2018 was a year of sweeping changes in Consumer Identity Management products and services. CIAM continues to be a fast-growing market. Research indicates that about half of all CIAM deals are still originating outside the tent of the CISO and IAM support organizations. More vendors entered the market and there were some noteworthy acquisitions. Lastly, many innovative improvements occurred across most all solutions, due in part to GDPR.
What is driving CIAM growth? Businesses are realizing that efficient and effective digital identity solutions lead to more consumer engagement and a better consumer experience, which in turn generates additional revenue. CIAM deployments will continue to outpace IAM deployments in 2019.
GDPR took effect on May 25th this year. The response by CIAM vendors in the run-up to GDPR was mixed. Some were proactive, seeing it as a competitive advantage. Others played catch-up. However, by the end of 2018, most vendors offer consent management features that can allow industrious customers to comply with GDPR in terms of consent collection, data export, and data deletion. There is still a wide variety in the approaches taken, and some CIAM services are more advanced and easier to administer in this regard. Meanwhile, the world waits to see if and how GDPR will be enforced.
Consumer identities are a top target for cyber criminals. Consumers are phished for their credentials. Banking trojans are a leading form of malware. Account takeover fraud is growing and is eating into bank profits. Fraud of all types is a growing concern, and not just for the financial sector. Customer loyalty programs (one of the many drivers for deploying CIAM) are increasingly under attack. The recent Marriott/Starwood breach netted 500M accounts for the perpetrators. Airlines’ frequent flyer programs are also regularly stolen. In short, any online asset that is convertible to cash or cryptocurrency is a target. Fortunately, some CIAM vendors put an emphasis on fraud risk reduction by including user behavioral analytics and by real-time processing of compromised credential and other threat intelligence sources. The need to reduce fraud spurred innovation in CIAM in 2018. Biometrics, mobile apps/SDKs, and risk adaptive authentication are “must have” functions within CIAM solutions for 2019.
The need to associate IoT device identities with consumer identities is an expanding and evolving use case within CIAM. Not enough has been standardized in this field, so there is a lot of variation in IoT device identity support still. Look for additional growth and perhaps standardization in the years ahead.
From a market perspective, the year started out with a major acquisition of Gigya by SAP. As an independent company, Gigya was a leader in CIAM. The acquisition was beneficial for SAP, which was missing a fully functional CIAM capability. SAP, now powered by a rapidly-integrated Gigya, has become a major player in the consumer identity market. Later in the year Exostar acquired Pirean. This transaction will give Exostar, a secure business collaboration service provider, stronger IAM and CIAM features. The move also serves to increase the reach of both companies. More companies entered the CIAM market as well, and gained prominence in the field. No doubt there will be more acquisitions and entrants in 2019. For the latest information on this market, including technical details on how the solutions differ, see our just-published Leadership Compass.