By Samantha Garrett | Posted on November 10, 2017
Customer identity and access management (CIAM) provides tremendous value to organizations interested in both improving customer engagement strategies through data and securing and protecting their customer data repositories.
If you’re just getting started on your own CIAM journey, there are five common implementation pitfalls to keep an eye out for:
There are a lot of reasons why a company may decide to implement a CIAM solution, whether it’s greater security, stronger compliance, or better and more targeted marketing efforts. Regardless which department is leading the charge to invest in CIAM, you need to be sure that everyone has a chance to provide their input on what the solution should cover and what capabilities are needed to meet expectations.
CIAM can provide benefits to (and have an impact on) an unusually broad range of stakeholders and departments within a company. The customer data it helps to collect can inform business intelligence and strategic planning on many levels, including C-level management and investors. The data typically also serves as fuel for personalized marketing and is fed into the company’s marketing automation systems. On transactional sites, like portals for various forms of e-commerce or customer service, the data and identity of users is the foundation for doing business. Customer data contains personal data, which is sensitive and subject to a variety of laws and regulations, so the CIAM technology that collects and manages this data is of major concern to Chief Security Officers (CSOs) as well as to the departments responsible for legal affairs and compliance. If employee data is involved, HR might be affected as well.
Chances are that the implementation of a CIAM solution is driven by one particular department in order to achieve a particular goal, or a set of goals specific to that group. This can lead to an overly narrow focus and result in benefits being left on the table. If you only approach identity and access management from a particular frame of mind, the platform ultimately won’t be able to provide maximum value to other business units.
For instance, if you prioritize compliance over customer engagement opportunities, you may wind up with a CIAM solution that keeps you on the right side of HIPAA, GDPR, or other regulations, but at the cost of the marketing department’s data-driven strategies.
So, you should not ignore other departments during the planning stages; at the end of the day, it will affect every corner of your organization. Which leads us to the next challenge.
Involving a broad variety of different departments and stakeholders is not easy with any project, and with implementing CIAM you get a bonus problem on top: Your stakeholders might not even know they are stakeholders, or why they should be actively involved in evaluating a CIAM solution.
You cannot assume that other groups and individuals understand how this technology will impact them and they might not even know anything about CIAM. So, while you might initially be concerned about inviting too many cooks into the kitchen, chances are you will find that nobody followed your invite because they didn’t even think of themselves as a cook to begin with.
Also — and this is where it gets tricky! — the department initiating and driving the project might not be able to explain to others why they are affected and what CIAM can do for them. For example, if the CSO and their team decide to implement a dedicated CIAM solution for security reasons, they might not have a solid understanding of what CIAM can do for marketing and BI. As a result, these other departments might not even be given the chance to realize the opportunities CIAM can open up for them, and potential problems specific to their areas might be overlooked completely.
Probably the easiest solution is to have the CIAM vendors you are looking at explain the benefits and risks of their solutions to the different departments, not just the one that’s driving the purchase. Get the vendor’s help to make sure the value proposition for the different audiences is properly explained and evaluated.
That being said, not all stakeholder input can be included in your final CIAM deployment. A critical part of the planning process is making a distinction between what people want your solution to do and what they actually need it to do. Prioritizing these demands early on in the process is critical to avoiding project delays. While this is true for any implementation project, it is typically just a bit more challenging when your stakeholders are from very different areas with different backgrounds, mindsets and viewpoints. You cannot expect to deal with a homogenous group, but — for example — you will have to manage individuals with different levels of technical expertise.
Ideally, identify a CIAM champion in each department, help that person to become an expert and be the advocate for the project within their group. Hold meetings with all relevant stakeholders at the outset to compile an ironclad list of must-have capabilities and make sure these are clearly documented and communicated. That way, your team will know exactly what needs to be included and can approach the project appropriately. It also helps with the next challenge.
CIAM projects can have long gestation periods before finally launching. It’s not unusual for business stakeholders to play a large role at the outset of the process, providing input and dreaming up all the different incredible ways that a CIAM solution will make their lives easier.
At some point in the process, though, the projects often fall back into the hands of the IT department, and those business users fade into the background. When it comes time to actually implement CIAM on a technical level, stakeholders defer to IT staff, ceding any control over the project.
The end result can often be a CIAM solution that doesn’t quite meet business user expectations. It’s important to keep all stakeholders looped in during every stage of development and implementation so that course corrections can be made as needed. This way, you can also avoid an unpleasant situation where your stakeholders are surprised — and not in a good way — by the final product.
Because CIAM covers so much ground and touches so many corners of an organization, you’re going to have a pretty diverse user base. Not everyone is going to have experience working with this kind of platform and may not know how to get the most out of it. If business users aren’t able to effectively navigate your CIAM platform and complete projects, it’s unlikely that they will want to continue to use it on a regular basis.
On one hand, a user-friendly interface and dashboard can go a long way toward encouraging adoption. To really get everyone on board with your CIAM solution, you’re probably going to need to offer training programs to answer questions, convey best practices and increase user proficiency.
When reviewing potential CIAM solutions, be sure to check that vendors have a mature support service to help train employees from all areas on their specific platform. At Janrain, we’ve recently launched our Janrain University program, and one of our most important goals is to offer training and education for every type of user and stakeholder — including business and compliance groups, and not just IT and software engineering.
If we can help you with addressing the CIAM challenges above (and any other), don’t hesitate to contact us.
How to tell if your identity management is ready for the new data protection regulations…
We just released the latest member of the Janrain product family: Janrain Advanced Policy Manager…
Janrain Information Security Manager, Lisa Nicholson, shares her thoughts on why CSA Level 2 and…