Commissioned by Pirean
1 Executive Summary
Identity and Access Management (IAM) is fundamental component of all electronic interactions in every organization today. IAM systems are typically composed of user directories, authentication services, authorization and access controls services, Single Sign-On (SSO), federation, privilege management, and lifecycle/governance functions. User accounts in enterprise IAM contexts are often standardized constructs, stored in LDAP or in OpenID format, to collect attributes about employees for access control purposes. Enterprise IAM solutions are well-established in the marketplace, and often serve employees, contractors, and sometimes business partners.
Traditionally, the IT environment has run within the walls of their perimeter. IAM solutions were developed to address the business needs of this closed environment. Identities were managed and stored on-premises and made available only to local access control systems to ensure individuals just have access to resources they need.
As business needs extend beyond business-to-employee (B2E) to include business-to-business (B2B) and business-to-consumer (B2C), and more recently business-to-IoT (B2IoT) use cases, federation extended the reach of where identity and access controls reside. SSO systems gives users the ability to authenticate not only across multiple IT systems but across multiple organizations too.
With the advent of cloud services (IaaS, PaaS, SaaS), organizations have new options for their IT infrastructure, platforms, and software. Motivated by the business need to increase IT elasticity, flexibility, and scalability while reducing cost, businesses have taken to the cloud giving IT a new challenge to protect both identities and access to resources in a cloud environment.
Modern enterprise IAM systems also need to accommodate enterprise-controlled mobile devices, “Bring Your Own Device” (BYOD), the bow wave IoT devices coming their way. As organizations increasingly move from a perimeter-based security model to a perimeter-less one, greater emphasis will be placed on what you know about the user and the devices they use.
Consumer Identity and Access Management (CIAM) is the fastest growing specialty in IAM that has emerged in the last few years to meet evolving business requirements. Many businesses and public-sector organizations are finding that they must provide better digital experiences for and gather more information about the consumers who are using their services. Enterprises want to collect, store, and analyze data on consumers to create additional sales opportunities and increase brand loyalty.
To reduce money laundering, cyber-crime, terrorist financing, and fraud, regulators are requiring banks and financial service providers to put into place mechanisms for “Knowing Your Customer”. Having IAM systems dedicated to hosting consumer identities and their associated profiles is a good first step toward KYC.
Common features of Consumer Identity solutions include:
- Provides self-registration for customers
- Alternatively, provides options for bulk import of customer identities from existing systems
- Gives users consent mechanisms to control the use of their data
- Enables Single Sign-On (SSO) across all digital properties
- Presents multiple authentications options for customers, depending on policies, risks, and mechanisms available
- Hosts customer profiles
- Integrates with popular SaaS applications
- Facilitates fine-grained access control to resources and data
- Can be deployed on-premise or via the cloud
This paper explores IAM and CIAM concepts, business drivers, challenges of designing IAM and CIAM solutions, and the entry points into solution architectures. The paper will further show how Pirean’s solutions can help meet the business requirements and challenges of both enterprise and consumer identity by providing customers with a robust, scalable, and future-embracing solution set.