Event Recording

Panel | How to improve customer IAM and CIAM

Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
And before we start, I wanted to mention that we have another poll, another survey that you can take through the app. So if you open the app to this session, there's voting tab and I'm really interested in seeing what the results will be. The first question is how do you define C I M do you call it consumer B2B customer or both? And the second question is what's your preferred architecture, separate B to E and B to C IM solutions, or do you want to do it all in a single IM solution? So we'll take a look at those results near the end, but please, please vote. If you can,
Before we start, maybe our guest on stage welcome, and maybe you can give a brief introduction.
Sure. Yeah. My name is I'm the CTO of I working in the area of identity and access management now for 18 years. So quite a while, and there were always exciting developments, new trends happening in the market and yeah, happy to be here on stage together with you.
Okay. My name is Hank Williams. I'm from one, welcome in the Netherlands. I'm an advisor for science systems in, in the, in the, no, not in the Netherlands in Europe because I also do other countries. So my daily task is discussing with my customers, how they implemented the science system and what they do with, with it. And it's for both B2C and B.
Thanks a lot. We discussed already B2B B2C topics. We see we have consumers, we have customers, but we have, let's say a mix of all combinations and really curious to have a closer look at those topics together with you. Because first of all, this group, let's have a look how we distinguish between customer consumers. How do we distinguish in between yeah. Customer I am and the consumer, I am B2 C P B context.
Well, I know for the purposes of my research, I like to think of cm as consumer and that's, you know, really thinking of the, the end users out there who are consuming services through, you know, various companies, websites, digitally delivered services customer in, in this world. I think of as, you know, a company that buys a cm solution or licenses, a cm solution to serve their customers. So a consumer is a customer of a customer in, in the way I'm defining it.
Okay. My, how do I see it? How do I see that? So you also mentioned, for instance, what kind of science system you need for, is it, is it for B2, E or B2 B B2C? I always found that this was quite easy. It it's easy to distinguish it's employees in a B2 solution. You need an identity system with the, the, the HR system as a alternative source. And then you have the B2C, what you call the consumer. These are these individuals all over the world that are on, on, on websites that you want to attract. So you want to get them on your screen. You want to get them on your website. You want to discover who they are and, and that's the consumer part. And then the business part was also very clear that are these other companies that you're working with, where you have contact with that you, that used to be easy.
And that used to be very clear that my statement at this moment is it's blurring. It's not easy that you can say we have a consumer that consumes something and a customer is, is a business. What we see is that also these customers are also consuming something. They are perhaps consuming data or consuming other services as well. And we see as, as, as well, welcome at the moment that it's not that easy anymore to distinguish. So if you have a system, you need to have a system that's capable of both. So both B2C and B2B, because it all depends on the use case that you want to solve.
I could not agree more. Yeah. So my definition would be okay, the consumer, somehow the person who is deciding to use your products completely free of choice. So it's, he can switch very easily away with a customers. We have typically may have a stronger relationship, may not, right. Depends in the B2B scenarios. It's not the single person who makes the decisions, right. But the consumer is typically not always, but typically in charge of making the decisions anyhow, from a IM requirements perspective, I think the requirements are not completely different. They're very, very similar. What we, but what we see is that the importance of a single requirement may differ a little bit. Yeah. For the consumers, we are talking a lot about third party login scenarios with maybe the social, not networks, but especially with the providers of the mobile operating systems. Right. I think log with Google, with episodes, things, we are all used to typically consumer scenario, but customer scenarios might also focusing on third party lock in.
Yeah. Especially leveraging the Azure ID tenants that organization already has these kind of these kind of scenarios. Right. So it's, it's very similar and it's the same. And it's about organizations, right. A customer might be in charge of his employees using our products. Yeah. But on the other hand, in a consumer scenario, we might have a person in charge of a household, want, give access rights to the cleaning service, something like that. Again, similar use cases, but, and also you, you mentioned it's, it's, it's blurry. Yeah. That's, that's, that's really true. We have situations in which our clients are distinguishing between, okay, we have our end user, we have professional users and we have the INWES yeah. CME professionals, which are leveraging the same products as a consumers, maybe with some add-ons, but volunteer applications from our professional side, something like that. And I think it's a very, very important thing is that we make sure not to stick in one bucket because the apps will not be available for each community, each persona. So that's, that's, that's the most important point for my point of view,
To highlight two aspects in what you say, one is, let's say the household and the company, I guess this is somehow quite similar that you have an overarching structure that might be, let's say lead to special challenges when handling those topics. It's also relevant, by the way, in the CDP discussion we had earlier, also here is the question, how can I be sure that a particular person belongs to household? Is there a difference in between the person who is interested in a particular product or services or yeah. Is it the same person that buys it in the end? So in terms of the customer journeys, let's say from that, I guess there's also, let's say fussy ballers in between the B2C and B2B world, because there might be the cases that are just order something as a small company, you know, it's B2B, but it's the same customer journey as I would do in a, in a, let's say private scenario. On the other hand, there might be industrial providers that they live a large amount of goods to automotive suppliers. There might be totally different requirements set in terms of, let's say such a customer journey or the user experience. Cause it does not have to be fancy for them. It has to be effective and fit for them.
I, I like the, the also the, the competition between business and, and the households and, and you now see, and that happens much more often, is that where you use that also, the way you, you, you delegate, let's say the possibilities to another business in, in B2B where you use delegated admin to give the possibility that somebody else gives access in another company. You now see that in a household as well, because in a household also services are shared and information is shared. And you see now that typically what it used to be in the B2B situation, where let's say additional employees are invited by an email to also get access to data. Now you see that also in a household because the, the, the master of the, the, the manager of the household can invite his children also to use services, which is a daily activity at the moment, because you can see it in, in getting access to, to movies or with Netflix. But we see a lot of new use cases popping up at the moment at customers, for instance, how are you coping to, to, with, with subscriptions to electrical cars? Because then also I, if I, I have a car and I have a subscription, I perhaps will also add my family to that. So family accounts, relation based access, giving based on policies is very important in the moment as well.
And another, another aspect. And sometimes there are some other opinions that for the consumers, we have to make sure the user journey is absolutely perfect. Yeah. Fast, very good. And for our customers, which are more the, where business business customers are, maybe that's not so important, they're earning the money with the product. But, but anyhow, what we, what we see is in situation in, in which as a B2C, in which a business partners, not just selling our products, but products of competitors, right. It absolutely makes a, makes a difference how good the user experience is. Yeah. For the single agent who's selling the products. Right? So, so it's, it's, well, it's really how to balance in the risk requirements, but they are very, very similar between this communities. If you wanna call them that way, fully agree.
What does that do in terms of consent collection? Then let's say you've got a, you know, business to business kind of customer. They have to go in and buy things cuz that's their job. They're a buyer versus just a consumer who has the choice to come to a site, maybe buy from there, maybe give up some information in exchange for something. And maybe not. I mean, in, in the B2B to see kind of role, I think there's obligations on the part of the person, that's the customer there to conduct business, regardless of what the, the, the legal arrangements are. I mean, you may be forced to give up personal information as part of that, because that's your role as a buyer? How, how does that handle
Yeah. Consent. Yeah. You have to apply to, to, to the laws. So you have to apply to GDPR and the consumers in Europe, they are very strict regulated in, in, in according to GDPR, our solution completely includes consent management. So, and, and sometimes trying discuss it with, with other, let's say implementation partners. They, they are, they like that because then it's, it's one solution for the, for the consumer and the customer. And it's, it's more important indeed for consumers because they want to have their privacy, like it's that it's guaranteed. But I think it's, it's it also accounts for the customers. The only thing is that they, there are several other reasons why they have more information and, and data. Privacy is not that of a big point where it is for the consumer. But again, also here, things are blurring because where the consumer consumer used to be extended consumer, it can also turn into a customer. If, for instance, you're thinking about gig workers, people that, because a lot of the, the, the, the industry at the moment is done by temporary staff. And a lot of this temporary staff can be a consumer at a certain moment as well, because at a certain moment they're a consumer, but then they temporarily turn into a customer as well. And then GDPR has to apply. Content has management also has to apply. So, so the blurring of all these things makes it a little bit more difficult.
It makes it difficult, but makes it easy from that perspective, what capabilities do we have in have in place within our science system, in order to support the different use cases? Okay. For the customer, we might have more paper in place with them where we already collected, make clear that we have to have to store and, and processes data, right. As with a consumer that might, might be just an online relationship. So there will be differences, but anyhow, depending, depending on the use case, we have to have the capabilities that we understand for which data do we have, for which purpose maybe for which legal entities, if you are covering more legal entities with our solutions. So these kind of things, we have to have the capabilities for all kinds of, of, of users. And then just the question, how many of these capabilities do we leverage for the customers and for the consumers? Yeah. So again, same requirement, but little bit more sophisticated for the one part of the user user group. Yeah. Yeah.
Looking at the future, probably non-human customers are more and more relevant. And we see that in, let's say our private area and we have a desktop printer that just reorders thing. Maybe that's a quite simple example, but you repeat that. What was that example non-human customers for, to desktop printer printer that reorders ink automatically could be a quite simple example. On the other hand, when it comes to B2B, we will have machines. We will have industrial, let's say applies that are ordering that care about yourselves that are more and more autonomous and yeah. Our customers in a way. So probably there is also scenario that we must somehow consider in the future. Do you have any opinion, thoughts on that topic?
I, I, I think it's, it's, it's a big opportunity for us. We see that at the moment customers, so customers, our customers, they do look at IOT stuff. They do, they do because what they see is that they used to be a supplier of a specific good. So just for instance, a ship, one of our one welcome customers is a shipyard and they used to just sell a ship, but that is changing. Also, they have a digital transformation and they will not be selling a ship ship anymore, but they will be selling a service. And that's where you need to think about also in all the other aspects of, in the internet of things, because everything will be connected. And a lot of people, for instance, if you're now selling kitchen equipment, then it used to be an isolated thing, not connected to, to, to the network.
My personal experience is that I just build a new house and where my former house was not was there was a network in it, but the devices were not connected. But now I found in, in my new house, I have a heating pump. I have a solar panels. I have a kitchen where all, everything is connected by internet. And then you see a lot of identity management stuff is happening over there. And that all these machines are communicating with the network, but also with you, but that are also added than the management solutions that have to be made over there. Especially if you think of IOT heat pump is a very sophisticated system. It has to be installed by the installer. The installer will be the, the, the, the author source, the person that can, will identify and give access to other, let's say the members of the family. But at that certain moment of time, it will change because then the, the, the management they'll be giving to the household, these are all extremely nice use cases that we want to solve as, as a company as well. We have some examples, we already do it for a inte thermostat, which is also a machine. And yes, lots of use case. Lots of opportunities for us.
Yeah. I would say what we have right now is often the situations that's the device is acting on behalf of the user. That's, that's really popular, I would say. Right. So for example, yeah. For example, let Alexa order something for me. Right, right. Or as you said, the dishwasher yeah. Ordering the supplements. Yeah. On behalf of me and, and the good things is I, I would say that in a lot of, of products in the identity access management market, we have these capabilities already available. Right. But what we all also see is that as we are talking about GDPR, before we have a different kind of, of consent, we are now dealing with, right.
What is a dishwasher allowed to do on my behalf? Everything likely not yeah. Ordering the supplements. Yes. Which one? Yeah. Which amount, yeah. These are questions which then, then raise up and, and, and there, we see that's a capabilities to deal with this more complex content are often not there available out of the box or not, not fitting perfectly for, for the use cases we, we have. Right. And that's, I thinks an area where we are, where I think a lot of, of improvements have to happen to make it connected world reality in a, in a, in a, a nice and convenient way. Yeah.
Great. I also guess there are some room for regulation, maybe if it comes to those scenarios. Let's see. But I guess key message. There's no, no. Let's say there's a fussy board in between B2B and B2C in those use cases. And I also had a look at our poll with it. So the question was, how do you define C I am those four letters that consumer focused it's 26% B2B customer focused. It's 10% and both it's 63%, I guess also clear opinion that underlines what also figured out that cannot distinguish clearly. And the question, what is your preferred architecture, separate B2B and B2 C IM it's 73% and a single IM it's 26% guess. It's also quite, quite interesting outcome. Cause still here we see some, some difference in, in the answers. Maybe also answer related to the status quo. Thank you very much. I just have a look, whether we have some questions here in our question, our app, no further question here. Any question from the audience, otherwise don't matter whether B to B or B2C, I would say it's lunchtime. And please decide yourself if you do that in a B to B or B2C way, but thanks for joining that session. Thank you. And thank you.
Thanks. Thank you very
Much. You guys.

Stay Connected

KuppingerCole on social media

Related Videos

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00