Customer Identity Management for the CMO, CISO, and CIO
Software is Eating the World
Cloud. Mobile. Digital. It’s hard to turn a corner today without hearing something about these technology trends. In an IDC report from November 2015, 67% of CEOs said they were betting on digital transformation. It’s at the top of the CEO agenda for good reason. It is hard to find an industry or sector in the economy today that is not being disrupted by software.
Software has gone from being an internal operational and employee productivity tool, to being at the core of how companies operate their business and serve their customers. If CEOs today do not act with the speed and decisiveness necessary, they risk a more nimble “digital” company entering their market and acquiring the bulk of their profits. The strategy consulting firm, Innosight, concluded that 75% of the S&P 500 could be replaced due to “creative disruption” in the next 15 years. Companies that do not embrace digital will be left with being commodity producers of goods and services at best, or at worst, will simply go away.
When it comes to consumer businesses, customer expectations have changed. Customer are demanding service on their own terms, their own schedule, just in time, and on their mobile. Medical appointments can be scheduled with a few taps for later in the day, photos can be uploaded from your iPhone and printed at your local pharmacy, and last minute hotel rooms can be booked for a bargain with the swipe of a thumb.
The Importance of Customer IAM (CIAM)
As companies undertake ambitious innovation programs they must choose tools that will accelerate time to market and give them the flexibility to experiment over time. Innovation is rarely a linear process, and hence agile development and a lean approach will yield the best solutions for customers in the shortest timeframe.
Among the critical layers in any technology stack designed to support this work is the identity layer which handles user accounts, and sign-in. When identity management comes as an afterthought, user experiences are fragmented requiring separate credentials for sign-in to different sites, user profile information is dispersed across databases, user activity is difficult to track, and security is at risk.
Done right, CIAM makes it easy to launch new customer-facing applications faster, enables a cohesive and delightful user experience across channels, ensures the security of user accounts and sensitive PII, and drives marketing ROI through better understanding of users, targeting, and personalization.
CIAM requirements for the CMO, CISO, and CIO
CIAM solutions can be a strategic asset serving all parts of the business or a tactical point solution designed for specific tasks in the marketing team. For those organizations that view CIAM as a foundational technology, here is an overview of requirements by stakeholder.
CMO and Marketing
The marketing team relies on CIAM to solve several core needs:
• Cohesive omni-channel experiences—Users should be able to access any experience with the same identity and account.
• 360 degree view of the user—Many services create and store user profile data, but in order to deliver an experience that is consistent across all interactions, the user profile must be portable in aggregate and travel with the user so that access can be applied consistently and context can carry forward. The CIAM solution creates a unified customer profile of disparate profile data sources including social identity attributes in addition to data from any other source.
• Adoption—Turn anonymous users into known users by allowing sign in with an account that users already know and will remember. Support for social identity is critical.
• Analytics—The marketing team wants to understand user engagement patterns, collect data on customer behavior, and then adjust promotion, targeting, and personalization based on this information. The CIAM solution must make available the data that it creates to any analytics stack for custom analysis and automated reporting.
CISO and Security
It’s hard to overstate the priority of security requirements when considering your approach to CIAM. Customer data is among your most sensitive information and assuring its security is critical for maintaining brand loyalty, trust, and reputation.
CISOs will require the following core capabilities:
• Password Policy—Most of us are tempted to reuse passwords. When one site or app is breached that creates vulnerabilities for customer across all of their accounts. Nudge your users to use a secure password.
• Adaptive Multi-factor authentication (MFA)—Threats to password security have never been more present. With the cost of computing plunging brute force attacks are feasible and ubiquitous. You’ll want to offer a portfolio of different factor options to suit diverse user needs, and apply policy that will allow you to step up based on riskbased policy.
• Secure, audited infrastructure and operations—Securing your customer sign-in and PII requires process and controls across all layers of the service. From screening the people who operate the service, to processes for screening code before it’s committed to the code base to penetration testing.
CIO and Technology
To fully realize the benefits of CIAM your chosen solution must be generic and extensible allowing full flexibility for any future integration or development. It must be standards-based, future-proof, and reliable.
It’s important that Technology stakeholders value:
• Reliability and scalability—High availability including during code upgrades and no need for scheduled downtime. Scalability to any number of users with demand response for peak periods.
• Support for standards—Designed to connect to anything now and in the future via standards including OAuth2.0, OpenID Connect, SAML, and SCIM.
• One service for all identities and all points of access—A unified approach to managing every identity that touches your company yields immense leverage. Deployed once, your IAM solution can then rapidly connect in any new application or touchpoint. Inevitably staff will need to access an admin console or a privileged section of a customer-facing app. Integrating more than one identity framework to each and every digital resource presents more cost and friction for your organization.
The Okta Identity Cloud: A Modern Approach to CIAM
New initiatives using next-generation technology require a re-thinking of the foundation. This new foundation needs to optimize for addressing all modern use cases on one platform (B2E, B2B, B2C and IoT). It needs to enable the line of business and IT to choose the best applications and technologies to build out digital experiences with the greatest ROI. Agility is a must. Delays lead to projects never getting off the ground, at the same time market opportunities and technology are moving too quickly, it’s key to have a flexible approach. With a breadth of IAM capabilities across all scenarios, the IAM system can be the glue that enables the business to transform and deliver end-to-end experiences for users.
Okta is the modern identity foundation for digital transformation that enterprises need to deliver secure digital experiences. Okta was born in the cloud, delivers enterprise-grade security and scalability and is built for change. Enterprises that use Okta go live quickly, are free to be opportunistic in the market and get the ROI desired from digital initiatives.
Okta provides a wide breadth of capability across IAM, Security and EMM—all as one modern cloud service. With this unique capability, Okta is the best foundation for enabling enterprises to deliver end-to-end experiences with extreme agility.
Enterprises have the choice of using Okta’s out of the box end-user experience or using the Okta API and toolkits to deliver a highly branded, completely custom end user experience.
Cutting across the breadth of Okta’s products are four key points of unification in the system: Digital Unification—At its foundation, Okta is a directory and meta-directory that enables enterprises to connect all sources of user profiles and data, transform attributes and manage groups.
Contextual Access Management—Across web and mobile and the breadth of applications integrated to Okta, enterprises can centrally manage policy. Okta makes instant policy decisions to deny or allow access based on a broad context of the user.
Lifecycle Automation—Okta masters lifecycle state off of directories, HR or CRM systems. Via rules centrally defined by an administrator, Okta takes action to provision users or kickoff workflow.
360 Visibility—Reporting features provide ultimate visibility across all actions in the system, from user authentications to provisioning events. Okta adds intelligence by detecting patterns like suspicious behavior and reporting on opportunities for more secure integration to an application (via SAML) to an administrator.