IBM Security Verify

 View Only

Consumer identities in Modern Digital World (CIAM)

By Vandana Verma Sehgal posted Fri May 07, 2021 12:51 AM

  

Digitization is the way to go However, while the consumers are increasing, we still follow the primitive approach and have always been taking too much information from the users like Email Address, Username, Address, Password and much more during the first interaction itself.

At the same time, security is becoming equally big concern for the organizations and users. Usability is severely impacted with applying the highest level of security on every user interaction which results in a poor user experience. So, balancing both becomes the priority for any organization to keep the user base intact.

The steppingstone in the digital world is built around Consumer identity and access management (CIAM). When we talk about user experience, we need to address trust breaches which have been lingering from quite some time now. 

As per Gartner” 

Zero_Trust_for_the_Cloud_Root.png
The consumer and Organisation trust is built over time and a successive process.  It is journey not a destination which can be achieved and forgotten. It has to be sustained. There are multiple phases which are part of this journey.

Initial phase -

As a user, if we are accessing an application or browsing the catalog of an application and the application is asking for too much information. One scenario is where a user is accessing the application for the first time and the application is asking to register post that only showcasing the content like some blogs or news sites. This is not a good user experience. We wouldn’t want to visit the website and don't want to share too much information. For the Organizations, customers should not be lost while we are building the context around them.

Application User Phase

Registered users during a sale Day are trying to place the order quickly and the application is not letting me login. “When the application is asking me for a password and then MFA and then also, I am getting timed out. I would be happy with the service; I am not liking it and if the application is not letting me in. Next is, I will not make a purchase and I might choose to remove the account from the application.

In other cases, we try to reset a password for the site, it has too many password requirements. For example, I am setting the password as “Security” and then we get rejected and it says not meeting the requirement, so we think Oh, no – this site has a different requirement with letters and numbers - you try “Secur1ty” – but by that point we are dis-satisfied.  

Sustain the user trust

I want to secure my account with Multi-factor authentication and am not being offered with the different options and just getting email or phone number-based authentication. I fear opening my emails in public or receiving the OTP on the phone. At the same time, if I am changing the device or logging in from a new location, I am not challenged with something new. Application is not building the context and my account might not be secure i.e legacy ways. I don’t wish to maintain the account with the application.

Discerning the trust

Trust is something which is built over time and it is built by giving the control and visibility to users of their data and telling them how it is being used.  Privacy regulations like GDPR and CCPA impose huge sums of fine to the organizations for missing out complying with it. 

Collecting customer consent and enforcing it are two different things. CIAM helps us do both. Giving your customer the ability to accept your privacy policy or decide who you share their email address with are examples of collecting consent.

While we are addressing these challenges for the consumers, we must remove the 500 pounds gorilla from the room for the organization as well.

The questions that an organization have

  • What is the use case that we are trying to achieve?
  • What does the User Experience look like?
  • What is the registration experience?
  • What attributes are you looking for?
  • How does a user authenticate?
  • What kind of level of security is required?
  • Is MFA needed? What are the options available and kind of verification needed?
  • Are there multiple domains that require SSO?
  • How can the users manage their consent?
  • What level of profile self service is available?
  • How can we set policies around fraud? 

 

Organizations are trying to modernize the way users are interacting with the omni-channels and at the same time can't afford to compromise security with increasing cyber threats. Trust is built over time. Customer identity and access management helps the organizations to manage user identities at the same time provides balance between the Security and user experience. CIAM provides the support for user experience while browsing, onboarding, managing and maintaining the users.

More user insight yields better customer experiences and helps in building future ready IAM Solutions for consumers. A good CIAM solution should be able to provide seamless user registration, self-service account management, consent and preference management, single sign-on (SSO), multi-factor authentication (MFA), access management, and most importantly Adaptive access which can be called as context aware access.

IBM Security Verify allows IT, security, and business leaders to protect their digital users, assets and data in a hybrid multi-cloud world, while enabling technical agility and operational efficiency as a cloud-native solution. Beyond single sign-on (SSO) and multifactor authentication (MFA), Verify is a modernized, modular IDaaS that provides deep AI-powered context for risk-based authentication and adaptive access decisions, guided experiences for developer censurability and comprehensive cloud IAM capabilities, including user management, access recertification campaigns and identity analytics.

Reference: 
https://www.ibm.com/in-en/products/verify-for-workforce-iam 
https://www.ibm.com/docs/en/sva/9.0.2.1?topic=verify-application

Stay tuned for more articles in continuation and detailed one. Thank You for reading.

 

Thank and Regards
Vandana Verma Sehgal
Security Solutions Architect - GSI Labs (IBM India Software Labs)

 

 

0 comments
30 views

Permalink