach that combines both approaches. Each of these options presents its own set of advantages, drawbacks, and trade-offs.
The presentation will cover the following topics:
- Brief introduction to Customer IAM and how it differs from Workforce IAM.
- Main business use cases and importance of the customer identity today.
- Introduction of the three main approaches that organizations can use to implement the CIAM solution.
- Detailed evaluation focusing on advantages, drawbacks and trade-offs of each approach.
- Summary and recommendations.
