By Marla Hay | Posted on September 16, 2015
Last month, Forrester Research released its first report on the new CIAM (Customer Identity and Access Management) market landscape. We’re excited to be positively featured in the report, which highlights customer profile management and API-based operations as examples of areas in which we excel within the market segment.
But what is CIAM? And why do we need another identity market segment?
Prior to the existence of CIAM, most of the vendors in this space would be closest to (although not always a great fit for) the IAM (Identity and Access Management) or IDaaS (IDentity and access management as a Service) market segments. IAM aims to provide businesses and partners the ability to enable the right people to access the right resources at the right times for the right reasons. IDaaS is the same service but offered via the cloud or SaaS. IAM solutions consist of some similar features to CIAM, like user management, secure authentication, and granting authorization to protected resources. However, the goal of IAM and IDaaS is to help reduce the security threat to a company and to reduce the overhead associated with identity administration and compliance, which doesn’t quite capture the goals of CIAM.
Instead, CIAM focuses on the specific needs of customers who are accessing the resources of your business. While this includes reducing security threats and overhead for administration of compliance, it also takes into account the unique needs and circumstances of external customers.
One of the primary differences between the customer and traditional identity and access management spaces is the choice that customers have in their participation in the identity process. In traditional IAM, an employee or partner needs to utilize the IAM tools to gain access to the internal functionality they need to do their job. They are likely already provisioned by their employer, and they will necessarily follow whatever procedure is required to authenticate, even if it’s slightly inconvenient. Customers, on the other hand, have a choice as to whether they sign up for your website, or purchase from you online, or subscribe to your digital services. If they find the registration, authentication, or purchase experience cumbersome, they’ll just go to a competitor’s site. For years, I carried a hardware token with me to access my company network while off-site. Can you imagine agreeing to register, obtain, carry, and use a hardware token for every website on which you’d like to sign in?
Another important distinction in the CIAM space is that the user has control of their identity. It’s their choice whether to provide you with their information, unlike an employer who has your information already. A good CIAM solution needs a way to request information in exchange for value in a way that ensures your customer will voluntarily provide their data to your site. Likewise, a good CIAM solution needs a way for that customer to self-manage their identity. An employee or partner user may not need to manage their email subscription preferences or mailing address, but your customers will find that ability critical to their success on your site.
Another important difference between IAM and CIAM is the need for customer-focused solutions to be able to scale dramatically and to handle burst traffic during events. IAM vendors may support tens to hundreds of thousands of employees and partners, but that doesn’t compare to the millions of users that may sign into a customer facing website on a given day. And, traditional IAM solutions don’t generally face problems like needing to provide support for millions of users voting during a television contest, or a recording artist with tens of millions of fans dropping an album on her website.
That “C” in CIAM means the focus of the market space is squarely on the customer. Usability, simplicity, and ease are at the forefront in determining the right vendor solution because your customer relationship depends on it. Security, compliance, and reduction of overhead are simply prerequisites to getting to the best possible customer experience.
Forrester’s report on this burgeoning landscape provides a comprehensive review of this space, including additional examples of the differentiation of IAM and CIAM, as well as a high-level overview the vendors that currently inhabit it. While the report included seven vendors, we’re proud to be the only vendor described as excelling in any area – specifically in profile management and in our set of robust, RESTful APIs for all customer functionality.
View the press release.
How to tell if your identity management is ready for the new data protection regulations…
We just released the latest member of the Janrain product family: Janrain Advanced Policy Manager…
Janrain Information Security Manager, Lisa Nicholson, shares her thoughts on why CSA Level 2 and…