Good morning. Good afternoon. Hi, I'm John Tolbert lead Analyst here at KuppingerCole and the topic of today's webinar is maximizing the benefits of cm. And today I'm joined by Bob Bentley, director of product marketing at WSO two. Hi Bob.
Hello. Thank you.
So some logistics information as we get started here, we're in control of the audio. There's no need to mute or unmute yourself. We will have a question and answer session at the end, and you'll notice there's a little questions blank in the go to webinar control panel. You can enter your questions at any time while we're speaking, and we'll take those at the end. We're also gonna do a couple of polls during my part of the, the broadcast today. So hope you can participate in those. And then we will look at the results of that as we start the Q and a session. And then lastly, we are recording this. So both the recording and the slides will be available in a day or two.
So again, I'm John Tolbert, lead and Analyst Analyst here at COO Cole. I'm gonna talk about some background on cm, where it's going, where it's come from, and then I'll turn it over to Bob from Ws O two, and he can talk about the pitfalls and risks of cm, how to avoid them. So consumer identity and access management, a business enabler, I often call it consumer identity and access management, but what, what do you think the C stands for this? Isn't part of the poll questions, but like I said, I, I think of it often as consumer, but it certainly also can mean customer and even citizen, many government agencies and state local level, federal level, even, you know, use cm to interact with citizens. So the C can have multiple meanings, you know, CMS been around for, you know, depending on how you wanna look at it, probably 10, 15 plus years.
And the original goals of CIM implementations were maybe to report, you know, replace some ad hoc or inefficient cm system. Maybe, maybe companies were using their enterprise or their workforce IM and trying to extend for consumers and customers and found that maybe that just didn't work for a number of reasons. You know, you need to be able to offer self-registration for consumers or even customers, you know, enterprise IM you know, HR can populate user database information, but, you know, self-registration is important for cm solutions. And beyond that, you know, you may want to create capture more information about the user. Then simply the, the information, you know, the, the rare, raw attributes you might wanna be able to host extended information in their consumer profiles. Often a goal has been said to be, you know, converting unknown users into known customers. And you do that through things like progressive profiling, you know, capturing information about the users, you know, across an extended period of time. There's also need to, you know, gather more information for a better marketing and due to different kinds of privacy regulations around the world. You know, capture consent information, maybe in initial implementations that wasn't, you know, nearly as good enough to be able to meet those regulatory requirements. There's also a need for, you know, terms and conditions acceptance when they change. How do you get users to acknowledge that early cm implementations? Weren't so good with that. And then always is the case. CIM is about helping to increase revenue.
So what are some of the obstacles that were encountered in CIM? 1.0 deployments? You know, I think not opening it up to APIs. You know, the earlier ones were, were silos. You know, everything that you need theoretically would be in the CIM solution. It was often, you know, an on premise solution and, and not open to API. So it was hard to integrate line of business applications or, you know, legacy applications. Other key feature of early cm solutions was that they would try to provide all the identity and marketing analytics that you might want within the platform. And you know, that there could be advantages to that, but there are also reasons why that might not work out to be so advantageous. And we'll see about that in a minute.
Again, you know, many early cm implementations were on premise. They might live in, you know, an organization's perimeter. Maybe, maybe if you're in retail or some business that has, you know, a few days with really, really peak transactions, it might be hard to scale. It you'd have to maximize the infrastructure for just a few days of, you know, maximum transaction volume. So scalability could be costly and problematic. And as we all know, weak authentication methods sort of characterize early cm implementations, you know, username, password, maybe OTP almost always backed up by security questions for account recovery. We can insecure authentication consent collection and management has not always been easy to do in cm. There are differing approaches to that, and then it just can be difficult to comply with all the different privacy regulations. You know, there, there have been privacy regulations for quite a while in different jurisdictions. GDPR captured everyone's attention a few years ago, but now there's CCPA L G P D Australia, Singapore, lots of different countries have privacy regulations and they don't all necessarily match. So, you know, being able to have a cm solution for a global enterprise that can help facilitate compliance is something that many organizations are looking for. And then lastly, licensing and subscription costs. There have been cases where customer organizations have found that, you know, increasing costs on CIM have led them to look to switch platforms.
So, you know, when you consider what, what the different competing needs are for cm, I think, you know, on the I identity professional side, you know, we have lots of interesting, good technical solutions, security, you know, wants to maximize security as much as possible business leaders of course want to use it to increase revenue, but what do consumers want? What do I want, I want a good experience that, you know, matches the level of risk to the kinds of things that you have to do with authentication and, and security. So you need to balance security and identity and business risk with what's going on. You know, what's presented to the consumer.
So the goals for CIM 2.0 as we're calling it, it really has to be extensible. We need secure APIs for getting information in and out of the CIM system. SDKs, you know, for authentication are often a good idea. It needs to have a modular or what we call the identity fabric approach. This is, you know, where you use microservices, you, you separate functions out into discrete services like authentication service, authorization, service, various registration processes for onboarding each one can then be, you know, individually updated as needed. And ideally, probably hosted in the cloud need to be able to leverage third party analytics again, you know, early cm, try to do all of that within the platform, but it's better to use specialty programs, especially if your organization already has licenses for, you know, data analytics, marketing automation, you want to be able to use what you have MFA and risk based authentication. I'll talk a little bit more about those in a minute, but definitely need to have stronger forms of authentication. They're also, you know, more usable and integrated fraud reduction intelligence. This, this is increasing in importance, not only for banking and retail, but every industry has experienced an increase in different kinds of identity related attacks, B2B and B2B to C use case support. Again, looking at the customer rather than consumer side, there's been an increase in utilization of CIM for those kinds of use cases. So you wanna make sure that you plan for that.
And, you know, that leads to more complex business relationships such as being able to integrate different members of the supply chain, using delegated administration models for, you know, multinational conglomerates. They have lots of different brands under one umbrella, and most companies don't really want to act as an IDP. They realize there are plenty of other IDPs, and especially as we move towards decentralized identity, being able to simply accept proofed identities, verified identities is, is the way to go. It's always good to keep the customer and consumer experience in mind as you do the design for 2.0 cm. And again, keep thinking about compliance. What regulations do you need to comply with? Where does your business or organization operate? And then lastly, predict and contain costs. I think these are some of the top things to consider when designing a new cm platform. So with a little bit of background there, let's go ahead and take our first poll. So which version would you consider your organization to be on? Do you consider yourself still on cm? 1.0, or have you moved into 2.0, are you doing something really exciting out there? That's beyond what we've been talking about already. You could say that's 3.0, or maybe you haven't implemented cm yet and we'll, we'll wait a few seconds so everybody can participate.
So let's take a look at the latest developments. I've been working on an update to our leadership compass on cm. It's not ready to publish, but I thought I could tell you a little bit about what we've discovered so far. Some of the trends that we see, you know, many of the cm platforms out there today do multifactor authentication, various strong authentication options, but they're not very widely used by cm customers at all, which in turn means passwords are still very widely used and that, you know, leads to greater insecurity for the companies that are running it. And of course, bad consumer experience for those of us who have to deal with passwords, finance and banking still usually have the most complex and most secure CIM implementations from an industrial perspective, as I was kind of mentioning, or, you know, the breadth of CIM use cases is really now moving to include B2B and B2B to C use cases. This is increasing in prominence almost as much as you know, variations on strictly consumer use cases. We see increasing uptake of cm by government agencies. Again, you know, state local, even federal level agencies are using cm solutions to interact with their citizens, like, you know, collecting taxes or applying for licenses or things like that. And you know, all the discussion about APIs and SDKs has been motivated because many organizations are asking to be able to use their third party, data analytics, marketing analytics, marketing automation tools, rather than the ones that are built into a cm.
Secondly, you know, we're seeing, you know, expansion of the use of identity proofing that has been common for, for years, you know, in banking and finance, because they have to comply with anti-money laundering and know your customer laws, but you know, some other industries like the hospitality sector, for example, short term rentals, they wanna be able to get a little information about the, the people that will be, you know, renting a facility, same thing with car rentals. So, you know, getting a certain amount of identity proofing information can be very useful for, you know, other sectors beyond finance and kind of going along with that, we see increased offering and use of remote onboarding apps. These are apps that, you know, they're mobile apps that, you know, take a selfie, compare that to like the photo on a, an official document, like a passport, maybe use NFC to read the chip. This is a way to, you know, improve identity verification in the field.
We also are observing more use of consumer IOT devices. These are things like smart home wearables, fitness, digital media devices. Consumers want to be able to associate their accounts and control those accounts. You know, specifically doing things like family management, being able to apply parental controls to digital media usage. So this is a fast growing area with a lot of specializations we're seeing consent management really seems to very, the implementation of it seems to vary by the vendor. Some try to make it as easy as possible to comply with a range of different regulations. Others provide the tools or the ability for the customer organization to figure out how to do that. And others, you know, open up APIs to allow third party consent and privacy management platforms to do that. And again, that's why API availability, security, those are very important things. We still see more and more CIM vendors sort of taking the approach of marketing directly to developers. And again, I think that's closely tied with those API capabilities.
And then we see, you know, customer organizations in general are just not making the most of what CI and platforms offer today. Same thing with fraud reduction intelligence platforms. There's a lot of capability in there to make a safer, more secure user experience, including those things like multifactor authentication and risk, risk based authentication, but they're just not getting implemented at the rate. You know, we would like to see ultimately that means, you know, for the organizations that are deploying it, lost revenue and lost consumers, you know, in, in this identity space, we often talk about reducing friction and, you know, probably one of the most common things we think about with friction is authentication, you know, popping up a please enter your password. So authentication obviously is, you know, a point where friction can and sometimes should be introduced, but there are other times, you know, registration, these identity proofing processes have talked about, you know, getting that right in doing step up authentication or some sort of additional authorization step for certain kinds of transactions.
We, we often say that we do want to reduce friction, but I think what we mean is it has to be appropriately sized, you know, because there are times when consumers expect friction. Like if you gotta make a 10,000 Euro bank transfer, you kind of hope that the bank does stop and say, do you really wanna do this? Can you, can you make sure that this is what you want to do? So removing friction where it's not needed, making sure that there's, you know, an appropriate amount of friction when it is needed, because if there's too much, you can, you know, lose consumers, you know, they'll just abandon the registration process or eventually look for another solution provider.
So, you know, thinking about the identity fabric model, some of the things that we services that can be added onto modular CIM solutions are new authenticators, you know, mobile and passwordless passwordless is popular for lots of good reasons, right now, moving from risk adaptive to continuous authentication, integrating these identity proofing and fraud reduction services, being able to integrate those consumer IOT devices, being able to con provide consent and privacy management in the platform, or again, working with some sort of third party consent and privacy management platform. Instead just wanting to talk a little bit about risk based consumer authentication and, and what we mean by that, you know, it's evaluating attributes about the subject, maybe attributes about the devices that they commonly use, including how they commonly use them with behavioral biometrics. That can be, you know, very beneficial in establishing a baseline profile for given users.
Especially if it's a device that might be shared by multiple users, then there's network information, you know, where are they coming from? IP address, maybe mobile network history, and then user behavioral analysis. This is location, have they done impossible travel? Have they traveled to some place that's kind of expected because you can get information about, you know, flight or train arrangements to get to a place. And then transaction, you know, is this a typical transaction for this given user? So these can, these factors can be evaluated so that you don't necessarily have to force an explicit authentication event every time, two, the things that are increasing in frequency, as far as cyber crime, that all kinds of organizations have to worry about our ATO account takeover and account opening fraud account takeover is, you know, using breach passwords, using them in credential stuffing attacks. There's still brute force password guessing. And you know, if you take over an, if a bad guy takes over an individual account, that's used to transfer money out of that account account opening fraud. These are fraudsters that use PII that may come from school or work or health records even. And it's often used for major financial fraud, you know, create mule accounts. The two best mitigations we see here are multifactor authentication and risk based authentication for ATO and identity proofing for the account opening fraud.
So wrap it up here, just wanted to say, you know, let's, let's choose wisely when we're looking for a new cm solution. You need to plan for growth, consider scalability a good reason to consider cloud delivered options. I think anticipate what your application needs are, whether that be development environment, languages platforms that's gonna run on and, and you know, whether or not certain applications can be upgraded or not allow for customization, turnkey solutions are great. And if they work most of the time, that's fantastic, but there's also probably gonna be a need for customization. At some point, you'll have to integrate some other application that maybe you weren't able to foresee a year or two prior. And again, this is another reason to think about the identity fabric model take that modular approach have individual services and microservices that could be upgraded so that it doesn't depend on the entirety of the CIM solution. We know that software RFPs can be very lengthy and costly projects, and most organizations don't want to go through that more than, you know, every few years, certainly not something you're gonna do every every year, because it is, you know, quite labor intensive. And lastly, always focus on the consumer experience, security identity, getting what the business wants is great. But if, if it doesn't lead to a good consumer or customer experience, I think ultimately you will have, you know, more problems than you you would need.
So let's do our final poll question here. What obstacles have you encountered, trying to create the best consumer or customer experience? Is it let's see it's come up. Yeah. Is it budget, budget that gets in the way, is it business versus it? You can't necessarily agree on the goals? Is it difficult to integrate those legacy applications? Do you have problems with scalability or just lack of customized ability or a need for additional API exposure or SDKs to build app applications with? Okay, thanks. And we'll take a look at the results at the Q and a session. So don't forget there is a questions blank in the go to webinar control panel, feel free to type in your questions and we'll take them at the end in with that. I'd like to turn it over to Bob.
So I echo everything that John just said. I think that he's made some amazingly pertinent points to the things we're gonna talk about today. I'm gonna switch gears a little bit and talk about maximizing the benefits of your IM from the perspective of what to avoid or what, what kind of things have we encountered during the course of our experience as a vendor, working with thousands of customers that have been trying to stand up these IM solutions to help, to help provide the security foundation for their customer experience. If you're not familiar with Ws oh two, let's see. Let me give a little bit of background about who we are just briefly. We're a company that's about 17 years old. We have over a thousand employees, but around the world we have two dual focus areas. One of them is API management integration, and the other one is Siam, which of course are gonna be talked about today.
We have over 1500 commercial deployments. We are, we, we began our life as an open source company. So we have many, many more customers than this who aren't actually commercial customers, but we've got over 1500 around the world that focus on customer identity, access management. We also work through many partners. We have some impressive investors, including Goldman Sachs. We just received a 90 million increase of investment from them to help fuel our growth going forward. So getting right into the, the topic here, I think John already covered this sort of at a high level, but I think everyone knows that organizations need to have an online presence. And, you know, this has even become more important after the, with the advent of the pandemic that's effect, that's affected so many people's ability to touch customers directly, but these are some of the goals that they have.
And these will probably resonate with you because you're here on this call, you know, thinking about how to improve your customer facing experience, but, you know, communicating and engaging with customers, defining your brand, instead of letting your competitors do that for you, differentiating, expanding the number of touch points with your customers, being able to reach new markets and new audiences that you couldn't before. And of course, just being able to facilitate the transactions that make that possible. And so these wonderful apps that people are building these customer experience apps are the underpinning from an identity and security standpoint is this customer identity, identity access management solution. So when organizations are, are embarking on this experience of creating this or this program of creating this digital customer experience, they have these lofty aspirations that I was just describing about modernizing the digital journey, but I wanna focus on the challenges part on the bottom of the screen.
And this is where we begin to see some of the, the, the pressures and the, and the, the moments when, when customers begin to think about taking shortcuts or, you know, trying to do things that might be a little bit simpler in order to make this happen. One of the biggest things that we've seen with our customers is that these are application developers that are building these solutions, and they're not necessarily science experts. They don't understand identity or access principles. They don't understand the best practice. They don't really have a lot of awareness of all the available options out there. And, and further, they don't know really what their strengths and limitations are, cause there's many different approaches to solving this problem, but they all have implications which are technical or practical or commercial. I think John mentioned a lot of the things that were, you know, that in, in his advice about where, where to look and how to go forward.
He mentioned a lot of the touch points that I think speak to these different limitations and strengths, but this, this lack of awareness and lack of expertise, I think that plays out in the fact that it becomes much more risky for these organizations to, to embark on these projects because there's things they don't know, you know, they, they simply don't know what they don't know, and this really affects the, the viability and the success metrics of what they're trying to do. And so I wanna talk about some of the things that, that we feel like customers can consider and think about that will help them improve their likelihood of having a successful outcome of what they're trying to do.
So some of the most common pitfalls that we see as we've talked with customers work with many customers are these five right here, and I'm gonna talk about each one in its own separate slide in a bit, the first one is building it yourself. You know, the, these are application developers who are very talented. They know how to work with databases and, you know, user interfaces and things like that. And it's a really common temptation for people to just want to, to, you know, figure it out on their own, you know, with how hard gonna be to implement basic security, that sort of thing. And of course, there's lots of ways that can go, that can go wrong. And we'll, I'll talk about some of those in a moment. Another very common one is attempting to adapt an employee IM solution for IAM uses. And that's, you know, John touched on that point already.
That was sort of a 1.0 level of Siam limitation that he described. And I'll, I'll talk about our perspective on that particular point as well. Also focusing only on today's obvious requirements. That's another point I think John mentioned was, you know, think about the future and where is, where do you want to go with this versus what is the immediate thing that's gonna, you know, that's going to, you know, scratch your itch, but think further down the road about what you actually want to accomplish. We've also seen organizations that, that approach their digital customer experience as a one time project. In other words, they, they ramp it up, they work on it, they put it on the shelf, they forget about it. This is obviously a, an opportunity for things to get stale very quickly. So they look, you need to look at this as an ongoing program rather than a one time project.
And lastly, here, there are a lot of pragmatic realities that are happening in the organization that interplay with each other and have a big effect on whether organizations can succeed with their program. And so let's talk about those. So the first one, and this is by the way, the most common scenario that we encounter in the market is organizations who know that they need to have an online experience, but they decide to build the security layer themselves. And, you know, often the thinking is how hard can it be? We're talented group of engineers and application developers. So let's just do it ourselves. And you know, what we've seen is the risk here are that in the name of convenience or low friction, sometimes it's weak security that gets implemented. It might be, you know, not enough of the, you know, risk based approach that John mentioned to, to make sure that it's appropriate.
You know, if they're many times when these, when these programs are initiated by a business unit or by the marketing team or something like that, you know, their first concern is to get a product in front of their customers. And they're later down the road concern is, can we make sure it's secure? But if you have wig security, of course, that introduces risk both, both to the organization because you know, you can break into systems, steal information, do all kinds of terrible things in a breach, but it also risks the relationship with customers themselves because they wanna do business with people that they have confidence in, you know, that are, that have a good reputation for security and things like that. It's also sometimes the case that people go the other direction too far. And they, in their lack of ability to have a good balance between security and convenience, they air too far on the side of high, high security, meaning unnecessary friction.
I think John discussed this pretty well already covered this topic pretty well, that when you, whenever you have a necessary friction, it means customers abandon the process. They leave and they go somewhere else. Everybody knows how frustrating it is when you're trying to get something simple. You, you consider it to be a simple task on some website. And it turns out to take way too long, too much effort. You have to collect all kinds of information. You know, whatever the aspect of friction is, it can really interrupt the process and make you essentially go choose another provider. Whatever you're trying to do, it's really easy to lag behind standards regulations and best practices that are continually evolving if you are doing it on your own. So of course, this essentially means you need to become a SIM expert with a clear understanding of all these different topics to be able to stay relevant, you know, and to stay on top of everything you're doing in the market.
Sometimes there's challenges with high scale. We have some customers at, at WSO two that are very big, like for example, the entire country of United Arab Emirates or the target organization for their government implementation uses our solutions. And so think about the peak load that happens for authentication. And, you know, when people try to like log to do things like file their taxes, or, you know, know, engage with the government in some other way, if you're, if you're not thinking about that from the beginning, of course, that could be very difficult. And maybe most of all, the, the issue is that you now have an ongoing maintenance effort. That's totally apart from, from maintaining the cons the customer experience itself. So, you know, and organizations, they want to have the best customer experience possible. So to delete your efforts and to take away energy from that, it really detracts from the benefit of what you're trying to accomplish.
So that's the first one building it yourself. The next one also very common we've seen is when organizations attempt to adapt an employee, I am solution for cm purposes. And they're very similar, you know, it's, we can definitely see the, the logic that people have. I say, well, you know, we do things like single sign-on account fulfillment. You know, we do password management, stuff like that. Why that's exactly what we need for a IAM solution. Why can't we just reuse what we have? Well, I hope this picture shows what, what I mean by how they, they overlap. There's, there's some, there's some similarities, but there's a whole lot of difference. And so the light blue circle here represents what you typically have in an employee IM solution. And the darker blue circle is what you need with customer identity, access management. And so you can see there's a lot of, lot of features over here that are missing from the employee side, you know, things like privacy and preference collection, progressive profiling, social identity, integration, identity, proofing, all those kinds of things that John talked about are not usually within the scope of a, of identity access management solution.
That's targeted internally at your workforce. So there's critical features missing. There's also the question of extensibility and whether it's gonna be able to have those API endpoints and other ways that you wanna adapt it, that John mentioned traditional IM solutions don't typically have that they're also licensed more, the intention of their licensing is really meant for an internal use, which means that the, the cost to the, to the customer, to the organization that's hosting the Siam can become really unbalanced. When you talk about scale and many of the vendors, well, you know, the, the different licensing models, you know, are, are really based on, do I have hundreds, thousands, maybe tens of thousands of users, or do I have tens of thousands, hundreds of thousands, or maybe millions of users, and, you know, that can quickly get imbalanced and out of control compared to what you're expecting. So there's a lot of reasons why the employee IM solution trying to, trying to fit that that's kind of like a square peg in the round hole that doesn't quite fit. And we've, we've seen a lot of customers struggle with that.
Another place that we've seen risk here is when organizations focus only on the most obvious requirements of today's solution. And what we really encourage customers to do is to look, look down the road and to say, ask themselves, what is your real vision? You know, if, if you, you know, going back to my very first couple of slides, we talked about the goals for a customer experience that is to differentiate from competitors to really create an exceptional experience for your customers who want to engage with you and stay there, because it's such a great experience for them. So many times, you know, people have a quick knee-jerk reaction. We have to get out there quickly. We need, you know, our time to market is critical. Let's put a online presence out there. And maybe the extent of what they're thinking in down the future is we'll will be able to introduce new products with some new offerings, and maybe we'll create some functional improvement of the, of the customer experience.
And by functional, what I mean is things like, look and feel design, maybe navigation. Now you move around different parts of the website, the structure of how information is organized to make it a little bit simpler, things like that. Those are all great. Those are very commonly understood things that people wanna do in successive iterations of their project. But there's a lot of things that go past that, you know, these, these align, I think, or resonate with some of the things John was just talking about of where people want to go, you know, what are the future trends here? We're talking about? One of them is the addition of new omnichannel elements. So for example, everybody thinks about a website and, and a mobile app as part of their customer experience. But what about a kiosk or what about a, a telephone system for customer support or, you know, I was just talking to a gentleman yesterday who is building a train system.
Who's responsible for public transportation, and they're trying to make this to become part of a customer experience, you know, the whole experience of writing on a train. So it really depends on your business model, what you're trying to do, who you're trying to connect with and what experience you're trying to give to them, which really dictates which omnichannel elements you you want to include. So of course not considering those factors to start with may, might put you in a bind when you actually wanna expand that way. Another way here is to is with regard to expanding your business model. And, you know, a lot of organizations, they develop some excellent digital services as part of their business. And at some point they choose to extend, they wanna offer these services, not just directly to consumers, but maybe to other organizations that can then sell to their consumers.
And, you know, there can actually be multiple layers of this concept and sort of a Russian nesting doll kind of model that can become very complicated and very hard to deal with, especially if you don't think about that from the beginning, you know, a lot of the off the shelf kind of science solutions that are available are really easy to get started with, but they, they don't offer the flexibility that you might need. If you're thinking about this kind of a model in the future. And finally, and probably the most interesting of all this list is the bottom here. Bottom one, where we're actually talking about enriching the experience of the CX. So this is different from the functional improvement that I mentioned before, but this is where you actually create a much more interesting experience for your users because you integrate data from other parts of your business.
That's relevant to the experience for that user, also different services that might not be typically available. And you can use this information to do really interesting things like prediction and automation of what the customer might be wanting to accomplish. And if you put all these things together, it makes, it means that the, the customer, the ultimate customer who's coming to the website where the application, whatever it is, might have a much more interesting experience. That's much more intuitive and natural than what they could otherwise get. I think when sometimes when you think about organizations like, like Disney or Amazon, apple, Netflix, you know, those are organizations of course, with huge budgets to be able to create this kind of a bespoke experience for each individual coming to their, to their digital property. And this is what we're talking about happening, happening here. And so we, what we're seeing is that the evolution of, of those needs where those, those kinds of capabilities becoming possible, even for those, not those mega cap companies that can, you know, hire thousands of engineers just to do this, you know, but for more typical organizations that just simply want to improve the experience with their customers.
So this is, this is something that's possible today. And it's something that should be in your vision. I think if you're, if you're thinking about how you're gonna move forward with this, another pitfall that we've seen is when organizations treat digital customer experience is a one time process rather than a pro one time project rather than an ongoing program. And I think also, I think John touched on this point before, which is that, you know, this is really an opportunity to do something different approach your business differently. And, you know, once, once people sort of grasp that idea that this is a different way to go to market, as soon as they roll the product out, they see that, wow, this, we really could have done something better. We could have done it different. Maybe even before you roll it out, you'll notice this. And so to be effective, the, the whole experience of building these digital customer experiences needs to be an ongoing, continuously improving program where you continually take feedback, figure out how you can change it and update your system.
And so we, we definitely tell or tell our clients, our customers to plan on revisiting requirements often and expect that changes will happen, which, you know, this of course implies that you need to have a system that's flexible to make those changes and, you know, easily adapt as your, as your situation adapts. So you're not locked in with a certain way of accomplishing things or lack of flexibility to make those sort of things happen. Last one I'll mention here is the failure to address pragmatic realities in the organization. And, you know, when we look at organizations that are embarking on a program for digital customer experience, there's usually an architect or some other lead who sets basically, you know, it's, it's like trying to get a business plan accepted by investors. You know, they, they come up with a plan, they set expectations for cost, for time, for resources, things like that.
And, and that's all done. You know, hopefully that's all done upfront as a alignment between all the different stakeholders, but what we've seen often in the case is that, excuse me, not all the stakeholders considerations are necessarily obvious from the start. I'm gonna take a little drink and, and those can really come back to effect to, to effect the overall pro success and progress of the whole program. So for example, the marketing and line of business folks, they have certain expectations about time to time to market flexibility of what they wanna do in the future. Things like that. They're often the driving force for getting these, these programs started, but there are other organizations like for other parts of the organization, like application owners, for example, especially if these are legacy applications that need to be integrated. This become a real problem. When the application owner, the application holds critical data that you need to create your customer experience and make it something that's really interesting and compelling for your users.
But the application owner says, no, you can't integrate with my application right now because we're in the process of an upgrade. We're moving to a new version of it, and that's not be fully completed until next year. You know, as an example of, of some of the kind of pitfalls or, or obstacles that happen there, or the it team, the, it, it team says, well, you know, right now we're, you know, we are an organization that has a complicated it environment. Some of it's on premise, some of it's in our private cloud, some of it's SAS and we're in the process of migrating or changing, but we're not there yet. And so the things that we're, you know, what we're doing right now needs to adapt to what we have right now. And, you know, we, we can't proceed faster than what we have already, you know, planned for.
So, you know, how are we gonna make that work security, of course, as well, the InfoSec folks are gonna be all over this. If especially, if you have proceeded with your own development effort to create your own Siam solution, this is something that becomes very much of, of an ongoing discussion point where the security team sometimes at the last minute says, we're not ready to roll this out because it's, you know, we're not secure. We, we can't sign off on this. And of course the compliance and legal teams have similar concerns. You know, if they're not addressed right up the front and, and it's, their concerns are not made obvious and incorporated from the beginning, then of course, they also have the ability to say, no, we're not gonna do that. And it's very embarrassing or hard or difficult when organizations architects have to go back to the, to the, the board and say, well, we thought this is what, how much it was gonna cost.
This is how long it was gonna take. This is how many resources we need. We were wrong. We need a lot more, we need, we're gonna be much later. We have to find new resources with new skill sets that we don't have right now. That's a very uncomfortable situation. And all those things affect time to market. They affect credibility. They affect momentum of the whole program. Those are things that really can derail the success of a project. If those things are not all considered. So just in closing, I'll just mention, of course, we're here as a, a partner that provides a cm platform. And a lot of the things we've talked about today, we have a lot of experience working with customers. We've actually created we've, we've improved and innovated and iterated our product for a long time, so that we can be sure that we don't introduce a lot of those risks and pains and, and we help customers avoid them.
So our science platform is a developer focused solution. As John mentioned, those that's, you know, kind of a, a class, certain class of those solutions that are out there that really focuses on making it possible to create those unique, compelling experiences and minimize those risks. And we welcome you to, to look at the, the website that we have a link there to go check out what we have and, and learn what we can do for you. And we're also very proud to say that copping your Cole named us an overall leader in their Siam compass Siam platforms, compass for the latest one, which is in 2020, the most recent one. So with that, I will stop here. I think we're at the end of our, my, my session here and we'll switch over to Q and
A thanks, Bob, good content. Before we launch into Q and a, let's take a look at the results of our two poll questions. So first question was, which version of cm is your organization on, let's see what we've got here. Oh, it's pretty evenly split amongst early, early adopters next gen and, and, and futuristic cm and still about 40% are, don't have cm yet. That's very interesting. Okay. Let's take a look at the next one. What obstacles have you encountered in trying to create the best customer consumer experience budget about a third business, versus it alignment on goals? That's a little bit bigger than I thought it would be legacy app integration. That's almost 25% there that that's interesting and scalability, not that big of a concern or, and no concern on customizability and API integration. Bob, before we get started on Q and a, any thoughts on what we see here on the survey results?
Well, I'm, I'm also, as, as I mentioned, we, you know, talked to a lot of customers and seen some of their pitfalls and, and struggles. And so those things are clearly things we've seen before. The, the alignment of course, is a very important thing, as I mentioning. That was the last point, I think in my, in my section about making sure you have alignment across all the stakeholders. So that's really not a surprise that that's a thing, you know, and I think part of, I, I think part of the alignment issue is that I think a big part, many parts of the organization don't necessarily understand what, what a Siam is, what it's supposed to do, what are the goals? And so if they don't really align on the intention, then you know, that becomes difficult to carry that conversation forward and really, you know, can create the alignment that's needed to make that happen.
So let's look at some questions here. How is the concept of lifecycle management used in CIM? I guess that's thinking about, you know, comparing with enterprise IM you know, that's a good point. There may be, well, you know, with enterprise, I am like HR can define a brand new user and can assign entitlements and, and things like that. But how does that relate to cm when a user might self-register, but you, how, when does the account get removed? That's a good question. What, what do you think about that, Bob?
Well, yeah, it's a very different process than it is for internal. I am for sure. And of course, a lot of the requirements like GDPR, that, that are out there make it a mandatory ability to be able to remove information about a user from, you know, from the organization who may have signed up for services or something like that, they wanna be forgotten. Right. And so, yeah, it's very different, you know, if you're an employee of a company, I think it's, it's expected that you're gonna be part of the systems for as long as you're there and probably a lot longer, you know, you're, you're still in involved somehow with the company and some inactive state, but yeah. With, with users, you know, they control, they should ideally, you know, and according to regulations, if it's done right, they should control the amount of information that the company has on, on them, what they can do with it. And they can decide when it's time to be, you know, to be done with that or to, to get rid of it.
Let's see. Does omnichannel mean unifying phone and web? Well, I'd, I'd certainly like to see more of that. I think, you know, that would be, there are times when we have those good experiences, you know, if you have to dial in for support or something and you've got a web session open, well, that's, that's great when those things can be connected on the back end and the person you're talking to realizes that, but that doesn't seem to happen nearly as often as those of us who understand the technical capabilities would like to see any, any thoughts on that, Bob.
Yeah, the, I, I think the way I would describe omnichannel is that it's a spectrum starting off of every part of your, every individual touchpoint with your user is completely disconnected and has no idea of the other, anything else that's happened anywhere that's on the non omnichannel side. And the other one of course would be anywhere I touch the company. I have a seamless experience that picks up right where I left off, you know, and that could be at the front desk of a resort when you check in, could be on a kiosk or could be on your mobile phone, or, you know, when you call somebody for a technical support, you know, something like that, they all, they know who exactly who you are. They know what your problems are. They know what you've, you know, been through in the past, all that kind of stuff. And so the more, the more of an Omni experience that you can give to a customer, I think that's a very attractive thing to, to offer. You know, if, if, as a company that's a that's for me, for sure. That's a differentiator. You know, if I have to work with organizations where I am continually having to reintroduce myself and reacquaint people with my situation, you know, whatever, that's a real turnoff and I, I will choose a different company if I can.
Yeah. You know, I think the, the thing that we often talk about and we both hit on and say about abandoned registrations, that's, that's a real thing. Or, you know, even abandoning business with a, a vendor that doesn't provide a really good experience. You know, you start shopping if the experience is not, not what you expected to be. So let's see. What are some of the other biggest risks an organization can face when implementing cm? You know, I'll, I'll say time to get it done, you know, time to deploy something that works. I think one of the reasons that cloud delivered services are popular these days is because you don't have to stand up the infrastructure. You know, a lot of the basic maintenance configuration is taken care of for you. I, I think there are ways to help expedite CA M deployments. What, what are your thoughts on that?
I totally agree that there's, there are technology, you know, starting points or springboards that can make it much easier. I also would add to that, that probably the biggest organizational thing is trying to get alignment with everybody about what you want, what, how you wanna do it, what the roadmap will be, get a clear vision of what, where you're going. So I think that lack of clear understanding of what you want and goals and how you're gonna accomplish that and on, on which time scale that that can cause a lot of internal confusion, misalignment, you know, causes little squabbles and battles, you know, things like that, between departments that can really slow things down and really introduce a lot of risk.
Yeah. You know, that's a good point. And thinking about the answer to the survey question about business versus it alignment. I wonder if, if that's a good example of that, where you have, you know, business leaders that, that have a certain set of goals, it, it security, especially, you know, wants to implement stronger security. Then maybe what business leaders want, or maybe the business leaders are proposing things that are perceived as far more risky than, than potentially beneficial. Maybe that's where some of those conflicts come into play that, that we saw in the survey results.
Yeah, for sure.
Let's see our organization implemented a simple am years ago, but now we're considering how to improve and modernize it. What are the most important things to consider? I, I think, yeah, going back to, you know, what we were talking about earlier, plan for growth, try to anticipate what you will need, not just next year, but if possible two or three years out, you know, in terms of the numbers of users, the complexity of use cases, the applications that you may want to hook up the cm platform to, there are lots of different factors to consider there. I would say any, anything to add there,
I would only add that whoever's in that situation is they should consider the smells very lucky because now they've learned all the things that they should have done differently or would like to have done or, or whatever, you know, there's, I think building a Siam solution is sort of an iterative, you know, peel the onion kind of thing. And so you need to consistently have feedback about what's worked, what hasn't worked to, to continually adapt it and improve it. And so I'm sure that after rolling out version one, that they know exactly what they would've done differently. And now it gives them the opportunity to think about how they can adjust and adapt, you know, in the way that you just talked about John.
Yeah. Yeah. That's a great point. Apply your lessons learned if you've been through an initial deployment, you probably know what has worked well and maybe what and put that sort of at the top of your requirements list or when making changes to the architecture. Well, great. We're approaching the top of the hour here, so thanks everyone for joining today. And, and thanks Bob. And WSO two for participating as well. Any, any final thoughts, Bob?
Well, I just wish you all luck in your pro in your Siam endeavors. I know it's a, it can seem daunting. Maybe there's a lot of moving parts, but I think there's also some great, you know, folks out there that can help, help you out and some great leadership and guidance from people like John and give you some help, kind of figuring out the landscape and moving forward.
Well, great. Well, thanks again. And the recording and the slides will be available soon, have a good rest of your day. And that concludes today's webinar.