Webinar Recording
Customer Identity Access Management (CIAM): Creating the Foundations for User Focused Digital Business, GDPR Compliant
Digital Business Transformation is a continuous process that affects all areas of doing business, with technology finally getting the right focus: The customer and his/her experience with your business. It is now all about providing that ultimate Frictionless CX (customer experience) so that users don't do that “one-click” towards your competitors.
Log in and watch the full video!
Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.
I have an account
Log inRegister your account to start 30 days of free trial access
RegisterSubscribe to become a client
Choose a package
Hello, and welcome to our webinar today. I'm John Tolbert from Cooper, your Cole and supporting the webinar. Today. We have, I welcome and corn van Roy is here with us today to talk about consumer identity and access management. And we're gonna hear a case study for GDPR compliance. So, but before we begin a little bit about us Cooper and Cole was founded in 2004. We're an independent Analyst Analyst firm with offices around the globe. We offer neutral advice and technical expertise, thought leadership, and the subjects listed below. We support end user organizations of all kinds system integrators, software vendors. We specialize in information security, cybersecurity, and identity management and governance and GRC topics.
We have three major business areas. We do research on those topics that we just mentioned, and we can tailor that to your individual needs. We try to provide vendor neutral advice so we can be objective and stay up to date with all the latest information about products and services. We also have events such as conferences and webinars like this, where we try to provide innovative leadership and a future proof approach our conferences, our good opportunities to network with other people and meet the experts. We also do advisory services. We're a trusted advisory partner for many organizations, and we give the most up to date advice on all areas around the digital transformation.
Speaking of events, we just had our first consumer identity world event in Seattle, a couple of weeks ago. And the next one is upcoming in Amsterdam at the end of October. And then after that, Singapore, November 20th through 22nd, and then following that, we have two events, the cyber security leadership summit and the cyber access summit, both in Berlin, November 12th through the 14th. So we hope you can join us those events today. We'll have some handouts that you can download through the go to webinar control panel. I welcome this provided a white paper and a consent life cycle management profile, as well as a case study. And then we'll also have a poll with some questions from I welcome near the end of the webinar.
So about the webinar itself, everyone is muted. You don't have to mute or unmute yourself. We'll take care of that. We're recording the webinar and we will have the recording available by tomorrow. And we will have a question and answer session at the end. You'll find a box in the go to webinar control panel, where you can enter your questions and can do that anytime during the presentation here. And then we will take those questions at the end. So I'll start off and talk about consumer identity and access management at the high level. Talk about the features and the, the market trends and what the business drivers are, and then I'll turn it over to coordinate and then we'll do the Q and a.
So, as I mentioned, we had our consumer identity world conference a couple of weeks ago here in Seattle. And you know, one of the questions that keeps coming up is around what does the C and cm stand for? And there's a bit of nuance between consumer versus customer, but you know, another topic that floated up from the crowd was around, you know, these solutions also apply to citizens. So let's say that the C and C M can stand for either consumer meaning end user customer, which in some cases might be a business to business and then also citizen.
So I thought we'd start with a little look at what are the differences between IAM and, and consumer IAM. So I am in the olden days, or even today has mostly been about employee facing use cases, whereas cm is consumer customer. And in some cases, citizen facing the authentication methods that IM systems have grown to support over the last couple of decades or things like or smart cards, maybe USB keys, or other kinds of tokens, you know, in addition to username and password, but it's for the most part, a lighter experience on the consumer side, where it's still mostly username password, sometimes the use of social logins or mobile authentication applications or mobile push notifications.
We collect attributes in IM for authorizing people to get access to information. Whereas in consumer identity, we collect attributes to know more about the consumers, both in the financial regulation sense. And then also in the sense to be able to do better marketing to them. We collect that information in stored in LD app or SQL databases in, in some instances for enterprise I, but on the consumer side, it can be LD app SQL or because we also collect unstructured information such as in some cases, audio or video that may go into a Mongo DB or, or some other big data application for single sign on, on the enterprise side, we've been using SAML for about the last 15 years, a slightly more heavyweight version than what we find on the consumer side, which is OAuth and O I D C. And as we learn in the last few days, there can be problems with security if you don't implement those correctly.
And then one of the driving forces on enterprise IM is access control. And one of the things we have to be very concerned about on the consumer side is privacy. If we look at the characteristics in more detail on consumer identity systems, we see that rather than collecting all the information up front like we do from an employee, you know, HR does, and then enter that into the database. We have to sort of progressively get more information from consumers. So we offer self or companies offer self-registration and sometimes the use of social logins and then collect information over time, like user activities, you know, what have they purchased? What have they liked on social media? This provides a more well-rounded view of customer preferences, as well as being able to collect their consent. In this sense, we've got consumer identity sort of feeding CRM systems, and then even marketing and marketing automation systems with more accurate information.
We've talked about things like bring your own device in the past, which is definitely a reality in the consumer side, but also bringing your own identity too. And that's where, you know, we use existing email accounts or existing open ID accounts, as well as users' phones for the basis for identity and consumers generally have an expectation of having an omnichannel experience, meaning they can have the same or similar experience, whether they're using their phone, a tablet or, you know, a full desktop browser solution. Things should pretty much work the same between all the different kinds of platforms, as well as IOT smart home and connected consumer devices. And then, whereas enterprise IM can scale to hundreds of thousands. In many cases, consumer I systems need to scale to billions of identities.
And here's a little look at some of the kinds of data that consumer identity management systems can collect with consent. I'd like to break it into two categories, identity analytics versus marketing analytics on the identity analytics side. There can be information around the number of registrations from consumers. You receive over a given time period. How many of those are incomplete or abandoned? You can also get reports on, you know, how many logins per user and, and then also part-time period. How many of the login attempts are failed? How many profile edits, how many password resets? It's really more of the mechanical elements of the identity management system that we're looking at. When we think about identity analytics, things that can also be used to sort of feed the security intelligence and security incident and event management solutions on the marketing side, many companies are interested in getting demographics, age, gender, where's the user at what have they been looking for? What kinds of things have they purchased and if possible, to tie that to relevant social media activities.
But consent is really the key here. Consumer identity can make the users experience much better, but in the days of GDPR here, we need to be able to tell users, why do you, what are you gonna do with the data that I give you? And then consumers wanna know what do I get out of it? And in many cases they're looking for some sort of reward for granting consent to their information. You know, this can be things like discounts, you know, in, in information that they can use in their experience. But you know, you really have to get the balance, right? One of the key concepts that we talk about with relation to consumer identity is, you know, trying to provide as frictionless and experience as possible for them. So the less data that you collect through a consumer identity and access management solution, the, the better experience they may have at least initially, because it's, you know, less friction, but you do have to collect some data. So as you are moving through the, the user journey, there's a modern amount of data that can be collected that generates some friction. And then there are times when you do have to collect a lot of data, and that might be considered high friction from their, the user perspective. So trying to get the balance right, for the use cases in important consideration.
So we can use consumer identity solutions for KYC applications or know your customer, and, you know, the different attributes I listed a few minutes ago. That's a lot of data that can be generated collected, analyzed from the company or the organization that's deploying that perspective. You can use that information for a number of different purposes, including improving the overall user experience. You could really see what do your consumers and what do they dislike? What are the things that they're looking at? What are the things that they tend to ignore? And you can use that information to decide how you want to develop and extend your site or what to sort of turn off, because it's not really getting the attention from consumers. You can also use the information and tailor marketing campaigns to specific groups of users. You can offer discounts for customers or consumers that buy a lot or buy frequently on your site, or maybe they've been on your site many times and they haven't bought anything. And you want to entice them to buy something. If you're collecting this information, then you can offer those kinds of users discounts in a retail setting.
It can also be used to enhance your brand loyalty and produce higher quality leads, which ultimately should lead to higher revenues. So in this sense, consumer identity management solutions can be a, a part of, you know, a revenue generating business unit. Many times in the it world identity management specialists are often told, you know, we're part of a cost center, you know, we're overhead, but consumer identity can help it shops become part of the overall revenue stream. So I wanted to look at for a minute here, what some of the regulatory drivers are. So in addition to collecting information about consumers and using that for marketing regulations, such as GDPR require the collection of consent for the use of information and consumer identity management solutions can help facilitate that as they are designed to pop up screens and make sure that the end users understand what their data is being used for and, and give them some control too. So it's really important to have an identity or a consumer identity management solution that can facilitate that. We also in the us are now beginning to see an increased interest in privacy at the state level. So we see the California consumer privacy law. That's gonna be coming into effect.
There's also regulations such as PSD two and Europe. PSD two is a financial regulation. The text of the regulation went into effect in January and then testing for the regulatory technical specifications begins in March of next year with an overall implementation date of September of next year. PSD two, essentially mandates a couple of very interesting things for which consumer identity management solutions can help banks in particular. One is strong customer authentication, and then banks have to offer APIs to third party providers and consumer identity can, can help with the strong customer authentication plus providing a bit of a competitive advantage in terms of collecting information about the user to make their overall experience. When they're conducting financial transactions online better, then we also have things like PCI payment cards. And then on the financial side also there's the, the strict financial KYC know your customer. So as the anti-money laundering laws and different jurisdictions that have to be complied with, and things like AML KYC mandate the collection of information about users. It's not necessarily at odds with GDPR and the need to collect consent.
So a little bit more on GDPR, you know, by default privacy has to be sort of built into applications now for applications that are face European consumers and this case. So that means companies have to allow their consumers to opt in, not opt out, which, you know, had previously been the paradigm in many locations around the world. So you have to collect consent and keep a history of their consent and then be able to provide notifications to users. Let's say the 72 hour data breach notification rule customers also have the right to ask for their information about which you're storing to be exported so they can take it with them and to another service provider. And they also have the right to request that you delete the information that you're caring about them. And again, consumer identity management solutions, the well design ones have the capabilities to do this already.
PSD two, as I was mentioning strong customer authentication, you know, they define that in pretty much the standard way, whether it's a combination of something, you have something you are or something, you know, so there are multitude really of different kinds of authenticators that can be used, including, you know, pretty heavy emphasis these days on mobile authentication technologies, such as mobile push applications that are specially designed for mobile authentication. They also have to do transactional risk analysis. This is another place where cm can come into play. Some of the sophisticated CIM solutions, you know, contain the history so that it's easier to do a comparison between current and past transaction requests. Again, there's the need to do know your customer and anti-money laundering. And we believe that banks that have mature consumer identity management solutions will have a competitive advantage cause they can provide a, a better user experience, which will help them keep their customers as competition from these new third party providers increases across Europe.
So real quickly, we've got 20 different functional selection criteria that we believe that end user organization should look at when looking for a consumer identity management solution, there's the ability to do the self-registration or bulk import of users. That's pretty common. Most every one of the cm solutions can do that consent mechanisms. As you can see, it's a important consideration. There is a lot of variability between the consumer IM solutions out there. So if you're doing business in Europe, look for the ones that have the best offerings in this area. User dashboards users should be able to come in and look at what they're, what they've given consent to and change it also to delete or export profile from the dashboard. You should be able to trigger automatic privacy, poly privacy policy change notifications from your cm solution. You should also think about scalability. How many users do you anticipate?
Does the solution provider able to scale up that far white labeling, seamless branding. Again, most of the CIM vendors can do that today. Make sure they have the choice of authenticators that you wanna be able to offer your consumer base. And they should also be able to process social logins most to do that most are able to do open ID or O I D C a risk engine is something that you might wanna consider, especially if you've got the need for higher assurance authentication, which can be used for risk adaptive authentication, step up. You can also, in many cases, import fraud, intelligence or compromised credential intelligence. Think of that as like the, have I been PED, you know, you wanna make sure that you're processing valid logins from consumers. There's also the concept of storing the user information in a profile. You know, what kinds of information can be stored there and the need to do single sign on across multiple web properties. And there's the two different kinds of analytics, both identity and marketing, which can be used to drive marketing automation. Then you should also think about if you have an existing CRM solution, how well does the cm solution you're considering integrate with that and then smart homes and other consumer facing devices and OT need to be integrated with consumer identities. So the, the connecting of device identities with consumer user identities is an important consideration too.
And then lastly, we see some divergence in the CIM solutions, which is really driven by the different kinds of markets that the CIM vendors are going after. So the retail, for instance, you know, may have lower assurance, authentication requirements and, you know, their output, it needs to be more on the marketing side. Whereas, you know, healthcare finance probably needs higher assurance authentication choices. So that leads to differences in the implementations, in the different kinds of solutions that you see in the cm market. And with that, I would like to turn it over to cornea.
Thank you, welcome everybody as introduced already. My name is Kro and I run product that I welcome in this part of the webinar. I will present how organizations are adapting themselves towards a more customer-centric business taking into account. The GDPR has mentioned yet, and how this affects the role cm systems as ours play. First, the short intro of ourselves, I welcome is the European customer or consumer identity and access management player. And we are a full SAS solution. So we are 100% in the cloud. Our customer's data stays within Europe and can even stay within the country. We also support enterprise IM cases with our platform, but for this specific webinar, I will not touch on that.
The main task of our CRM platform is to connect people with our customer's business, which can be fully digital platforms, as well as IOT devices. We create that seamless, single sign on feeling customers expect nowadays offer that 24 7 and protect the data of these customers, both security as privacy wise, which organization is not in digital transformation. Nowadays, certainly the leaders and large organizations that focus on consumers cannot stay behind that transformation is a continuous process. It starts first, then the it and the software platform start to play a role, but an integral part of that transformation is also the way you do business with your customers and how they proceed that good or bad with friction or smooth customers nowadays are only one click away from that from your competition. The decision as such is very easily executed in the digital world. It's just one click.
So you need to take care about your customers. Even more than happy before with the GDPR consumers got rights or better said they already had those rights, but they needed to be enforced better specifically when the customer or consumer becomes known. So that moment you're storing personal information like name or its address into your system. That moment you start managing these consumers or customers. So known you are complicated with a large set of GDPR requirements to fulfill. I think most people in this webinar are aware of these and most of these points who already matched by John, for sure if Don incorrect, these initiative, things like consent, create friction instead of remove it. And if you don't use consent, you will have less data to know your customer about and to do nice marketing campaigns, discounting, site personalization, et cetera. So this part going from pseudonymous to known is not only a big effort, but it also creates or can be creating friction.
What is clear is that consumers are Mo moving more towards the center where you have to attract, convert and enrich them to create a long lasting relationship. And that are now in control of that data. They are even allowed to withdraw that data and to have it corrected when it's wrong in your systems, putting that consumer, that identity in the center, you will see there are new things arriving. We already have personal data. You see that on the left that you need to data protect, but preference manage management has become more important as opt in is become the enforced standard, both from the GDPR, as well as the new EPRI regulation that will likely be approved by the EU first half next year. And then the number one of new things on the block is consent and all its facets like cycle management, life cycle management, and the, the fact that you have to change, be able to change your consent, extend it, or withdraw it with consent. It is important to realize that you cannot hide this in your privacy policy in terms of service.
Like we can use your birthday to profile you on our book, selling website. It's forbidden as you make that use mandatory while you don't need it to sell that book. And because you made it mandatory, they have the right, the birthday, they have to give the birthday to make use of your service, which makes the date birthday not freely given. So that violates this, what you see in the screen, the GDPR, the rule around freed given. So you need consent management. If you want more data object on consumers that you minimally to provide the service and that consent needs to be asked in an informed way, you have to be explicit in what you will do with the data and exactly what, and you have to sell it as by default. The answer is no as it's opt in. So you need to tell what a reward or benefit for the, for the consumer is to share that additional data.
And that is an agreement with, of course you need to store and you need to prove that you have it, and the consumer should be able to withdraw it as simple as they gave it. So how do you do that? Well, first of all, in cm system, you have this golden records you see in the middle, the yellow bar, where all the attributes are stored that you collect during the customer journey. So to say, to store specific consent on the date of birth, you have to store that as part of that data birth or in a separate data store source. We choose to put that in the metadata of the data birth and to make it a multi value. So you can have multiple consents on the date of birth, for instance, to profile the webpage, that bookstore, to send them a discount check when his date of birth is or to do something else with it. So we can record basically all these different consents. You also have the possibility to store a lot more metadata around it. So where the data came from, but also things like the expiration date, or if it's confidential or not. So things like data retention can all be stored there.
Then of course, the UI gives you the possibility to fuel all that information, your consents, certain metadata. It gives you the capabilities of changing the data to receive a received of the consent and to request certain consent. Then if you look at it, how it's connected that central system has two ways of exposing one is using just in time. So asking consent, basically, progressively, this is done during the customer journey. So when a customer starts registration, that's a part of the customer journey later by the product half year later, bys another product. And then the whole time that the customers basically engages with you, you collect different consents, you collect different profile information and you store that in that golden record and the metadata then for your digital platform, have the possibilities on the top to have these digital platform, which can be marketing clouds being provisioned, or you can have them push and pull that kind of information using WebBook.
So that's basically the way the digital platform is connected in this few, you see the different way consent can be captured on the left side, it's doing the registration. That's interesting because you do not want to ask too much consent kind of thing. So you have to do it light as it cannot be mandatory. Cause then it would not be a consent, but nevertheless, you have the ability to ask, for instance, for the birthday and state that you, what you're doing with that additional information in the middle, you see a typical just in time consent. I will show you more examples later on this pops up during the customer journey itself. So at the right moment, when you have value to add, you will ask that specific question, you'll be clear what you will be doing with the data, for what purpose. And it's clear for them what they get back from it on the right side, it's basically the self-service capabilities call a privacy dashboard or a like, or preference dashboard that gives you the possibility to change the consent.
You are given to change things like an email letter or the consent on birthday to send you a birthday card. Another thing that's important is transparency, transparency on the data that you have collected in the way you're processing it, of course, but also transparency because they can correct data that is incorrect in your system. One of the GDPR rules creating transparency can also mean that if you click on, for instance, here, mobile phone number on the right, you see that some of this information can be used from out of contract or maybe legitimate interest. So these are the great out ones you see in the middle. You cannot turn 'em off as a part of the contract. If you turn 'em off, basically you would not be able to provide that service as when it's mandatory. It needs to be the minimum use. The other ones you see on the bottom are specific ones that could be collected doing any of the progressive consent or sorry, just in time consent or during the registration process. And you will be able to turn them off later on, as easy as they were given.
Good examples of just in time consent. I'll take just one of these examples is Uber. If you know the Uber app, if you install it using the app store, they will, the Uber app itself will not ask for the GPS connection from the start you install it. It will let you first book a trip from a to B. And then the moment that you select the trip and say, collect me, please collect me taxi driver. Then at that moment, the Uber app will ask you for using the GPS information from your mobile phone. So they ask it at that time and they return for it. The simple value as that, it's easier than for the taxi driver to find you. So they return that value for getting your consent on using the TPS position. They likely I haven't checked lately, but they likely also say it will make it easier for you to, to input your start address.
So if you look at consent, there are a couple of things that are important to, to have. First of all, you need to ask at the right time, just in time consent as the customer journey can take for years. And if you collect all the consents at the start, likely you create a very frictionless registration process, second need to be updated by any business application. So you need a consent API that is full feature. So your application should be able to request, to request a desk consent, to write down the consent, because it could be collected in that business application itself to check that consent because it's a marketing tool, they can send you an email letter. So there should be an API that is full featured that gives you that possibility. It also needs to travel with the data because if you send that birthday, for instance, to a certain data store, then that specific application that's connected to that data store doesn't know what the limitations are of using that data. And that's not good. So it's better to have a way different ways of sending that information together with the metadata. So together with the data itself, and you have to be fully transparent with consent. Like you saw in the other face show user should be able to withdraw as consent and to be clear what that consent was. We prefer to be also when it was given, but likely it's enough just to stay what it is.
So
Here we see how things fall together at the top, all the records being profile, including social media activities, consents web analytics. In this case, I took Google analytics, but of course there are many others EAP and CRM have one on the same user ID or a connected user IDs. The web analytics system, of course does not know who actually is behind that user ID. So it doesn't know the personal information because you won't sharing that with Google on, on their cloud service. At least you should not. But if you bring all this profile data, log data, region buying history, click behavior interest on your website. So how they went through your website and consumer a customer's history itself altogether into a big data lake. You're basically collecting and consented identity analytics and marketing analytics data, as John mentioned. And it will all be in that big data lake.
There's one advantage of that. It's a very, it'll create very powerful, know your customer fuel. You will know who to send that discount code. And even at that time at his birthday, because things are all allowed or consented, you will have that strong customer-centric business build with without breaking GDPR, without violating the privacy regulation and even more important without violating the privacy of your customers itself. And because you do care and take care and respect the customers well informed choices for that. And because you are in that trusted service, the customers is likely willing to share more data over time to give you an even better insight to provide them a better service and as such improve that overall customer experience.
But digital transformation will not stop here. We already see it at our customers, relationships, permissions, mandates interest things over grow, and we'll find that place into the next generation CRM systems. This because relationship management as the whole, the whole communication with the customer itself has become fully digital 24 7. Think of giving your financial advisor the mandate to collect financial data from your banks and pension funds, or to give the postman the instructions to deliver packets at the neighbors, not only ones on number 24, because you don't like them, but the ones on 28, and you give that neighbor on number 28, the mandate to sign for you for that package as it's valuable. And it needs a signature. So things will change with consumer identity, access management going forward as more and more information where the consumer should be in control of that. Our consumer choices, consumer interest consumer data will all end up in that central system and companies that want to survive in this new digital world need that single source of truth for that customer data and consumers. Our customers need to have access all the time to that information. This is where cm lifts the source for consented personal identifiable information for both the consumers, as well as your digital landscape.
So how does that look well on the top, you see the consumers having access to that identity information that is in the center, that single source of truth. Of course, there will only be consumer data accessible that is inputted by the consumer itself, but it will have full control of that, including its consent. Then there's a self-service interface by you click on the consent, remove them change the platforms, attach IOT device, do two factor authentication. So quite advanced user interfacing privacy dashboard that is offered there or from the system. Then of course the different roles within the company itself like compliance the customer care marketing and sales department all can have access to this data store. In our case, it's a big MongoDB data store where all that information about the consumers and customers are collected consumers. Eventually single will end up on the different likely siloed system that are still in the landscape of the customers and these siloed systems, all connected to central sources through, through API layers. So to all have one view of the customer. So this is how things are all connected and how the digital landscape, and is connected to that central source and how consumers can have access to their data.
And that is my presentations. So if there are any questions, I think we'll do the poll first. Isn't it, John? Yeah. So we have some poll questions. People can answer my tool and go to webinar. So we give some time for everybody to answer these, these question, if they like, and then at the end, we have a good overview of the organizations that we're contributing or listening to this webinar and where they are and struggling or interested in.
So, yeah. Second question here. Are you using data from digital systems, cm profiles, web analytics behavior, and E R P to optimize marketing, getting some responses. Okay. Third question. Has your organization empowered the user to control its data, including all the needed consents.
This is basically a profile base where they can also see the data itself where it's used for, and if there's any consent and can withdraw the consent because this kind of information can be hidden in different applications.
We'll share the results.
Okay. A good 30% who master this. That's very good.
Yeah. That's interesting.
Yeah.
I'd say roughly a third and a third, maybe a little bit more on the, not quite there. Let's see. Are you using the combined data for marketing and such? No. 36, somewhat 36.
Yeah. You see that two, two third at least is, is for partly are using it or significantly using it. And this is also our view that we see that it's, it's more and more use and data is getting combined from all the different systems. And if they are put in a data lake, like in my example, or in your example, they're all connected by each other because there's a strong for marketing cloud system that that's different, but it's all the same use basically
Of I or digital marketing organization. Hmm. Well, that's interesting too.
Yeah. See that the IM is still dominant. Also. You see more and more jointly ones. I think the jointly ones are the, the more successful, if it's completely owned by store marketing, you will see silos popping up again, which needs migration into the normal enterprise landscape. If it's an IM only likely it's not going to be very frictionless,
This kind of reflects what I've been seeing too, that there's more of a move. Well, you know, I guess at the beginning of cm, a lot of the initiative initiative was taken by the marketing organization. And now we see more either being started by the it IM organization or even better when they work together on this. So I think, you know, there is that realization that it identity management can become part of the revenue stream, you know? So I think there's a big benefit to it. Organizations working with marketing to deploy these kinds of capabilities, not only for the company, but for the organization within the company that's responsible for. Yeah,
Exactly. Yeah. So shall we switch to the questions because now we're, we're still, we're still talking and talking, John, let's switch it over.
Yeah, let's see. Okay. First question we have is how would CA work together with a customer data platform,
A customer data platform? What I have, what's a customer data platform. John, do you know?
Well, he's abbreviated at CDP. I'm gonna guess it must be different from CRM.
Okay. Probably one big master data set. Yeah.
I mean, I guess I'll address it from the CRM side. I think, you know, they can either export it as sort of common data formats that can be imported by CRM. Where I think in, you know, in the more ideal use cases, there are ways for CIM solution vendors to provide, you know, out of the box connectors to various CRM or marketing automation platforms. Do you have anything you want to add to the cornea?
Yeah. It also depends on what's the authoritative source in this case, because it could be that the cm system is later introduced and that the authoritative source was a previous system or storage of the consumer itself. But the cm system is introduced, solidly consumer gets, gets control, or are there other things like single sun on that are needed between the platforms? So the different stages could be different, could start as that the, the master source feeds into the cm system and it stays the master source. It could be that as a handover on what's trusted and who's able to make changes. So I think we see them in different ones, but normally that connected with provisioning connectors or what I just called in the more modern world web hooks are becoming more and more known.
Yeah. I think that's, that's very true. Okay. So next question we have, how can you measure friction or later on use that to reduce friction?
Yeah, that's a good one. If you look at, at the web analytics software, I just showed as, as an example, the Google ones you normally can see where people drop out. And of course the, the cm system itself shows where in the registration flow. So where the cm system is still in the flow, it will be able to measure exactly every step. And you can also connect that with, with a Google analytics system. So you have an end to end from the registration to any friction you have on your website. So there's a few on the cm system itself where you can measure the friction and see it's reduced, and you could go to one collected shoe. So put in some Google analytics stacks and, and get the information all the way up to the Google Analyst. And you see it in a whole, basically customer interaction where people drop out or take longer, or yeah, just don't don't don't get it or drop out. Yeah. Yeah. And of course, if you message, you can message it later on, might have done some, some things that may have proved may, should be proven things.
Yeah. You know, I think that's a really good point to be able to look at the overall customer experience flow and figure out where are the places where you are having people sort of abandon the process and then figure out from there, you know, what are the ways that we can make this easier? Do we need to collect this information at this point? I mean, depending on the use case, of course there are certain points that we're gonna have to collect more information than others, but is there a way to do it, you know, a little bit more on intrusively? So I, I think that's a really good point. Look at use the tools that are provided to examine the, the flow sort of from beginning to, to the known customer stage and figure out where the, the places are. You can make it easier for them. Okay. Let's see. Next question is if I collect at the start, would that mean I create less friction overall?
Hmm. John, your opinion.
Well, probably, well, I guess it depends. I mean, you know, the, the world that we've lived in up to the GDPR point, people are often presented with a screen full of terms and conditions and privacy policies that as we all know, no one actually reads, they just click accept and they go on. So probably not. I mean, I think if you can walk the, the user gently through the process, you know, only take what information you need at the beginning to sort of create the account and then, you know, watch what they do, get permission, get consent to watch what they do, but then, you know, collect this information in such a way as it isn't burdensome to them to provide the information. What do you think?
Yeah, let's take the Uber example. If they ask the GPS connection from the moment that you install the application, it probably creates less friction, but the result was less people that said yes. So here it's a little bit of a, so it could be that you create less friction if you ask for that kind of permissions upfront. But the question is, is if you then eventually create more value for your customer, because do they understand or can make the decision at that moment? You're basically getting all the questions about what the service can provide. If you, if you give more data at the, at the start, it may reduce friction, but it's, it's not gonna give enough value for the customer. So I think it's a balance there. Friction is not everything here.
Yeah. You know, I like that example because just think about any of the apps that you deal with on a regular basis. If, if they seem like they ask for too much upfront, I know I'm less likely to want to complete the install or complete the registration. So only, only get you need at the beginning. And as you say, as you can deliver the value to the customer, they will, you know, have a much more positive experience. And then they'll probably be more willing to give up more information later, as long as they perceive that ongoing value and, and trust, you know, the trust that they know that your company is going to use the information just for only the purposes that you've listed.
Yeah. Yeah.
Okay. Let's see. Another one here. Why is there a difference between identity analytics and marketing analytics with all data about the consumer, right. Yeah. Mean, I'll start with that. Yeah. I, I think it is all data about the consumer, but I think it's the purposes and what you can do with the data afterward that sort of drive the, the distinction between the two, you know, like I said, on the identity analytic side, I think of that more for, you know, security being able to feed security systems, to look for patterns of fraud and try to reduce fraud. And then also sort of basic information that your site developers can use to know about incomplete registrations. Whereas on the marketing analytics side, it's about, you know, getting useful information to sort of understand what's in the mind of the consumer to be able to give them what they're looking for. How would you characterize that Cornell?
Yeah, I think, I think the marketing side really gets you the view on who it is. And the other side gives you the view on what he's doing because it's mostly event driven. When does he log in? Is he using its social registration for social login for that purpose? So it's event driven data. So it gives a lot more insight about what the consumers actually is doing and how often he's logging in and things like that. Where the marketing site gives you a view of who the person himself is. So one is the profile. The other one is more like the transactions. And I think it's very difficult to put these two into one store. So that's maybe also why you see them all separately, separately, and, and because they have different use cases, like you just mentioned, the fraud department will very likely look at the event information. If there's strange behavior there, if somebody is logging in at stage moment from stage regions and you will not look at the profile information exactly who it is, female male at what age and what name, because that doesn't really, yeah. Doesn't really matter for, for creating the fraud case. So the use cases are different than the people looking at them are different. So that's likely why they don't put them all into one system. At least we're not putting them all into one system.
Well, you know, and that's a good point too. I mean, I think the different kinds of information can be stored separately since they are being used for different purposes. And, and there are a couple of different approaches that the cm solution providers take to that you can either a try to build out the complete functionality for your customers, you know, which would include, you know, maybe having some predefined reports about identity analytics and marketing analytics and, you know, on the cm solution provider side, you're, you're building all the logic for that. You know, another approach is to say, you know, I'm guessing that my customers probably have big data applications and data visualization applications on their own. I'm gonna collect and store all this information and expose it via an API. So, you know, people can, you know, use the existing tools that they have instead of having to, you know, go into the CIM tool to do that. So there's a couple of different ways to go about doing that. That was good question. Any insights on that from your side?
No, only that we see the same thing that there's less and less interest in diving into specific fuse or reports that art tool makes and more and more interest of getting that data in the right bigger tools where they do all the analytics on anyway. So that's certainly a big trend. Yeah. But that's yeah. Expected because of all the big data projects going on. That, that's the first thing that, well, eventually when they're doing all the EAP information and maybe some web analytics information, they will say, okay, we need more information. What do we have? Well, one very important source is of course the cm system then. So I think everybody could see that one coming.
Yeah. You know, you're right. I mean, people are collecting information. They do have all sorts of data lakes and big data applications and vis analytics and visualization tools and things like that. And the, the data that they collect from CIA systems is just one piece they want to analyze perhaps against other data stores. So it's, it makes sense that we kind of move to this API-centric world to process that data too. Okay.
Agree.
Well, final question in the blank is will we get a copy of the recording and the answer to that is, yeah. We'll provide a link that should go out either later today or tomorrow and everyone who attended or registered will be able to get a copy of the recording that way.
Yeah. The recording and, and the two presentation, I think. Is it, isn't it?
Yeah. Yeah. There's yeah. Let's not forget. That's good. Good too. There's handouts in the go to webinar control panel. If you click on the handouts button, you'll be able to download those PDFs as well. Okay, good. Well, we've made it to the top of the hour. I wanted to thank everyone for attending and, and thank you coordinating for the great presentation.
Thank you, John, for the same
And good discussion too. And thanks everyone for the questions as well. And with that, we will conclude today's webinar. And again, check back by tomorrow. We should have this available for you. And with that, have a good day.
We have three major business areas. We do research on those topics that we just mentioned, and we can tailor that to your individual needs. We try to provide vendor neutral advice so we can be objective and stay up to date with all the latest information about products and services. We also have events such as conferences and webinars like this, where we try to provide innovative leadership and a future proof approach our conferences, our good opportunities to network with other people and meet the experts. We also do advisory services. We're a trusted advisory partner for many organizations, and we give the most up to date advice on all areas around the digital transformation.
Speaking of events, we just had our first consumer identity world event in Seattle, a couple of weeks ago. And the next one is upcoming in Amsterdam at the end of October. And then after that, Singapore, November 20th through 22nd, and then following that, we have two events, the cyber security leadership summit and the cyber access summit, both in Berlin, November 12th through the 14th. So we hope you can join us those events today. We'll have some handouts that you can download through the go to webinar control panel. I welcome this provided a white paper and a consent life cycle management profile, as well as a case study. And then we'll also have a poll with some questions from I welcome near the end of the webinar.
So about the webinar itself, everyone is muted. You don't have to mute or unmute yourself. We'll take care of that. We're recording the webinar and we will have the recording available by tomorrow. And we will have a question and answer session at the end. You'll find a box in the go to webinar control panel, where you can enter your questions and can do that anytime during the presentation here. And then we will take those questions at the end. So I'll start off and talk about consumer identity and access management at the high level. Talk about the features and the, the market trends and what the business drivers are, and then I'll turn it over to coordinate and then we'll do the Q and a.
So, as I mentioned, we had our consumer identity world conference a couple of weeks ago here in Seattle. And you know, one of the questions that keeps coming up is around what does the C and cm stand for? And there's a bit of nuance between consumer versus customer, but you know, another topic that floated up from the crowd was around, you know, these solutions also apply to citizens. So let's say that the C and C M can stand for either consumer meaning end user customer, which in some cases might be a business to business and then also citizen.
So I thought we'd start with a little look at what are the differences between IAM and, and consumer IAM. So I am in the olden days, or even today has mostly been about employee facing use cases, whereas cm is consumer customer. And in some cases, citizen facing the authentication methods that IM systems have grown to support over the last couple of decades or things like or smart cards, maybe USB keys, or other kinds of tokens, you know, in addition to username and password, but it's for the most part, a lighter experience on the consumer side, where it's still mostly username password, sometimes the use of social logins or mobile authentication applications or mobile push notifications.
We collect attributes in IM for authorizing people to get access to information. Whereas in consumer identity, we collect attributes to know more about the consumers, both in the financial regulation sense. And then also in the sense to be able to do better marketing to them. We collect that information in stored in LD app or SQL databases in, in some instances for enterprise I, but on the consumer side, it can be LD app SQL or because we also collect unstructured information such as in some cases, audio or video that may go into a Mongo DB or, or some other big data application for single sign on, on the enterprise side, we've been using SAML for about the last 15 years, a slightly more heavyweight version than what we find on the consumer side, which is OAuth and O I D C. And as we learn in the last few days, there can be problems with security if you don't implement those correctly.
And then one of the driving forces on enterprise IM is access control. And one of the things we have to be very concerned about on the consumer side is privacy. If we look at the characteristics in more detail on consumer identity systems, we see that rather than collecting all the information up front like we do from an employee, you know, HR does, and then enter that into the database. We have to sort of progressively get more information from consumers. So we offer self or companies offer self-registration and sometimes the use of social logins and then collect information over time, like user activities, you know, what have they purchased? What have they liked on social media? This provides a more well-rounded view of customer preferences, as well as being able to collect their consent. In this sense, we've got consumer identity sort of feeding CRM systems, and then even marketing and marketing automation systems with more accurate information.
We've talked about things like bring your own device in the past, which is definitely a reality in the consumer side, but also bringing your own identity too. And that's where, you know, we use existing email accounts or existing open ID accounts, as well as users' phones for the basis for identity and consumers generally have an expectation of having an omnichannel experience, meaning they can have the same or similar experience, whether they're using their phone, a tablet or, you know, a full desktop browser solution. Things should pretty much work the same between all the different kinds of platforms, as well as IOT smart home and connected consumer devices. And then, whereas enterprise IM can scale to hundreds of thousands. In many cases, consumer I systems need to scale to billions of identities.
And here's a little look at some of the kinds of data that consumer identity management systems can collect with consent. I'd like to break it into two categories, identity analytics versus marketing analytics on the identity analytics side. There can be information around the number of registrations from consumers. You receive over a given time period. How many of those are incomplete or abandoned? You can also get reports on, you know, how many logins per user and, and then also part-time period. How many of the login attempts are failed? How many profile edits, how many password resets? It's really more of the mechanical elements of the identity management system that we're looking at. When we think about identity analytics, things that can also be used to sort of feed the security intelligence and security incident and event management solutions on the marketing side, many companies are interested in getting demographics, age, gender, where's the user at what have they been looking for? What kinds of things have they purchased and if possible, to tie that to relevant social media activities.
But consent is really the key here. Consumer identity can make the users experience much better, but in the days of GDPR here, we need to be able to tell users, why do you, what are you gonna do with the data that I give you? And then consumers wanna know what do I get out of it? And in many cases they're looking for some sort of reward for granting consent to their information. You know, this can be things like discounts, you know, in, in information that they can use in their experience. But you know, you really have to get the balance, right? One of the key concepts that we talk about with relation to consumer identity is, you know, trying to provide as frictionless and experience as possible for them. So the less data that you collect through a consumer identity and access management solution, the, the better experience they may have at least initially, because it's, you know, less friction, but you do have to collect some data. So as you are moving through the, the user journey, there's a modern amount of data that can be collected that generates some friction. And then there are times when you do have to collect a lot of data, and that might be considered high friction from their, the user perspective. So trying to get the balance right, for the use cases in important consideration.
So we can use consumer identity solutions for KYC applications or know your customer, and, you know, the different attributes I listed a few minutes ago. That's a lot of data that can be generated collected, analyzed from the company or the organization that's deploying that perspective. You can use that information for a number of different purposes, including improving the overall user experience. You could really see what do your consumers and what do they dislike? What are the things that they're looking at? What are the things that they tend to ignore? And you can use that information to decide how you want to develop and extend your site or what to sort of turn off, because it's not really getting the attention from consumers. You can also use the information and tailor marketing campaigns to specific groups of users. You can offer discounts for customers or consumers that buy a lot or buy frequently on your site, or maybe they've been on your site many times and they haven't bought anything. And you want to entice them to buy something. If you're collecting this information, then you can offer those kinds of users discounts in a retail setting.
It can also be used to enhance your brand loyalty and produce higher quality leads, which ultimately should lead to higher revenues. So in this sense, consumer identity management solutions can be a, a part of, you know, a revenue generating business unit. Many times in the it world identity management specialists are often told, you know, we're part of a cost center, you know, we're overhead, but consumer identity can help it shops become part of the overall revenue stream. So I wanted to look at for a minute here, what some of the regulatory drivers are. So in addition to collecting information about consumers and using that for marketing regulations, such as GDPR require the collection of consent for the use of information and consumer identity management solutions can help facilitate that as they are designed to pop up screens and make sure that the end users understand what their data is being used for and, and give them some control too. So it's really important to have an identity or a consumer identity management solution that can facilitate that. We also in the us are now beginning to see an increased interest in privacy at the state level. So we see the California consumer privacy law. That's gonna be coming into effect.
There's also regulations such as PSD two and Europe. PSD two is a financial regulation. The text of the regulation went into effect in January and then testing for the regulatory technical specifications begins in March of next year with an overall implementation date of September of next year. PSD two, essentially mandates a couple of very interesting things for which consumer identity management solutions can help banks in particular. One is strong customer authentication, and then banks have to offer APIs to third party providers and consumer identity can, can help with the strong customer authentication plus providing a bit of a competitive advantage in terms of collecting information about the user to make their overall experience. When they're conducting financial transactions online better, then we also have things like PCI payment cards. And then on the financial side also there's the, the strict financial KYC know your customer. So as the anti-money laundering laws and different jurisdictions that have to be complied with, and things like AML KYC mandate the collection of information about users. It's not necessarily at odds with GDPR and the need to collect consent.
So a little bit more on GDPR, you know, by default privacy has to be sort of built into applications now for applications that are face European consumers and this case. So that means companies have to allow their consumers to opt in, not opt out, which, you know, had previously been the paradigm in many locations around the world. So you have to collect consent and keep a history of their consent and then be able to provide notifications to users. Let's say the 72 hour data breach notification rule customers also have the right to ask for their information about which you're storing to be exported so they can take it with them and to another service provider. And they also have the right to request that you delete the information that you're caring about them. And again, consumer identity management solutions, the well design ones have the capabilities to do this already.
PSD two, as I was mentioning strong customer authentication, you know, they define that in pretty much the standard way, whether it's a combination of something, you have something you are or something, you know, so there are multitude really of different kinds of authenticators that can be used, including, you know, pretty heavy emphasis these days on mobile authentication technologies, such as mobile push applications that are specially designed for mobile authentication. They also have to do transactional risk analysis. This is another place where cm can come into play. Some of the sophisticated CIM solutions, you know, contain the history so that it's easier to do a comparison between current and past transaction requests. Again, there's the need to do know your customer and anti-money laundering. And we believe that banks that have mature consumer identity management solutions will have a competitive advantage cause they can provide a, a better user experience, which will help them keep their customers as competition from these new third party providers increases across Europe.
So real quickly, we've got 20 different functional selection criteria that we believe that end user organization should look at when looking for a consumer identity management solution, there's the ability to do the self-registration or bulk import of users. That's pretty common. Most every one of the cm solutions can do that consent mechanisms. As you can see, it's a important consideration. There is a lot of variability between the consumer IM solutions out there. So if you're doing business in Europe, look for the ones that have the best offerings in this area. User dashboards users should be able to come in and look at what they're, what they've given consent to and change it also to delete or export profile from the dashboard. You should be able to trigger automatic privacy, poly privacy policy change notifications from your cm solution. You should also think about scalability. How many users do you anticipate?
Does the solution provider able to scale up that far white labeling, seamless branding. Again, most of the CIM vendors can do that today. Make sure they have the choice of authenticators that you wanna be able to offer your consumer base. And they should also be able to process social logins most to do that most are able to do open ID or O I D C a risk engine is something that you might wanna consider, especially if you've got the need for higher assurance authentication, which can be used for risk adaptive authentication, step up. You can also, in many cases, import fraud, intelligence or compromised credential intelligence. Think of that as like the, have I been PED, you know, you wanna make sure that you're processing valid logins from consumers. There's also the concept of storing the user information in a profile. You know, what kinds of information can be stored there and the need to do single sign on across multiple web properties. And there's the two different kinds of analytics, both identity and marketing, which can be used to drive marketing automation. Then you should also think about if you have an existing CRM solution, how well does the cm solution you're considering integrate with that and then smart homes and other consumer facing devices and OT need to be integrated with consumer identities. So the, the connecting of device identities with consumer user identities is an important consideration too.
And then lastly, we see some divergence in the CIM solutions, which is really driven by the different kinds of markets that the CIM vendors are going after. So the retail, for instance, you know, may have lower assurance, authentication requirements and, you know, their output, it needs to be more on the marketing side. Whereas, you know, healthcare finance probably needs higher assurance authentication choices. So that leads to differences in the implementations, in the different kinds of solutions that you see in the cm market. And with that, I would like to turn it over to cornea.
Thank you, welcome everybody as introduced already. My name is Kro and I run product that I welcome in this part of the webinar. I will present how organizations are adapting themselves towards a more customer-centric business taking into account. The GDPR has mentioned yet, and how this affects the role cm systems as ours play. First, the short intro of ourselves, I welcome is the European customer or consumer identity and access management player. And we are a full SAS solution. So we are 100% in the cloud. Our customer's data stays within Europe and can even stay within the country. We also support enterprise IM cases with our platform, but for this specific webinar, I will not touch on that.
The main task of our CRM platform is to connect people with our customer's business, which can be fully digital platforms, as well as IOT devices. We create that seamless, single sign on feeling customers expect nowadays offer that 24 7 and protect the data of these customers, both security as privacy wise, which organization is not in digital transformation. Nowadays, certainly the leaders and large organizations that focus on consumers cannot stay behind that transformation is a continuous process. It starts first, then the it and the software platform start to play a role, but an integral part of that transformation is also the way you do business with your customers and how they proceed that good or bad with friction or smooth customers nowadays are only one click away from that from your competition. The decision as such is very easily executed in the digital world. It's just one click.
So you need to take care about your customers. Even more than happy before with the GDPR consumers got rights or better said they already had those rights, but they needed to be enforced better specifically when the customer or consumer becomes known. So that moment you're storing personal information like name or its address into your system. That moment you start managing these consumers or customers. So known you are complicated with a large set of GDPR requirements to fulfill. I think most people in this webinar are aware of these and most of these points who already matched by John, for sure if Don incorrect, these initiative, things like consent, create friction instead of remove it. And if you don't use consent, you will have less data to know your customer about and to do nice marketing campaigns, discounting, site personalization, et cetera. So this part going from pseudonymous to known is not only a big effort, but it also creates or can be creating friction.
What is clear is that consumers are Mo moving more towards the center where you have to attract, convert and enrich them to create a long lasting relationship. And that are now in control of that data. They are even allowed to withdraw that data and to have it corrected when it's wrong in your systems, putting that consumer, that identity in the center, you will see there are new things arriving. We already have personal data. You see that on the left that you need to data protect, but preference manage management has become more important as opt in is become the enforced standard, both from the GDPR, as well as the new EPRI regulation that will likely be approved by the EU first half next year. And then the number one of new things on the block is consent and all its facets like cycle management, life cycle management, and the, the fact that you have to change, be able to change your consent, extend it, or withdraw it with consent. It is important to realize that you cannot hide this in your privacy policy in terms of service.
Like we can use your birthday to profile you on our book, selling website. It's forbidden as you make that use mandatory while you don't need it to sell that book. And because you made it mandatory, they have the right, the birthday, they have to give the birthday to make use of your service, which makes the date birthday not freely given. So that violates this, what you see in the screen, the GDPR, the rule around freed given. So you need consent management. If you want more data object on consumers that you minimally to provide the service and that consent needs to be asked in an informed way, you have to be explicit in what you will do with the data and exactly what, and you have to sell it as by default. The answer is no as it's opt in. So you need to tell what a reward or benefit for the, for the consumer is to share that additional data.
And that is an agreement with, of course you need to store and you need to prove that you have it, and the consumer should be able to withdraw it as simple as they gave it. So how do you do that? Well, first of all, in cm system, you have this golden records you see in the middle, the yellow bar, where all the attributes are stored that you collect during the customer journey. So to say, to store specific consent on the date of birth, you have to store that as part of that data birth or in a separate data store source. We choose to put that in the metadata of the data birth and to make it a multi value. So you can have multiple consents on the date of birth, for instance, to profile the webpage, that bookstore, to send them a discount check when his date of birth is or to do something else with it. So we can record basically all these different consents. You also have the possibility to store a lot more metadata around it. So where the data came from, but also things like the expiration date, or if it's confidential or not. So things like data retention can all be stored there.
Then of course, the UI gives you the possibility to fuel all that information, your consents, certain metadata. It gives you the capabilities of changing the data to receive a received of the consent and to request certain consent. Then if you look at it, how it's connected that central system has two ways of exposing one is using just in time. So asking consent, basically, progressively, this is done during the customer journey. So when a customer starts registration, that's a part of the customer journey later by the product half year later, bys another product. And then the whole time that the customers basically engages with you, you collect different consents, you collect different profile information and you store that in that golden record and the metadata then for your digital platform, have the possibilities on the top to have these digital platform, which can be marketing clouds being provisioned, or you can have them push and pull that kind of information using WebBook.
So that's basically the way the digital platform is connected in this few, you see the different way consent can be captured on the left side, it's doing the registration. That's interesting because you do not want to ask too much consent kind of thing. So you have to do it light as it cannot be mandatory. Cause then it would not be a consent, but nevertheless, you have the ability to ask, for instance, for the birthday and state that you, what you're doing with that additional information in the middle, you see a typical just in time consent. I will show you more examples later on this pops up during the customer journey itself. So at the right moment, when you have value to add, you will ask that specific question, you'll be clear what you will be doing with the data, for what purpose. And it's clear for them what they get back from it on the right side, it's basically the self-service capabilities call a privacy dashboard or a like, or preference dashboard that gives you the possibility to change the consent.
You are given to change things like an email letter or the consent on birthday to send you a birthday card. Another thing that's important is transparency, transparency on the data that you have collected in the way you're processing it, of course, but also transparency because they can correct data that is incorrect in your system. One of the GDPR rules creating transparency can also mean that if you click on, for instance, here, mobile phone number on the right, you see that some of this information can be used from out of contract or maybe legitimate interest. So these are the great out ones you see in the middle. You cannot turn 'em off as a part of the contract. If you turn 'em off, basically you would not be able to provide that service as when it's mandatory. It needs to be the minimum use. The other ones you see on the bottom are specific ones that could be collected doing any of the progressive consent or sorry, just in time consent or during the registration process. And you will be able to turn them off later on, as easy as they were given.
Good examples of just in time consent. I'll take just one of these examples is Uber. If you know the Uber app, if you install it using the app store, they will, the Uber app itself will not ask for the GPS connection from the start you install it. It will let you first book a trip from a to B. And then the moment that you select the trip and say, collect me, please collect me taxi driver. Then at that moment, the Uber app will ask you for using the GPS information from your mobile phone. So they ask it at that time and they return for it. The simple value as that, it's easier than for the taxi driver to find you. So they return that value for getting your consent on using the TPS position. They likely I haven't checked lately, but they likely also say it will make it easier for you to, to input your start address.
So if you look at consent, there are a couple of things that are important to, to have. First of all, you need to ask at the right time, just in time consent as the customer journey can take for years. And if you collect all the consents at the start, likely you create a very frictionless registration process, second need to be updated by any business application. So you need a consent API that is full feature. So your application should be able to request, to request a desk consent, to write down the consent, because it could be collected in that business application itself to check that consent because it's a marketing tool, they can send you an email letter. So there should be an API that is full featured that gives you that possibility. It also needs to travel with the data because if you send that birthday, for instance, to a certain data store, then that specific application that's connected to that data store doesn't know what the limitations are of using that data. And that's not good. So it's better to have a way different ways of sending that information together with the metadata. So together with the data itself, and you have to be fully transparent with consent. Like you saw in the other face show user should be able to withdraw as consent and to be clear what that consent was. We prefer to be also when it was given, but likely it's enough just to stay what it is.
So
Here we see how things fall together at the top, all the records being profile, including social media activities, consents web analytics. In this case, I took Google analytics, but of course there are many others EAP and CRM have one on the same user ID or a connected user IDs. The web analytics system, of course does not know who actually is behind that user ID. So it doesn't know the personal information because you won't sharing that with Google on, on their cloud service. At least you should not. But if you bring all this profile data, log data, region buying history, click behavior interest on your website. So how they went through your website and consumer a customer's history itself altogether into a big data lake. You're basically collecting and consented identity analytics and marketing analytics data, as John mentioned. And it will all be in that big data lake.
There's one advantage of that. It's a very, it'll create very powerful, know your customer fuel. You will know who to send that discount code. And even at that time at his birthday, because things are all allowed or consented, you will have that strong customer-centric business build with without breaking GDPR, without violating the privacy regulation and even more important without violating the privacy of your customers itself. And because you do care and take care and respect the customers well informed choices for that. And because you are in that trusted service, the customers is likely willing to share more data over time to give you an even better insight to provide them a better service and as such improve that overall customer experience.
But digital transformation will not stop here. We already see it at our customers, relationships, permissions, mandates interest things over grow, and we'll find that place into the next generation CRM systems. This because relationship management as the whole, the whole communication with the customer itself has become fully digital 24 7. Think of giving your financial advisor the mandate to collect financial data from your banks and pension funds, or to give the postman the instructions to deliver packets at the neighbors, not only ones on number 24, because you don't like them, but the ones on 28, and you give that neighbor on number 28, the mandate to sign for you for that package as it's valuable. And it needs a signature. So things will change with consumer identity, access management going forward as more and more information where the consumer should be in control of that. Our consumer choices, consumer interest consumer data will all end up in that central system and companies that want to survive in this new digital world need that single source of truth for that customer data and consumers. Our customers need to have access all the time to that information. This is where cm lifts the source for consented personal identifiable information for both the consumers, as well as your digital landscape.
So how does that look well on the top, you see the consumers having access to that identity information that is in the center, that single source of truth. Of course, there will only be consumer data accessible that is inputted by the consumer itself, but it will have full control of that, including its consent. Then there's a self-service interface by you click on the consent, remove them change the platforms, attach IOT device, do two factor authentication. So quite advanced user interfacing privacy dashboard that is offered there or from the system. Then of course the different roles within the company itself like compliance the customer care marketing and sales department all can have access to this data store. In our case, it's a big MongoDB data store where all that information about the consumers and customers are collected consumers. Eventually single will end up on the different likely siloed system that are still in the landscape of the customers and these siloed systems, all connected to central sources through, through API layers. So to all have one view of the customer. So this is how things are all connected and how the digital landscape, and is connected to that central source and how consumers can have access to their data.
And that is my presentations. So if there are any questions, I think we'll do the poll first. Isn't it, John? Yeah. So we have some poll questions. People can answer my tool and go to webinar. So we give some time for everybody to answer these, these question, if they like, and then at the end, we have a good overview of the organizations that we're contributing or listening to this webinar and where they are and struggling or interested in.
So, yeah. Second question here. Are you using data from digital systems, cm profiles, web analytics behavior, and E R P to optimize marketing, getting some responses. Okay. Third question. Has your organization empowered the user to control its data, including all the needed consents.
This is basically a profile base where they can also see the data itself where it's used for, and if there's any consent and can withdraw the consent because this kind of information can be hidden in different applications.
We'll share the results.
Okay. A good 30% who master this. That's very good.
Yeah. That's interesting.
Yeah.
I'd say roughly a third and a third, maybe a little bit more on the, not quite there. Let's see. Are you using the combined data for marketing and such? No. 36, somewhat 36.
Yeah. You see that two, two third at least is, is for partly are using it or significantly using it. And this is also our view that we see that it's, it's more and more use and data is getting combined from all the different systems. And if they are put in a data lake, like in my example, or in your example, they're all connected by each other because there's a strong for marketing cloud system that that's different, but it's all the same use basically
Of I or digital marketing organization. Hmm. Well, that's interesting too.
Yeah. See that the IM is still dominant. Also. You see more and more jointly ones. I think the jointly ones are the, the more successful, if it's completely owned by store marketing, you will see silos popping up again, which needs migration into the normal enterprise landscape. If it's an IM only likely it's not going to be very frictionless,
This kind of reflects what I've been seeing too, that there's more of a move. Well, you know, I guess at the beginning of cm, a lot of the initiative initiative was taken by the marketing organization. And now we see more either being started by the it IM organization or even better when they work together on this. So I think, you know, there is that realization that it identity management can become part of the revenue stream, you know? So I think there's a big benefit to it. Organizations working with marketing to deploy these kinds of capabilities, not only for the company, but for the organization within the company that's responsible for. Yeah,
Exactly. Yeah. So shall we switch to the questions because now we're, we're still, we're still talking and talking, John, let's switch it over.
Yeah, let's see. Okay. First question we have is how would CA work together with a customer data platform,
A customer data platform? What I have, what's a customer data platform. John, do you know?
Well, he's abbreviated at CDP. I'm gonna guess it must be different from CRM.
Okay. Probably one big master data set. Yeah.
I mean, I guess I'll address it from the CRM side. I think, you know, they can either export it as sort of common data formats that can be imported by CRM. Where I think in, you know, in the more ideal use cases, there are ways for CIM solution vendors to provide, you know, out of the box connectors to various CRM or marketing automation platforms. Do you have anything you want to add to the cornea?
Yeah. It also depends on what's the authoritative source in this case, because it could be that the cm system is later introduced and that the authoritative source was a previous system or storage of the consumer itself. But the cm system is introduced, solidly consumer gets, gets control, or are there other things like single sun on that are needed between the platforms? So the different stages could be different, could start as that the, the master source feeds into the cm system and it stays the master source. It could be that as a handover on what's trusted and who's able to make changes. So I think we see them in different ones, but normally that connected with provisioning connectors or what I just called in the more modern world web hooks are becoming more and more known.
Yeah. I think that's, that's very true. Okay. So next question we have, how can you measure friction or later on use that to reduce friction?
Yeah, that's a good one. If you look at, at the web analytics software, I just showed as, as an example, the Google ones you normally can see where people drop out. And of course the, the cm system itself shows where in the registration flow. So where the cm system is still in the flow, it will be able to measure exactly every step. And you can also connect that with, with a Google analytics system. So you have an end to end from the registration to any friction you have on your website. So there's a few on the cm system itself where you can measure the friction and see it's reduced, and you could go to one collected shoe. So put in some Google analytics stacks and, and get the information all the way up to the Google Analyst. And you see it in a whole, basically customer interaction where people drop out or take longer, or yeah, just don't don't don't get it or drop out. Yeah. Yeah. And of course, if you message, you can message it later on, might have done some, some things that may have proved may, should be proven things.
Yeah. You know, I think that's a really good point to be able to look at the overall customer experience flow and figure out where are the places where you are having people sort of abandon the process and then figure out from there, you know, what are the ways that we can make this easier? Do we need to collect this information at this point? I mean, depending on the use case, of course there are certain points that we're gonna have to collect more information than others, but is there a way to do it, you know, a little bit more on intrusively? So I, I think that's a really good point. Look at use the tools that are provided to examine the, the flow sort of from beginning to, to the known customer stage and figure out where the, the places are. You can make it easier for them. Okay. Let's see. Next question is if I collect at the start, would that mean I create less friction overall?
Hmm. John, your opinion.
Well, probably, well, I guess it depends. I mean, you know, the, the world that we've lived in up to the GDPR point, people are often presented with a screen full of terms and conditions and privacy policies that as we all know, no one actually reads, they just click accept and they go on. So probably not. I mean, I think if you can walk the, the user gently through the process, you know, only take what information you need at the beginning to sort of create the account and then, you know, watch what they do, get permission, get consent to watch what they do, but then, you know, collect this information in such a way as it isn't burdensome to them to provide the information. What do you think?
Yeah, let's take the Uber example. If they ask the GPS connection from the moment that you install the application, it probably creates less friction, but the result was less people that said yes. So here it's a little bit of a, so it could be that you create less friction if you ask for that kind of permissions upfront. But the question is, is if you then eventually create more value for your customer, because do they understand or can make the decision at that moment? You're basically getting all the questions about what the service can provide. If you, if you give more data at the, at the start, it may reduce friction, but it's, it's not gonna give enough value for the customer. So I think it's a balance there. Friction is not everything here.
Yeah. You know, I like that example because just think about any of the apps that you deal with on a regular basis. If, if they seem like they ask for too much upfront, I know I'm less likely to want to complete the install or complete the registration. So only, only get you need at the beginning. And as you say, as you can deliver the value to the customer, they will, you know, have a much more positive experience. And then they'll probably be more willing to give up more information later, as long as they perceive that ongoing value and, and trust, you know, the trust that they know that your company is going to use the information just for only the purposes that you've listed.
Yeah. Yeah.
Okay. Let's see. Another one here. Why is there a difference between identity analytics and marketing analytics with all data about the consumer, right. Yeah. Mean, I'll start with that. Yeah. I, I think it is all data about the consumer, but I think it's the purposes and what you can do with the data afterward that sort of drive the, the distinction between the two, you know, like I said, on the identity analytic side, I think of that more for, you know, security being able to feed security systems, to look for patterns of fraud and try to reduce fraud. And then also sort of basic information that your site developers can use to know about incomplete registrations. Whereas on the marketing analytics side, it's about, you know, getting useful information to sort of understand what's in the mind of the consumer to be able to give them what they're looking for. How would you characterize that Cornell?
Yeah, I think, I think the marketing side really gets you the view on who it is. And the other side gives you the view on what he's doing because it's mostly event driven. When does he log in? Is he using its social registration for social login for that purpose? So it's event driven data. So it gives a lot more insight about what the consumers actually is doing and how often he's logging in and things like that. Where the marketing site gives you a view of who the person himself is. So one is the profile. The other one is more like the transactions. And I think it's very difficult to put these two into one store. So that's maybe also why you see them all separately, separately, and, and because they have different use cases, like you just mentioned, the fraud department will very likely look at the event information. If there's strange behavior there, if somebody is logging in at stage moment from stage regions and you will not look at the profile information exactly who it is, female male at what age and what name, because that doesn't really, yeah. Doesn't really matter for, for creating the fraud case. So the use cases are different than the people looking at them are different. So that's likely why they don't put them all into one system. At least we're not putting them all into one system.
Well, you know, and that's a good point too. I mean, I think the different kinds of information can be stored separately since they are being used for different purposes. And, and there are a couple of different approaches that the cm solution providers take to that you can either a try to build out the complete functionality for your customers, you know, which would include, you know, maybe having some predefined reports about identity analytics and marketing analytics and, you know, on the cm solution provider side, you're, you're building all the logic for that. You know, another approach is to say, you know, I'm guessing that my customers probably have big data applications and data visualization applications on their own. I'm gonna collect and store all this information and expose it via an API. So, you know, people can, you know, use the existing tools that they have instead of having to, you know, go into the CIM tool to do that. So there's a couple of different ways to go about doing that. That was good question. Any insights on that from your side?
No, only that we see the same thing that there's less and less interest in diving into specific fuse or reports that art tool makes and more and more interest of getting that data in the right bigger tools where they do all the analytics on anyway. So that's certainly a big trend. Yeah. But that's yeah. Expected because of all the big data projects going on. That, that's the first thing that, well, eventually when they're doing all the EAP information and maybe some web analytics information, they will say, okay, we need more information. What do we have? Well, one very important source is of course the cm system then. So I think everybody could see that one coming.
Yeah. You know, you're right. I mean, people are collecting information. They do have all sorts of data lakes and big data applications and vis analytics and visualization tools and things like that. And the, the data that they collect from CIA systems is just one piece they want to analyze perhaps against other data stores. So it's, it makes sense that we kind of move to this API-centric world to process that data too. Okay.
Agree.
Well, final question in the blank is will we get a copy of the recording and the answer to that is, yeah. We'll provide a link that should go out either later today or tomorrow and everyone who attended or registered will be able to get a copy of the recording that way.
Yeah. The recording and, and the two presentation, I think. Is it, isn't it?
Yeah. Yeah. There's yeah. Let's not forget. That's good. Good too. There's handouts in the go to webinar control panel. If you click on the handouts button, you'll be able to download those PDFs as well. Okay, good. Well, we've made it to the top of the hour. I wanted to thank everyone for attending and, and thank you coordinating for the great presentation.
Thank you, John, for the same
And good discussion too. And thanks everyone for the questions as well. And with that, we will conclude today's webinar. And again, check back by tomorrow. We should have this available for you. And with that, have a good day.
Stay Connected
Related Videos
How can we help you