Role Of IAM In Digital Journey
Today, the Identity and Access Management (IAM) landscape plays a crucial role in a business’s digital journey. IAM influences the digital experience for the customers. How does IAM fit into this digital journey? To understand this, it is important to understand that IAM is more than just security and governance.
IAM has been traditionally looked as a crucial component that fits in the ‘IT Governance layer’ of an organization, providing security, access management and user life-cycle governance. Typically, businesses of earlier years belonged to one of the known categories: Manufacturing, Energy, Banking, Healthcare, Retail, and Media & Entertainment. IAM played a crucial role in these organizations (which typically were also large employers that fuelled job growth)
Several (heavy) IT systems were deployed in these organizations to help them manage their processes, operations, inventory, goods, services, employees, payroll, customers, partners etc. Obviously the scope of ’employee + partner’ base, and the systems they could have access to, grew exponentially. This is where the need for User Identity Management (user provisioning, account management across multiple systems), Security (ensuring that right users have access to right systems, password management, and strong authentication), and Governance (ensuring that identities and their entitlements are correct, and managed effectively) became a real necessity.
The IAM systems were built with a purpose of providing the above services to organizations with a large employee/contractor/partner base. These systems needed significant integration with various IT systems, and their roll out became a significant activity. Later, Federation became an important part of the IAM landscape – where users are able to use the single identity to seamlessly access multiple systems. There are several other components to the IAM scope, but the key thing is – The entire IAM business was tailored for and restricted to the B2B businesses – where the user base was always restricted to employees, partners, customer employees, vendor employees, and consultants.
With arrival of B2C genre of applications, the business landscape drastically started changing from B2B to B2C or B2B2C. Businesses started tilting more towards ‘consumer’ than ’employee’. Today in the world of platform driven solutions, the organizations have a much smaller employee base as compared to the consumer base. E.g. Uber, which has less than 7000 employees, has more than 40 million riders and drivers as users (consumers). Any platform that allows producers and consumers to do business can potentially have limitless number of users. The consumers today are dictating how the products that they use actually shape up. Businesses today stand the risk of ‘consumer attrition’ almost every minute.
Such a landscape is forcing organizations to orient their products and services to be more consumers centric. Hence the user base today consists of ’employees’ + ‘partners’ + ‘consumers’. Meaning it has now expanded from few hundreds of thousands to tens of million. There is another big advantage of bringing the consumer into IAM ambit: Analytics – consumer access activities can be monitored to get insights into their behaviour, usage patterns and this can enable businesses to make informed decisions that can lead to process optimization, enhanced customer experience and even business opportunities.
Let’s look at the typical functions needed to be managed when the user base is a mix of consumers and employees:
- Managing millions of User Identities
- Processes for consumers and employees can be drastically different. Employees may face rigid and cumbersome processes, but consumers can’t be subjected to painful user experience
- Managing User Life Cycle for each identity
- Accesses to various systems, password management, privileges with each application.
- Maintaining policies that govern how access for every user into multiple systems is tied to one single user identity
- Policies can be significantly different for employees and consumers can’t be made to face that rigidity.
- Federation (e.g. Single-Sign-On) to let users use one set of credentials to simultaneously log in into multiple applications, or channels (web, mobile)
- Implementing multi-factor authentication
- Maintaining policies that decide which users should have what level of authentication (based on the role and application being accessed)
- Different policies for employees and consumers
GS Lab identified six critical issues in IAM, which have been the same top six problems in the area for the past few years.
Challenge #1 – Not geared toward consumers: This is the biggest challenge. How can the solution bring millions of consumers and thousands of employees under a common IAM umbrella? Deploying multiple out-of-the-box solutions side-by-side is also failing to solve the problem.
Challenge #2 – Legacy IAM solutions offer poor Customer Experience: Employees can be made to face rigid user experience, but consumers can’t. Businesses can no longer treat IAM as just a layer of security. IAM has to be seamless customer experience when customer attrition rate is high. Customer Experience is not just a ‘nice to have’ feature any more. Consumers demand consistent experience across various applications and channels.
Challenge #3 – Pricing: Typical IAM solutions which are geared toward serving employees and partners, have their pricing based on subscription model (charge per user, per month). The cost of such solution becomes exorbitant when user population increases from thousands to millions.
Challenge #4 – Scalability: Today’s IAM systems are not built to scale to handle millions of user. They are designed to handle few hundred thousand users (typically up to 0.5M).
Challenge #5 – Needs of B2B and B2C components don’t align: B2B IAM focuses a lot on access governance and compliance. The consumers can’t be subjected to same level of governance and compliance.
Challenge #6 – Ad-hoc solutions due to lack of understanding of true scope of IAM needs: Many newer generation businesses today have not yet seriously thought about the entire scope of their IAM needs. As a result, they have ended up implementing ad-hoc solutions (catering to individual applications) and are at a juncture where they have started realizing that there existing solutions are neither scalable nor extendable.
Today, there is no solution that would serve these needs out-of-the box. Throw in the complexity arising for hybrid layout of cloud + on-premise. IAM landscape has to (and is undergoing) a significant change. Solutions will have to evolve. But the key realization organizations need to have is that ‘having the right IAM landscape is very crucial for their digital journey’.
GS Lab understands these challenges very well. We make businesses not only to realize this need but also design and implement solutions that are best suited for their landscapes.