Event Recording
How Policy Based CIAM can Improve the Customer Journey
In an ever-changing and rapidly evolving world, the fight about the customer is getting tougher. Companies that can offer a customer-centric approach have the advantage. With new technologies such as mobile, internet of things, social media, and big data, the approach towards customers is getting redefined.
During this presentation, TrustBuilder’s Sales Director for Benelux Kurt Berghs will give some industry-based examples of how policy-based Customer Identity and Access Management (CIAM) can help with these new challenges.
For different markets such as finance, insurance, HR and retail, a secure CIAM provides better and more flexible services to consumers such as using social media accounts, adaptive authentication, single sign-on or even customer onboarding. Attribute-based access control helps to put your customer’s expectations first in an automated business landscape.
So thank you Cole for having me have this presentation. And I'm gonna talk a bit following your, your last presentation on how policy based CIM can, can improve the customer journey. Because we're when I was at school, we were learning about the third industrial revolution where we had, and it was big news because we, we started with working with PCs and internet and all our lives are going to are going to change. And what I saw last time in a, when I was at one of these conference today, we're already at the fourth industrial revolution and it's a big change there. It's a really big changer compared to the previous ones. First of all, it goes a lot faster. There are lots more domains, but the most important one of of change in this new industrial revolution is that it's instead of empowering corporations, this is empowering the people, all those new things that we are having today.
Make sure that, for example, if you look, if you go to an Ikea store and you don't like the furniture, what you see anymore, you can buy a 3d printer instead and do it yourself. So it's a big game changer. Also for the corporations. They have to listen a lot more to, to their customers and to their consumers. So for this presentation, I was looking at the challenges that corporations and are, are, are facing. And I took four, five different verticals, finance, insurance, eHealth, eCommerce, and HR to see, okay, what are the challenges in it, of course, that they are facing today. And it depended a bit on, on the vertical, on how many challenges they saw eCommerce, you find hundreds of challenges. HR was a bit more difficult. It depended a bit on what they're doing, but you can see that there, there are lots of different challenges, but if you drill down to them, you always see five challenges popping up. Yeah, I see people taking pictures, but they, I think there will be distributed as well.
If, if you break them down, basically there are always five things that are, are popping all up all the time. First of all, the first challenges, how do you get a physical person into a digital person? So getting customer onboarding, making that easy, the second one, once you have that digital customer, you want to give him access and that needs to be secure. So you need to, first of all, give him secure access, but then you don't want to bother the customer again, to do this strong authentication type and everything. Third one is distributed. Data. Data is everywhere. And you as a com even within your own organization and you have to get the right information to those customers. So add that if you call somebody, if a customer calls you that you know who the customer is and what he has done with you, especially if you're talking to big organization, it can be sometimes very frustrating new one.
And especially in, in the EU collaboration between companies is also needed. I think in finance about PSD two, it's not only corporations between banks, but also collaboration between banks, e-commerce sites or banks and insurance. There's a lot of data that needs to be shared on a, on a safe way. And the last one and that one, I find very interesting in the insurance company, for example, in the insurance market, it's very important to get data. You said don't be creepy, but on the other hand, if you explain to a customer why you need this data, it can be very interesting for, for example, take healthcare. We have the smart watches and all your health is being monitored. That can be interesting for in, in healthcare to get the correct diagnosis. It's a very big thing in healthcare, but also in insurance, if you're healthy, you can get lower policies, or if you drive carefully and the, the industry insurance company knows this, you can get a better, better policy.
So let me explain a bit and if you do it like that, then maybe it's not so bad that they get all that data. So let me a bit explain how you, how we can solve this with policy based authentication and to do this, I need to first explain a little bit about the new company I'm working for trust builder. So trust builder was founded in 1999 as secure. It's still known as secure it here in the Netherlands secure ITT BV, but they have about a hundred identity and access management specialists, mainly consultants and developer were present in Belgium, Germany, UK, and the us. If you look at the product. So we created a product called trust builder, and we have over 40 million users connecting through trust builder, the trust builder identity hub. And what is this trust builder identity hub? So it's a product, an IM product. Of course,
It's an IM product. And basically what it does is if you looked at the beginning of it, you had the applications running locally and, and every application had its own identity store later. You wanted companies wanted to add either two factor authentication or having something to distributed identities over, keeping them in place into one system, and then adding that, giving access through those applications based on, on these local identity stores. And then cloud started SA started. So then the cloud providers came up like Salesforce and they again had their own identity stores with their own protocols and their own definitions of, of who a user is and, and whatever. And now what we're lately seeing popping up more and more in the last few years is federated identities. So identities, which are in the cloud, like in Belgium, you have, it's me, you in the Netherlands, you have iden in the Nordics, you have bank ID.
And basically it's a provider of identities, which is storing your identity in the clouds and giving, allowing other applications to get access through those users. So what trust builder does is basically connecting all these local identity stores and applications, as well as those cloud based identities and applications together. And to do this, we've created something which is called a workflow engine, which will allow you to give a customer journey. This is also very interesting because basically it looks like a video template, but behind it is real code. So it makes it very easy for business people, the business people to create a customer journey or an application flow that they need, which can then be implemented by an IM engineer can be deployed, but also can be reviewed very easily by the security people at this is basically represe. This is a representation of some code, which is behind it, which makes it very easy to review all, all the different parts that are done between those different identity and application stores.
And to get all this data from one side to the other, basically, instead of choosing for role based authentication trust builder from the very start was working on attribute based access control. The difference between the two is that with role based, you're pretty limited to what you can do, and you're fixed with the, with the vendors instructions, okay, this is a, a sales guy and he can have access from there to there. And so you are creating different roles with attributes. There's no limit anymore. You can of course say, okay, this is sales guy. He's from this team, he's inside the office or outside the office, but you can also get attributes from different kind of applications. Revenue can also be an attribute, how much revenue did a customer give you? And based on this, we're going to create policies where you can give access to some people, depending on all those different attributes.
But we can also share those attributes between the different applications that are available. So I needed this little bit of context to explain how, how we would trust builder will tackle these challenges that we have. So the first one is customer onboarding. If you look at what customers want, we saw the explanations there in the beginning, customers, don't like to type in a lot of data and everything, and they want to be able to sign up on mobile on laptops. It has to be the same everywhere pain points, especially in finance, sometimes insurance, but also HR is that as a company, you need paper or at least some digital identity and everything. So what you want is a solution which can prove the identity, which works on mobile and has some link with that federated, those federated authentication identity providers. And this is how it looks like in one of those workflows that we created.
This is an actual workflow where we can create, we've created this for a company called one span. They have the SIG live service, and there we have a customer onboarding template where we can first authenticate a user and then have that customer sign a document, be it on a PC or a laptop or tablet, or even an iPhone or Android don't want do that. Second one is authentication. When I was talking to Google a couple of years ago, when I was still working for Swan, we wanted to offer them two factor authentication. And basically they said, came back to us and say like, no customers don't want to authenticate. They don't even want to use a simple password. They don't want to use a password. So they don't like to, if they go to a website they want automatically to be logged on and you can see it.
If somebody uses Google, you can see basically you don't need to type in a password. Google remembers who you are, where you are on your PC. And if you're on a different PC, then you will only challenge for a password. Also on the, on the iPhone. Now you want to use the, the fingerprint instead of typing in all those passwords, as for the security people, of course, they shiver about this when they hear this, because first of all, they have lots of applications to, to secure. And then there's the hackers trying to get into, into those applications. So you need a solution, which is first of all, who can give a single son towards all the different applications that you have, but what, which can also offer a step up authentication. If you know, from a customer that he is working on this PC and always is working on this PC, why would you ask him about a password? If you're 100% certain that it is that person, why bother him with a password? If you, you are in doubt, then you're gonna ask for a step up authentication, Hey, provide me a password or provide me with two-factor authentication. And again, this is again, a realtime flow where we do this, depending on if the customers know on this PC or not.
Next one is about distributed data customers. First of all, they have different web applications, different applications from companies working on different devices, mobile web. And if you look at the company, that could be a pain point because there are different silos working in those companies where all the data is, is shared. If you call for example, I had to experience a couple of times if I called my bank, which is also my insurer, it is always getting on the phone and oh, can you hold on, you get this waiting line before you get transferred to the correct people that has an impact on me as a customer. So I changed banks and insurance companies quite a lot. And that's all because yeah, you don't get what you need. As a, as a company is first. You need to think about the customer first and you need to get a link between all those different applications.
For example, again, if, if I want to log onto a company and, and maybe I have multiple emails, why only go to the first one? And this is a bit about the attribute sharing could be about email addresses, but can also be revenue. How much am I spending at a certain company? And if it's available in different data, we can have hear a workflow which will look at all the different data points available in the company, and then share that attribute back to the latest data base, where, where you need without that you need to synchronize or look into the different applications.
But one is about collaboration. So we're talking about PSD two eCommerce banks. These day with PSD two, they need to open up their systems, their customers, their applications towards eCommerce, websites, fintechs, also their competitors. So you can very easily as a consumer, you can very easily log into your data and look at it from one place. I don't know, here in the Netherlands, I don't have a Dutch account, but from Belgium, for example, with KBC or Belfius, you can already see that if I log into my Bellevue's account, I can get the data from KBC or all the other banks where I also have accounts. So they need to work together there, which is very painful for the company. Because first of all, you need to worry about the security eCommerce sites. That's fine. But if you want to have a Belgium eCommerce site, you also need to be able to have the Chinese websites, eCommerce sites.
So you need to talk about the security. And if, especially when we're talking about the FinTech, it's about time to market. How fast can you deploy your solution so that your customers are not going to those new fintechs, but are staying loyal to you so you can get your branch recognition available as well. So you need a flexible solution, which gives value for money. And here again, we have already done this with a couple of banks where we put the trust builder identity hub as an intermediate between the banks and then the fintechs or the PSP PSP providers. But also on the other hand, if you're a FinTech and you want to have access to all the different banks, we can create the connections to those different banks. And then the last one it's about the insurance or the healthcare companies, where you need to get all the data from IOT devices and everywhere you need to be the difficulty there is, okay, how are we, how can we be certain that it's the data from the correct person goes over a lot of industries.
And again, there there's a competition. If you look at insurance companies, there are new insurance companies popping up specifying in one specific area there. So you need again, a flexible solution, which is also very intelligent and can distribute data over the different systems. So there, again, with the attribute sharing, we can with trust builder, get data from IOT devices, from different applications, different identity source, and redistribute them into the specific applications that you have. So to round up attribute based access control through policies. First of all, it gives you a lot of flexibility. If you look at the new market, the new world, remember the industry, the latest industrial revolution, it's about the consumer. The consumer will work very disruptively and you need to take him into account. You cannot just say, look okay. You cannot just impose your own model to those consumers. And there are lots of examples already of companies who try to do this and who failed take the photo photography industry, the video industry.
There were lots of examples there of companies who do not try to adapt to their customers and they're failing, and they're really disappearing. So you need to listen to your customers and make sure that you can give them what they want. Make sure that you can give them at a, at a timely manner so that the competition doesn't overtake you and the advantages there is that having something like a trust builder in between is that you don't need to change your infrastructure. You always have this. You can keep your infrastructure as is, and we can divide the attributes or share the attributes between all the different systems. So that was my keynote. Thank you.
Make sure that, for example, if you look, if you go to an Ikea store and you don't like the furniture, what you see anymore, you can buy a 3d printer instead and do it yourself. So it's a big game changer. Also for the corporations. They have to listen a lot more to, to their customers and to their consumers. So for this presentation, I was looking at the challenges that corporations and are, are, are facing. And I took four, five different verticals, finance, insurance, eHealth, eCommerce, and HR to see, okay, what are the challenges in it, of course, that they are facing today. And it depended a bit on, on the vertical, on how many challenges they saw eCommerce, you find hundreds of challenges. HR was a bit more difficult. It depended a bit on what they're doing, but you can see that there, there are lots of different challenges, but if you drill down to them, you always see five challenges popping up. Yeah, I see people taking pictures, but they, I think there will be distributed as well.
If, if you break them down, basically there are always five things that are, are popping all up all the time. First of all, the first challenges, how do you get a physical person into a digital person? So getting customer onboarding, making that easy, the second one, once you have that digital customer, you want to give him access and that needs to be secure. So you need to, first of all, give him secure access, but then you don't want to bother the customer again, to do this strong authentication type and everything. Third one is distributed. Data. Data is everywhere. And you as a com even within your own organization and you have to get the right information to those customers. So add that if you call somebody, if a customer calls you that you know who the customer is and what he has done with you, especially if you're talking to big organization, it can be sometimes very frustrating new one.
And especially in, in the EU collaboration between companies is also needed. I think in finance about PSD two, it's not only corporations between banks, but also collaboration between banks, e-commerce sites or banks and insurance. There's a lot of data that needs to be shared on a, on a safe way. And the last one and that one, I find very interesting in the insurance company, for example, in the insurance market, it's very important to get data. You said don't be creepy, but on the other hand, if you explain to a customer why you need this data, it can be very interesting for, for example, take healthcare. We have the smart watches and all your health is being monitored. That can be interesting for in, in healthcare to get the correct diagnosis. It's a very big thing in healthcare, but also in insurance, if you're healthy, you can get lower policies, or if you drive carefully and the, the industry insurance company knows this, you can get a better, better policy.
So let me explain a bit and if you do it like that, then maybe it's not so bad that they get all that data. So let me a bit explain how you, how we can solve this with policy based authentication and to do this, I need to first explain a little bit about the new company I'm working for trust builder. So trust builder was founded in 1999 as secure. It's still known as secure it here in the Netherlands secure ITT BV, but they have about a hundred identity and access management specialists, mainly consultants and developer were present in Belgium, Germany, UK, and the us. If you look at the product. So we created a product called trust builder, and we have over 40 million users connecting through trust builder, the trust builder identity hub. And what is this trust builder identity hub? So it's a product, an IM product. Of course,
It's an IM product. And basically what it does is if you looked at the beginning of it, you had the applications running locally and, and every application had its own identity store later. You wanted companies wanted to add either two factor authentication or having something to distributed identities over, keeping them in place into one system, and then adding that, giving access through those applications based on, on these local identity stores. And then cloud started SA started. So then the cloud providers came up like Salesforce and they again had their own identity stores with their own protocols and their own definitions of, of who a user is and, and whatever. And now what we're lately seeing popping up more and more in the last few years is federated identities. So identities, which are in the cloud, like in Belgium, you have, it's me, you in the Netherlands, you have iden in the Nordics, you have bank ID.
And basically it's a provider of identities, which is storing your identity in the clouds and giving, allowing other applications to get access through those users. So what trust builder does is basically connecting all these local identity stores and applications, as well as those cloud based identities and applications together. And to do this, we've created something which is called a workflow engine, which will allow you to give a customer journey. This is also very interesting because basically it looks like a video template, but behind it is real code. So it makes it very easy for business people, the business people to create a customer journey or an application flow that they need, which can then be implemented by an IM engineer can be deployed, but also can be reviewed very easily by the security people at this is basically represe. This is a representation of some code, which is behind it, which makes it very easy to review all, all the different parts that are done between those different identity and application stores.
And to get all this data from one side to the other, basically, instead of choosing for role based authentication trust builder from the very start was working on attribute based access control. The difference between the two is that with role based, you're pretty limited to what you can do, and you're fixed with the, with the vendors instructions, okay, this is a, a sales guy and he can have access from there to there. And so you are creating different roles with attributes. There's no limit anymore. You can of course say, okay, this is sales guy. He's from this team, he's inside the office or outside the office, but you can also get attributes from different kind of applications. Revenue can also be an attribute, how much revenue did a customer give you? And based on this, we're going to create policies where you can give access to some people, depending on all those different attributes.
But we can also share those attributes between the different applications that are available. So I needed this little bit of context to explain how, how we would trust builder will tackle these challenges that we have. So the first one is customer onboarding. If you look at what customers want, we saw the explanations there in the beginning, customers, don't like to type in a lot of data and everything, and they want to be able to sign up on mobile on laptops. It has to be the same everywhere pain points, especially in finance, sometimes insurance, but also HR is that as a company, you need paper or at least some digital identity and everything. So what you want is a solution which can prove the identity, which works on mobile and has some link with that federated, those federated authentication identity providers. And this is how it looks like in one of those workflows that we created.
This is an actual workflow where we can create, we've created this for a company called one span. They have the SIG live service, and there we have a customer onboarding template where we can first authenticate a user and then have that customer sign a document, be it on a PC or a laptop or tablet, or even an iPhone or Android don't want do that. Second one is authentication. When I was talking to Google a couple of years ago, when I was still working for Swan, we wanted to offer them two factor authentication. And basically they said, came back to us and say like, no customers don't want to authenticate. They don't even want to use a simple password. They don't want to use a password. So they don't like to, if they go to a website they want automatically to be logged on and you can see it.
If somebody uses Google, you can see basically you don't need to type in a password. Google remembers who you are, where you are on your PC. And if you're on a different PC, then you will only challenge for a password. Also on the, on the iPhone. Now you want to use the, the fingerprint instead of typing in all those passwords, as for the security people, of course, they shiver about this when they hear this, because first of all, they have lots of applications to, to secure. And then there's the hackers trying to get into, into those applications. So you need a solution, which is first of all, who can give a single son towards all the different applications that you have, but what, which can also offer a step up authentication. If you know, from a customer that he is working on this PC and always is working on this PC, why would you ask him about a password? If you're 100% certain that it is that person, why bother him with a password? If you, you are in doubt, then you're gonna ask for a step up authentication, Hey, provide me a password or provide me with two-factor authentication. And again, this is again, a realtime flow where we do this, depending on if the customers know on this PC or not.
Next one is about distributed data customers. First of all, they have different web applications, different applications from companies working on different devices, mobile web. And if you look at the company, that could be a pain point because there are different silos working in those companies where all the data is, is shared. If you call for example, I had to experience a couple of times if I called my bank, which is also my insurer, it is always getting on the phone and oh, can you hold on, you get this waiting line before you get transferred to the correct people that has an impact on me as a customer. So I changed banks and insurance companies quite a lot. And that's all because yeah, you don't get what you need. As a, as a company is first. You need to think about the customer first and you need to get a link between all those different applications.
For example, again, if, if I want to log onto a company and, and maybe I have multiple emails, why only go to the first one? And this is a bit about the attribute sharing could be about email addresses, but can also be revenue. How much am I spending at a certain company? And if it's available in different data, we can have hear a workflow which will look at all the different data points available in the company, and then share that attribute back to the latest data base, where, where you need without that you need to synchronize or look into the different applications.
But one is about collaboration. So we're talking about PSD two eCommerce banks. These day with PSD two, they need to open up their systems, their customers, their applications towards eCommerce, websites, fintechs, also their competitors. So you can very easily as a consumer, you can very easily log into your data and look at it from one place. I don't know, here in the Netherlands, I don't have a Dutch account, but from Belgium, for example, with KBC or Belfius, you can already see that if I log into my Bellevue's account, I can get the data from KBC or all the other banks where I also have accounts. So they need to work together there, which is very painful for the company. Because first of all, you need to worry about the security eCommerce sites. That's fine. But if you want to have a Belgium eCommerce site, you also need to be able to have the Chinese websites, eCommerce sites.
So you need to talk about the security. And if, especially when we're talking about the FinTech, it's about time to market. How fast can you deploy your solution so that your customers are not going to those new fintechs, but are staying loyal to you so you can get your branch recognition available as well. So you need a flexible solution, which gives value for money. And here again, we have already done this with a couple of banks where we put the trust builder identity hub as an intermediate between the banks and then the fintechs or the PSP PSP providers. But also on the other hand, if you're a FinTech and you want to have access to all the different banks, we can create the connections to those different banks. And then the last one it's about the insurance or the healthcare companies, where you need to get all the data from IOT devices and everywhere you need to be the difficulty there is, okay, how are we, how can we be certain that it's the data from the correct person goes over a lot of industries.
And again, there there's a competition. If you look at insurance companies, there are new insurance companies popping up specifying in one specific area there. So you need again, a flexible solution, which is also very intelligent and can distribute data over the different systems. So there, again, with the attribute sharing, we can with trust builder, get data from IOT devices, from different applications, different identity source, and redistribute them into the specific applications that you have. So to round up attribute based access control through policies. First of all, it gives you a lot of flexibility. If you look at the new market, the new world, remember the industry, the latest industrial revolution, it's about the consumer. The consumer will work very disruptively and you need to take him into account. You cannot just say, look okay. You cannot just impose your own model to those consumers. And there are lots of examples already of companies who try to do this and who failed take the photo photography industry, the video industry.
There were lots of examples there of companies who do not try to adapt to their customers and they're failing, and they're really disappearing. So you need to listen to your customers and make sure that you can give them what they want. Make sure that you can give them at a, at a timely manner so that the competition doesn't overtake you and the advantages there is that having something like a trust builder in between is that you don't need to change your infrastructure. You always have this. You can keep your infrastructure as is, and we can divide the attributes or share the attributes between all the different systems. So that was my keynote. Thank you.
Video Links
Stay Connected
How can we help you