Does your customer identity and access management (CIAM) inspire trust?

Security and marketing, previously considered strange bedfellows, are a match made in digital heaven with consumer identity and access management (CIAM).

Designed primarily to protect applications and websites from bad actors, CIAM can be invaluable for marketing, brand management and digital initiatives, as well. At its heart, the technology vets and verifies user identity to secure applications and devices. But certain CIAM solutions can also provide a comprehensive view of your customers’ preferences and online behaviors — helping you to personalize digital experiences, reduce irrelevant communications, and improve customer interactions.

Today’s most sophisticated CIAM offerings provide a full range of consumer services, including privacy protection, data collection and data analytics as well as identity verification, anti-fraud features, and more. These help to solve a host of business problems, bolster consumer trust and boost efforts to increase revenue.

But not all CIAM software is created equal. Before shopping for a solution, it’s important to know what CIAM is, what it is not, and how it can best support your business objectives.

I generate data, therefore I am

CIAM has evolved with our changing notions of identity, a term that no longer refers only to the individual. In the digital age, identity also encompasses smartphones and the other computing devices a person uses, their finance/payment cards and medical records, and other data reflecting their preferences, habits and purchases.

Managing consumer identity for security’s sake, therefore, means managing data.

The need to secure access to websites and applications grows more urgent by the year. According to F5 Labs, access- related breaches constituted the largest known security- breach type ( 52%) in 2019, increasing by 5 percent from 2018.

Think of CIAM as a digital handshake that verifies and manages an organization’s external users or customers. With 82 percent of the world population covered by privacy regulations in place or imminent, according to PwC analysis, safeguarding customer data is no longer an option — it’s a must.

But modern CIAM goes beyond security, access control and compliance. Today’s smart solutions also feature a single view of the customer and customer intelligence across omni-channel interactions and transactions. It is built around the customer at different stages of the individual’s relationship with an organization or brand.

These capabilities are designed to answer digital customer demands. People expect easy and convenient online shopping that’s secure, private, efficient and smooth, even when they’re using multiple devices. They want ads and promotions that speak to their wants, needs and lifestyles. And, increasingly, they want control of their personal information. Using a CIAM solution helps businesses meet these needs without having to build the features themselves.

There’s strength in unity

Various solutions exist to meet different CIAM needs, but a fragmented, piecemeal approach can result in disjointed experiences for customers — and the loss of their business. One in three US consumers (32%) are willing to walk away from a brand they love after just one bad experience, according to a PwC survey. This figure is even higher in Latin America, at 49%.

Cobbled-together CIAM technologies can’t deliver the easy transitions and continuity that consumers want or the comprehensive “360-degree view” of customers’ behaviors that businesses need to serve their customers well. To do CIAM properly, a unified approach works best.

Digital healthcare, for example, has become the new normal, and patients expect their data and transactions to be available to themselves and to other healthcare providers. At the same time, they want their information to be secure and private whether they’re using their phone, laptop or tablet. Enabling their doctors, therapists, nurses and other practitioners to view and track their overall health over time may provide them with higher-quality, holistic medical care.

Financial services firms, including payment processing companies, must safeguard consumer information and accounts while providing customers with continuous access to their balances and funds. But even though these services may be isolated from one another — a credit card account may be completely separate from the consumer’s bank account, which is separate from their investment accounts, for instance —financial institutions want to incentivize loyalty with rewards, and that requires holistic insight into every transaction. At the same time, consumers want to be able to seamlessly manage their money on demand, and to have secure experiences while doing so.

Topping the long (and getting longer) list of CIAM features:

Consent management: Letting customers choose how their private information is used (or not).

Adaptive authentication: Continually verifying user identity based on biometrics, behaviors and other indicators.

Preference management: Using consumer data to engage with customers wherever they are.

Multichannel access: Providing customers with multiple ways to interact with your organization.

Simplified registration and progressive profiling: Making it easy to sign up, then continuing to collect user data to improve customer profiles.

Transparent data collection: Notifying consumers that their data is being collected, processed and used, and for what purposes — which 41 percent of US consumers said would make them more likely to use mobile applications and buy a particular business’ products and services.

Secure self-service functions: Letting users enroll in multi-factor authentication, manage passwords and other security features, and access and manage their customer accounts.

Modern customer advocate workflows: Tracking marketing and service initiatives all the way to results for a truly customer-centric business approach.

Solving your identity crisis: Six steps
CIAM is catching fire in healthcare, retail and finance, in particular — but any entity with a digital presence can reap its rewards for itself and its customers. Here’s how to begin.

• Bring the right people to the table.
  The business leaders responsible for the customer experience are in different parts of your organization. Assemble a multi-functional team of supporters from your security, privacy, customer experience, marketing, and other relevant areas of the business, and solicit their input on features that would serve your entire organization best.
• Define your CIAM strategy.
  Develop a CIAM program plan that is strategic and considers the long-term as well as short-term benefits and risks to your organization. Make sure it’s flexible enough to change with the types of problems it needs to solve, the technologies it uses and the ever-shifting expectations of consumers.
• Think big.
  Get buy-in from your board and C-suite, and establish an oversight team to govern your identity program.
• But start small.
  Whether your organization needs only a few CIAM features or a complete privacy-security overhaul that also works with marketing, a methodical, one-step-at-a-time approach works best when implementing this complex technology. Choose one or two basic capabilities with your business’s goals in mind, then scale up gradually in accordance with your privacy, security and digital strategy.
• Work in layers.
  CIAM capabilities should be layered atop each other, in this order, with the first three as foundational layers:
  • The threat intelligence layer stops illegitimate actors before even reaching the organization’s external-facing channels. Advanced solutions use threat consortiums and continuously-growing bad actor data to terminate connections even before the need for proofing or authentication arises.
  • The identity-proofing layer checks that the incoming user is indeed a person and is the same person they claim to be. Identities are verified, or “proofed,” using advanced technology services to a predetermined level of trust, depending on desired user access and functionality.
  • The adaptive authentication layer verifies the user’s identity against known records using a risk-based approach, adapting to provide a simplified experience to the end-user (i.e., applying strict multi-factor for higher-risk use cases or scenarios).
  • The fraud intelligence layer analyzes user activity and transactions from a strict fraud perspective, identifying potential fraud or financial loss.
  • The user behavior analytics (UBA) layer monitors users within the organization and analyzes user behavior against baselines to spot unusual anomalies. Suspicious behavior is flagged and investigated to prevent any malicious activity or organizational loss.
  • The reporting and analytics layer uses automated reporting processes and advanced analytics to provide in-depth identity-related statistics, acting as a last line of defense in securing customers.
• Choose with care.
  Get help if you need it, but in any case be sure to have your CIAM strategy developed before you shop for a solution to ensure that you’re getting all the right features for your enterprise.

Exceptional customer support is already a mainstay with leading businesses, and the leading CIAM solutions help them manage customer identities and data while merging security, privacy management and compliance from login all the way through post-purchase support and service.

Consumer identity and access management is a digital relationship imperative. So says this thought leadership article about CIAM that I wrote with input from PricewaterhouseCoopers experts and my manager at the PwC Cyber and Privacy Innovation Institute. As with every article that PwC produces, this was a collaborative effort, starting with interviews, progressing with members of the CIAM team commenting on drafts, and only finishing when everyone was happy with the results.

Client: PricewaterhouseCoopers
Format: Article