Differentiate with Customer Identity and Access Management
June 21, 2022
June 21, 2022
Way back in 2013, Accenture declared that “every business is a digital business”. It was right, of course, but there have been some growing pains along the way. Customer Identity and Access Management (CIAM) is one of them.
Don't get me wrong: CIAM is a great tool for capturing and managing profile data, making it more visible and useful, and helps enable secure customer access to applications and services. To borrow a well-worn but useful cliche, the devil is in the details.
Many organizations’ CIAM platforms have failed to keep pace with evolving business needs. In fact, they are hindering growth, mostly due to complex integration requirements and poor user experiences. Plus, they're not bolstering cybersecurity as much as many had hoped, as evidenced by the success of cyberattacks, ransomware and other cyber defense issues, including data protection. Now companies are wrestling with their second or third iteration of CIAM—or they’re saddled with legacy platforms that have been around for 10-20 years. They're frustrated and I don't blame them. Often, they have one primary question: Will this time be different?
If they go in the right direction, the answer can definitely be 'yes.' To show you why and how, I'll share some of my experience helping clients build scalable CIAM platforms that can provide improved, secure user experiences and increase customer stickiness while enhancing security.
Over time, I’ve seen companies add different authentication processes and platforms for each of their channels. Unfortunately, when authentication differs according to the channel, confusion and frustration can ensue.
Here's a common example: If a customer wants to pay their bill, they can call the interactive voice response system, navigate to bill payment and pay very quickly, especially if they use their existing payment method. And all this happens with no authentication. However, if the same customer wants to pay via the web, they need to log in. So naturally people use the phone, with the increased call volume negating the advantages of self-servicing in digital platforms. It's easy to see that as organizations logically look to drive digital adoption, authentication can become a barrier.
Moving to an omni-channel experience is not just about establishing a centralized authentication platform. It also means harmonizing authentication policies across channels with a risk-based approach—and this has to be done right. So far, the path many organizations have taken for risk-based authentication includes basic risk signals like impossible travel. Unfortunately, these controls are easily defeated by attackers with even minimal sophistication.
To improve security, organizations have implemented technologies such as bot detection and behavioral biometrics. This can help with credential-stuffing attacks, account takeovers and remote access trojans. Trouble is, if they are implemented in silos, which is often the case, this can lead to frustrating customer experiences which are difficult to troubleshoot.
In the financial services industry, specialized risk engines are used to analyze financial transactions and flag suspicious transactions. Often, this means that it is too late to stop a fraudulent transaction.
I’m now helping organizations move toward authentication orchestration. This enables real-time intervention, including additional authentication or blocking in the event that a transaction is suspicious.
Decentralized identity can provide a more seamless customer and employee experience while also reducing fraud. It does this by leveraging cryptographic technology to provide trust in digital identity credentials, where data can be securely and seamlessly verified in a privacy-preserving way. In this model, users are in possession of their own digital identity data and have more control over what, with whom, and when identity information is shared. Organizations can quickly verify a user’s digital identity data and have a high level of confidence in the data—reducing risk while protecting user privacy.
The rise of Web3 and metaverse technologies will likely drive widespread adoption of decentralized identity in the consumer space. As consumers become accustomed to using these technologies, they will expect the organizations they interact with to adopt them. For example, this may mean being able to use a government-issued digital credential to open a bank account, as opposed to going through a cumbersome online identity verification process. The takeaway here is that organizations should prepare to take advantage of the rich data and privacy-preserving features these new approaches can bring to their identity platforms.
Passwords have long been recognized as the most significant security weakness. They are cumbersome and expensive to use. Customers hate them, organizations are burdened by them. Fortunately, technology and consumer expectations are converging in ways that are enabling organizations to eliminate passwords.
To be successful with enabling passwordless, organizations should consider how they will establish trust with their users and devices. Today, most organizations have only enabled ‘passwordless’ as a convenience factor. That is, your customers still need to log in with a password on a new device, then use on-device biometrics for subsequent logins. As organizations mature, they should consider how to remove passwords entirely and move to identity verification or transfer of trust from another device.
Identity and Access Management is in a state of rapid change and innovation. Customers are demanding more control over their data, as well as better user experiences. At the same time, organizations are looking to improve their security posture while giving customers what they want. Deploying flexible, extensible customer identity platforms that include a modern CIAM platform will enable organizations to improve the customer experience, as well as security, setting the stage for a more trustworthy and prosperous future.
Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services and Accenture Song—all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at www.accenture.com.
Accenture Security Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter, LinkedIn or visit us at accenture.com/security.
Copyright © 2022 Accenture. All rights reserved. Accenture and its logo are registered trademarks of Accenture.
This content is provided for general information purposes and is not intended to be used in place of consultation with our professional advisors.