1 Introduction
Consumer Identity and Access Management (CIAM) continues to grow as a segment within the overall IAM space. The reasons for CIAM growth are multi-faceted: digital transformation is picking up speed, consumer expectations for sophistication and ease-of-use in their digital experiences are rising, and regulations requiring more secure processing and handling of consumer data are coming into force in more jurisdictions globally.
The digital transformation is well underway, with almost every kind of business finding it necessary to offer better experiences not only to acquire new customers, but also to retain their current consumer bases. The global pandemic has accelerated the digital transformation even in industries that had been lagging technically, such as retail, health care, insurance, etc.
The solutions within the market are evolving rapidly in response to customer demands, new and changing regulations, and advent of new technologies. Consumer demand and satisfaction are evidenced by increased business. Pleasant and secure user journeys lead to repeat site visits and higher revenue. Unpleasant or insecure user interactions will drive consumers to competitors. Consumer and/or customer identity management is pivotal in this scenario. Getting CIAM right can mean the difference between profit and loss, and between expansion vs. closing down.
CIAM is a field characterized by innovation. New authenticators, risk analytics, fraud detection intelligence, device identity integration, API accessibility, and privacy management are key areas in which CIAM solutions are showing new developments.
Everyone knows – consumers included – that passwords are insecure authenticators. Consumers prefer authentication mechanisms that do not require creating, memorizing, or maintaining more passwords. Much ecommerce is transacted via smartphones, and even typing in passwords on smartphones is frustrating. Smartphone-based biometrics have long been embraced by consumers, and most CIAM solutions interoperate with mobile authenticators.
Risk-adaptive authentication solutions are more commonly found within CIAM systems today, allowing the evaluation of multiple risk factors and providing higher levels of authentication assurance. Risk-adaptive authentication is a pre-cursor for continuous authentication, which can reduce the need for explicit authentication events from customers while improving the customer experience.
Fraud rates are increasing as fraudsters rapidly evolve new techniques. Cybercriminals attack not only financial institutions, but also ecommerce, insurance, travel/hospitality, and most every industry. Fraud Reduction Intelligence Platforms (FRIP) offer the means to integrate with many CIAM solutions so as to help their customers detect fraud attempts at both registration time as well as transaction time.
SmartHome, wearable, and other IoT device types are proliferating. Almost all such devices have identities of their own that need to be associated with consumer or customer users. CIAM solutions are expanding their capabilities to serve the more complex needs of managing device identities in conjunction with user identities.
CIAM systems are not islands unto themselves, and as such API connectivity is a must. Some CIAM specialists have concentrated on making their solutions developer-centric, providing robust APIs that allow integration with related tools and services, such as Customer Data Platforms (CDP), Customer Relationship Management (CRM), and FRIP services.
The EU General Data Protection Regulation (GDPR) has been in effect for four years, and most solution providers have adapted their products to accommodate the technical requirements for gathering and managing consumer and customer consent. However, differences between products in this space can be significant, with some providing more intuitive administrative interfaces and consumer self-service portals. Moreover, other regions of the world have been enacting privacy regulations, which increases complexity for both CIAM vendors and their customers.