Expanding the purview of Consumer focussed IAM

The advent of General Data Protection Regulation (GDPR) and its impact worldwide a strict regulatory environment is shaping up. Businesses need a close look at Consumer/customer facing IAM practices. The return on investment ROI on Identity Management capabilities must be viewed as one of the best practices in safeguarding user / consumer data theft.

Putting in place the safeguards associated with consumer/customer data are becoming crucial for business to operate. The most recent example is General Data Protection Regulation (GDPR) deadline – it somewhat conveys that the consumers have a say in information demanded by businesses. With technology boom, traditional services delivery model has shifted to digital process. With this, the role of a customer has also undergone transformation from being just a physical entity to consumers interacting with a business remotely to gather insights & use an array of services. This necessitates cyber / internet-based identity management. This has mandated businesses to manage, govern and secure customers’ access to systems and data, while ensuring unflinching digital experience. This experience consists of techniques, processes and tools to manages users’ digital omnichannel interactions, and packed with various aspects of identity and access management for consumers, widely known as Customer Identity and Access Management (CIAM). CIAM is a technological solution that provides a mechanism to store customer profile data, authentication services, along with helping to manages identities and securing data across all channels – digital and non-digital. CIAM platforms offered by various vendors include Saas, Paas, on site deployment as

To download the complete E-book, please provide your details

shadow

well as cloud-based deployment according to the unique requirements of each firm. It acts as a catalyst to connect marketing, business and security teams, and forms an essential part of B2B interactions. When the purview is limited to cloud, the concept of CIAM can be adopted with user management as a service module.

The market value of CIAM is expected to grow to US$ 18.3 billion market by 2019, according to a Markets and Markets Identity and Access Management Report. Data production is estimated to be 44 times greater in 2020 as compared to 2009. In addition, experts estimate a 4,300 percent increase in annual data generation by 2020, according to a CSC report’s projection.

Benefits of identity management to achieve compliance have been stated time and again. The practice takes the shape of identity provisioning with B2C identity management capabilities. Businesses are increasingly seeking insights related to data created on digital platforms with web based consumer engagement. These trends usher a new era of consumer-managed data and driven through a framework of personal identity and data management. All this will be addressed while addressing tools, technologies, responsibilities and requirements that customer insights (CI) will incorporate to build trusted relationships with users. Given the business dynamics in digital arena, the times to come will see CIAM will act as a catalyst to connect marketing, business and security teams, forming an essential part of B2B or B2C interactions. Compliance to the clauses of General Data Protection Regulation is getting increasingly crucial.

To download the complete White Paper, please provide your details

shadow

Table of Contents

Section 1 Introduction to Consumer Identity and Access Management (CIAM)
Understanding Regulations to support adoption of CIAM

Section 2 CIAM Lifecycle
Customer IAM – a crucial component for digital customer experience

Section 3 Solution, Integration and Components
Concept of CIAM Integration
Component of CIAM

  1. Customer analytics to help in business growth
  2. Big Data Management that goes beyond ‘Brick and Mortar’ templates
  3. Streamlining Processes for Secured User Experience

Section 4 How Avancer can add value to your CIAM initiatives

Introduction to Consumer Identity and Access Management (CIAM)

Consumers’ digital interaction with business is a source of insights for businesses, and it is but natural for businesses to capture consumer insights. Consumer-managed data, driven through a framework of personal identity and sensitive information needs to be safeguarded. Identity and Access Management (IAM) has its services focused on employee use cases, while outward-facing consumer centric Identity Management (including identification, authentication and authorization of the customers, their devices and organizations) needs equal attention. It is getting crucial to set up checks and controls as the GDPR deadline approaches.

Consumer or Customer Identity and Access Management (CIAM) is a solution to facilitate storing, processing, monitoring and managing customer profile data, authentication services, along with helping to manages identities and securing data across all channels – digital and non-digital. Given the business dynamics in digital arena, CIAM Solutions act as a catalyst to connect marketing, business and security teams, and forms an essential part of B2B interactions.

The regulatory paradigm around consumer driven interactions has run parallelly with expansion of digitization. Paving way for creating systems and processes for CIAM-enabled digital businesses, Payment Card Industry Data Security Standard (PCI DSS) recognizes the threats from the industry recognizes a standard for digital data transfer for outward facing transactions. This is just one of the regulations for e-commerce transactions, and the future will see incremental revisions and newer regulations to cover threats in the payment landscape, user data to help businesses use and maintain standard as a business practice.

General Data Protection Regulation (GDPR) aims to do just that – enforcing businesses to take a step towards protecting consumer information by making use of monitoring technologies and integrating checkpoints. This mandates businesses to manage, govern and secure customers’ access to systems and data, while ensuring unflinching digital experience. European Union has enforced the GDPR regulation on all entities that capture user data, and defaulters will be penalized after the deadline of May 25, 2018. European data protection regulation is going to impact global practices with respect to handling consumer data. While most businesses are looking for placing temporary fixes, safeguarding consumer data in Europe will set a stage for data safeguards globally – pushing businesses to look at harmful user management practices.

CIAM recognizes that the consumer interaction with services from digital-channels is mostly online. Thus, while developing IAM capabilities, the consumer must be the focal-point along with user experience, security

To download the complete E-book, please provide your details

shadow

and scalability rather than technology, standards and products. The process facilitated via CIAM connects backend system with consumer community connecting with Enterprise IT System through their individual (or social account) login must be seamless and secure. Such functionality is becoming omnipresent and is essential for marketing, banking, e-commerce, online transactions and so on. This needs a step forward in IAM practices for consumers.

Understanding Regulations to support adoption of CIAM

PCI DSS is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. PCI DSS is a set of security standards designed to ensure that all companies that accept process, store or transmit credit card information maintain a secure environment.

The standard was agreed by major card brands as a common, consistent and secure process for minimum level of protection to safeguard card data and customers. The PCI DSS requirements for 2018 specifies a list of mandatory requirements of which 6 control objectives are:

  • Build and maintain a high-security network
  • Protection of cardholder information
  • Maintenance of vulnerability management program
  • Secure access control measures
  • Restricting of physical access to cardholder data
  • Regular monitoring & testing of networks and maintaining an information security policy

The requirements introduced in PCI DSS 3.2 are requirements, effective 1 February 2018. PCI DSS 3.2 includes clarifications to existing requirements, new or evolving requirements, and additional guidance. While PCI DSS compliance checklist looks at the biggest payment security challenges facing organizations, the introduction of deadline driven GDPR regulations across borders can impact businesses, and command high penalization costs. E-Commerce Security PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security.

To download the complete E-book, please provide your details

shadow
  • Secure network for CC processing
  • Secure card holder data
  • Access control measures

Despite advances in the state of global compliance, hackers continue to pose a great threat. With no slowdown in sight, the effectiveness of the PCI Security policy and PCI DSS, continues to be the most important topic. A need for PCI DSS self-assessment for businesses is stated. The purview of information possessed by business houses across consumer-facing businesses has reached a new benchmark with GDPR – Failure to comply will result in fines up to 4% of annual global revenue or Euro 20 million, whichever is greater. In addition to forming swift checks – any rival poaching data that create ‘data passports’ for consumers to collect personal data from multiple sources needs to be checked and deleted. That’s the strategic bit of it – at the technological level – it needs to clear look at processes, regulations and possible technical solution. Although the cost of PCI DSS Compliance is considered huge, implementation of correct processes can make PCI DSS Compliance reasonable even for small businesses.

Regulatory Environment around CIAM Solutions

Many regulations are in place that requires organizations to harness IAM technology, violations of regulatory

compliance often result in harsh penalization. Regulatory requirements specific to e-commerce do not just discourage the practice of selling data. Going forward, most online practices and e-commerce regulations from 2018 onwards need to be futuristic. Some of the most important ones with their corresponding solutions are listed below for your ready reference:

RegulationIndustriesRequirementsIAM Solutions
Payment Card Industry Data Security Standard (PCI DSS)All industries that processes payment card transactionsFocus – E-Commerce Security
PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security, including secure network, secure card holder data and proper access control measures
Access Management – Centralized authentication that ensures single id for each user, Password Management Identity Management: Provisioning and role polices to set access control
Sarbanes–Oxley Act of 2002 (SOX)Finance
Banking
Insurance
Focus – Internal controls on financial reporting
– Section 302: Companies must safeguard their data responsibly to ensure that financial reports are not based upon faulty, tampered or data that may be highly inaccurate.
– Section 404: Safeguards listed in 302 are verifiable by independent auditors
Access Management – Centralized authentication, Single Sign-On (SSO), Identity Management – Role based policies for account provisioning, de-provisioning & approval process Privilege Identity/Access Management (PAM/PIM) – Enforce tighter security rules and role based policies for privilege accounts IAM Auditing – Capture all user actions and system responses
Gramm-Leach-Bliley Act (GLB)All financial institutionsFocus – Information Security
The Gramm-Leach-Bliley Financial Modernization Act enacted in 1999 mandates all financial institutions to safeguard customer data from internal & external threats.
Key requirements are to protect and maintain confidentiality information of customers and protection against any threats to customer information
Privilege Identity/Access Management (PAM/PIM) – Enforce tighter security rules and role based policies for privilege accounts
Health Insurance Portability and Accountability Act (HIPAA)Healthcare, LifesciencesFocus – User Access Rights
Health Insurance Portability and Accountability Act, HIPAA ensures-National standards to protect the privacy of personal health information. Federal privacy protections for individually identifiable health information. That it is easier for people to keep health insurance, protect the confidentiality and security of healthcare information.
Access Management – Federation, Mobile Solutions, SSO, Password Self Service Identity Management – Role based policies for account provisioning and de-provisioning
Family Educational Rights and Privacy Act of 1974 (FERPA)EducationFocus – Access Rights
FERPA is a Federal law that – Governs access to educational records maintained by educational institution and ensures students’ rights to privacy
– Applies to all elementary, secondary, and postsecondary institutions receiving federal funds
Access Management: Identities for teachers, students, parents and other communities to securely login and maintain education records. Federation access for intercampus domains
North-American Electric Reliability Corporation (NERC)Energy/Utilities sectorFocus – Access Governance
NERC mandates the core technical requirements for cyber security as outlined in NERC CIP Standards 002-009. It requires accountability through:
– Authentication, access control, delegation, separation of duties
– Continuous monitoring and reporting of electronic access to critical infrastructure.
Access Management
– Centralized authentication, Single Sign-On (SSO)
Identity Management – Role based policies for account provisioning, de-provisioning
Privilege Identity/Access Management (PAM/PIM)
– Enforce tighter security rules and role based policies for privilege accounts
IAM Auditing
– Capture all user actions and system responses
General Data Protection Regulation (GDPR)All Consumer / Customer Data procurement related industriesFocus – Data Security
GDPR standardizes processing and movement of EU citizens’ personal data
Consumer/Customer IAM capability
Access Controls
Audits

Some of the other compliances that will require IAM technology include FDA 21 CFR Part 11; The Health Information Technology for Economic and Clinical Health Act (HITECH) Act; ISO 27001; Federal Information Security Management Act (FISMA); Freedom of Information Act (FOIA); Federal Information Processing Standards (FIPS 200); National Institute of Standards Technology Special Publication (NIST SP 800-53). Support of CIAM capabilities is required for achieving compliance for such regulations. For large number of companies, CIAM integration is required – along with acumen in terms of business processes. CIAM products need system integration insights to help businesses achieve customized consumer facing capabilities for a secure customer identity management.

Section 2 CIAM Lifecycle

As the need to secure and provide privacy is of utmost importance while designing a CIAM product, customer ecosystem forms a very important aspect of CIAM. It is a solution that provides authentication services, manages identities and stores customer profile data for businesses worldwide. CIAM is becoming a way of life as far as online transactions–financial or social–are concerned. It is a new direction for the technological boom to continue. IAM capabilities aligned data analytics help in reporting, gathering access information of users and help businesses in making strategic decisions – while keeping checks and balances in place. While consumers expect personalized services, the brands want to make inroads to learn, identify, store and utilize the consumer information to its maximum, for providing impressionable consumer experience and gaining brand loyalty. Thus, shaping the platform’s ecosystem is nodal to integrate consumers, services and the market.

Customer IAM – a crucial component for digital customer experience

Companies require customer insights to create newer products and services that help them in increasing and sustaining brand loyalty. The market value of CIAM is expected to be US$ 18.3 billion market in 2019, according to a Markets and Markets Identity and Access Management Report. In terms of monitoring consumers, traditionally the marketing team was expected to manage customer data, but with the expansion of a complex IT environment and multiple interaction points.

A broad view of CIAM Lifecycle can be recorded in the following points:

  • The lifecycle of CIAM mechanism is to record customer’s data.
  • Customer’s registration (by way of filling forms etc.), authentication (by way of confirming via mail, OTP, etc.) along with their identity management and connection to internal as well as third-party applications
  • Initiating business and consumers onboarding to utilize digital properties via social logins or traditional means

Consumers also expect to receive instant insights on their digital investments and customized services. Digital touchpoints are expected to minimize on response time as poorly managed time adds on to customer attrition rates.

Section 3 Solution, Integration and Components

The consumer-centric IAM becomes a key component of a real-time Security Intelligence strategy and must also be seen to strengthen fighting outward facing threat- paradigm. IAM becomes a common denominator for determining appropriate access to resources, regardless of where they reside (cloud, on-premise) or its mode of access.

Read more by downloading E-book | Expanding the purview of Consumer-facing Identity and Access Management

To download the complete E-book, please provide your details

shadow

IDM Upgrade Accelerator

Having an Oracle IdM Suite? Upgrade to latest one

Older versions need to be upgraded in time to avoid interruptions in business due to software validity issues & lack of new functionalities. Avancer makes transition process easier & quicker with IDM Upgrade Accelerator