The Ugly Face of Yesterday’s CIAM

We all have multiple different personas. But before we put on our hats as identity “experts” -  either as architects, implementers or vendors - let us start by simply being consumers.  Consumers of online services for banking, e-commerce, education, entertainment, and more.  And by thinking as consumers, we can all tell endless stories of poor user experiences with respect to using those services. Those poor user experiences are essentially putting an invisible barrier to entry to the applications and goods we wanted to consume.  

No one forgets how someone or something made them feel, and a poor registration, login or password reset journey, at best reduces the likelihood of consumer recommendations, at worst, you simply lose users which ultimately results in lost revenue.

The lack of a “digital fabric” is typically the root cause of those badly performing ecosystems.

Broad Requirements Drive The Need for an Identity Fabric

CIAM however is not just about the end-user experience. Obviously, the UI “is THE application” from an end-user point of view, but under the hood, there's an entire catalog of other requirements that are needed to make CIAM a success. 

Core elements of a good Consumer Identity Fabric are: 

  • Functionality for upholding compliance (think GDPR for EMEA or CCPA for the US amongst others), 
  • Multi-device integration, 
  • Adaptive and contextual security, 
  • Bot-protection 
  • Fraud management checks at various different states of the end-user journey.  

Data integration and data access are also important things to consider and are likely to need the creation not only of new software components - either through development or procurement - but also new operational structures and potentially new teams to manage that new landscape.

Put simply, CIAM isn’t just IAM. CIAM is an outside-in view of identity as opposed to the inside-out model for employee IAM. Features are different, but so too are the non-functional requirements. Scale - for storage and throughput - will be considerably higher, as will geographical availability, support for different locales and languages and the ability to elastically respond to changes in service demand. Many of these overall needs would unlikely have been a priority if a CIAM project was not needed.  

These new requirements however are driving the need for a more integrated, extensible and accessible set of identity services - likely based on an API/SDK first approach. This is where the “fabric” model of identity comes into play.

Start With The End in Mind

So how can we make CIAM a success for the organization?  The most simple approach is to “start with the end in mind” and by asking, what the CIAM platform is going to achieve for the business. In the identity world, CIAM is the solution most closely aligned to the organization's business objectives so it needs to be a priority for any organization going through a digital transformation and having their customers and partners in mind. It can open up new revenue streams, alter how business is conducted and provide a foundation for continued growth and innovation.

Stakeholders in the implementation process are numerous – typically the CISO, CMO, a digital leader, and various identity services leads are involved. So having a platform of distributed components that can assist them in their divergent goals is critical to making CIAM effective. By supporting services for a range of stakeholders we are moving towards developing a broader cross-business unit platform that can break down silos. This is exactly what an identity fabric aims to achieve.

CIAM Lifecycle

CIAM interactions really follow a cyclical pattern of interaction, from initial registration, through to secure login and contextual access, allowing consent and data management to take place seamlessly across a range of devices at a time of the users choosing. Throughout that lifecycle, we need to look beyond assurance and knowledge levels of those user interactions and should ask ourselves how a target service or application for the end-user can be provided in a way that encourages them to refer, recommend and renew?


See also