1 Introduction
Consumer Identity and Access Management (CIAM) continues to be a fast-growing area in Identity and Access Management (IAM) that has emerged in the recent years to meet evolving business requirements. CIAM solutions are designed to meet evolving technical requirements for businesses and other organizations that deal directly with consumers and citizens. They are designed to provide better digital experiences for and gather more information about the consumers who are using their services. Enterprises want to collect, store, and analyze data on consumers to create additional sales opportunities and increase brand loyalty.
Consumer IAM systems are designed to provision, authenticate, authorize, collect, and store information about consumers from across many domains. Unlike workforce IAM systems though, information about these consumers often arrives from many unauthoritative sources. Information collected about consumers can be used for many different purposes, such as authorization to resources, or for analysis to support marketing campaigns, or Anti-Money Laundering (AML) initiatives. Moreover, CIAM systems must be able to manage many millions of identities, and process potentially billions of logins and other transactions per day. SaaS delivery of CIAM services is trending upwards and will likely remain the default choice for most organizations.
CIAM systems can aid in many types of regulatory compliance, e.g., when banks and financial service providers are required to put into place mechanisms for "Knowing Your Customer" (KYC). EU-GDPR requires collecting clear and unambiguous consent from consumers for the use of their data. Many CIAM solutions provide this capability, plus offer consumers dashboards to manage their information sharing choices. Moreover, CIAM systems can help corporate customers implement consistent privacy policies and provide the means to notify users when terms change and then collect acknowledgement.
The top features CIAM services provide are
-
Social logins
Allow users to login via Facebook, LinkedIn, Twitter, Google, Amazon, etc. -
Multi-factor authentication (MFA)
Email/phone/SMS OTP, mobile biometrics, behavioral biometrics, mobile push apps, FIDO, risk-adaptive and continuous authentication, etc. Simple SMS OTP is not secure and is not recommended. -
Risk adaptive authentication
Evaluation of runtime environmental parameters, User Behavioral Analytics (UBA), and fraud/threat/compromised credential intelligence to match the appropriate authentication mechanism to the level of business risk or as required by regulations. -
Account recovery mechanisms
When consumers forget passwords, lose credentials, or change devices, they need ways to get access to their accounts. Account recovery techniques include Knowledge-Based Authentication (KBA; but it is recommended to avoid this method as it is usually even less secure than password authentication), email/phone/SMS OTP (also not recommended), mobile push notifications, and account linking. -
Inclusion of 3rd-party fraud and compromised credential intelligence
Runtime evaluation of internal or external cyber threat or fraud information, such as known bad IP addresses/domains, compromised credentials, accounts suspected of fraud, fraud patterns, botnet behavior, etc., for the purpose of reducing the risk of fraud at the transaction level. -
Identity analytics
Dashboards and reports on common identity attribute activities including failed logins, consumer profile changes, credential changes, registration tracking, etc. -
Business intelligence for marketing
Transformation of data about user activities into information for marketers. -
Privacy and consent management
Explicit user consent must be received for the use of their information. Consumer account dashboards are common mechanisms for providing users with consent monitoring, granting, and withdrawal options. Compliance with EU GDPR, Canada's PIPEDA, and California's CCPA are notable drivers. -
IoT device identity association
As IoT devices increase in popularity, consumers and business customer users will have greater need to associate their IoT devices with their digital identities. These identity associations between consumer and IoT objects will allow for more secure and private use of smart home, wearables, medical, and even industrial devices.
Widas ID GmbH, as part of the WidasConcepts group, develops and operates cidaas, a secure cloud identity and access management solution headquartered in Europe. cidaas was launched in 2015 and was able to achieve continuous growth to around 120 employees.