If organizations want to build customer trust, it’s crucial to modernize their customer identity and access management (CIAM) platforms as part of their digital transformation.
“This is seismic change,” said Evan O’Regan, Associate Partner, Digital Trust & IAM, IBM. “Traditional approaches keep the systems siloed and fail to provide that seamless customer experience.” Trust is lost if the identification process is too complicated or frustrating.
O’Regan made the comments during the 2021 ITWC Digital Transformation Kickoff where IBM announced good news for Canadian customers. IBM’s Identity as a Service (IDaaS) solution, IBM Security Verify, is now available with Canadian data residency, said Dhruva Suthar, Director of IBM Security Canada. “This is really a made for Canada solution. IT is a purpose-built identity platform to cater to the data residency and data sovereignty requirements of Canadian organizations,” Suthar said. “It also helps organizations modernize their customer identity and access management approach with a truly friction-free consumer experience.”
Balancing user experience with security requirements can be tricky, especially after a year that broke records for data losses due to breaches. Organizations are struggling to keep up in the cybersecurity arms race, noted the panel members. “Zero Trust and CIAM have to be the most important issues facing your business today,” added O’Regan.
Why consumer IAM has to change
Consumer IAM impacts a company’s return on investment and brand trust, said O’Regan. Eight-four per cent of companies that improve customer experience report an increase in revenue. Seventy-three per cent of consumers say a good experience is key in influencing brand loyalty. At the same time, 25 per cent of consumers say they’ll abandon an app after one use if the experience is poor.
“You need to take a holistic view, and not a tool-centric one, to design your world around your customer journey,” said O’Regan. Ultimately, this is not about a password reset, he said. “It’s about how the customer buys coffee (or anything else).”
To have a seamless customer experience, transactional communications across multiple systems on the back end are needed. “You have to build this into your applications and bring it all together in a repeatable approach,” said O’Regan. “If you’re trying to accomplish CIAM without transformation, it will fail.”
How to incorporate Zero Trust into CIAM
Going forward, CIAM must be based on Zero Trust principles. To do that, the customer journey should be broken down into it fundamental blocks, said O’Regan. “You’re going to wrap each one of the blocks with a security context for every user, every system, every single time,” he said. One of the best ways to reduce friction is through adaptive authentication. It uses artificial intelligence and machine learning to understand the customer’s regular pattern, explained O’Regan. If there’s a deviation from the pattern, the system should be set to challenge the customer with an additional factor of authentication.
To incorporate Zero Trust, an organization must take an extremely deliberate approach, following three steps:
- Taking an “unvarnished look” at the current state. Typically, this takes the form of an IAM or CIAM assessment, said O’Regan.
- Develop a strategy and a plan.“The strategy is about what does good look like for your particular business and how to set priorities,” O’Regan said.
- Pursue excellence in execution. “I guarantee there will be problems,” said O’Regan. “You need to be able to pivot and not allow these things to derail your program.”
O’Regan recommends that organizations seek professional services to help them tailor a Zero Trust program for their specific situation. At the end of the day, this approach will put IT in a better position to contribute to the business, said O’Regan. “And that’s where the magic happens.”