Evolving IAM: Shifting to Identity Relationship Management
10 February, 2014
category: Corporate, Digital ID
By Joni Brennan, executive director, Kantara Initiative
Identity and Access Management services were traditionally built for a company’s internal use to assist with manual on and off boarding or to establish access privileges to company data and systems behind the firewall. Today, however, a company must implement a dynamic Identity and Access Management solution that serves employees, customers, partners and devices alike, wherever they might be. This is the evolution of Identity and Access Management to Identity Relationship Management.
As more and more people, devices and “things” are assigned identities across networks, simple, flexible and scalable Identity Relationship Management services designed to quickly verify identities and access privileges are becoming imperative for any business to safely and efficiently engage with their customers. Today’s solutions must link devices – laptops, phones, touchpads, cars, etc. – with new mobile and social apps into a single security platform that works all the time, everywhere, whether on premises or off in the cloud.
This is the standard that customers, citizens and students have come expect. CIOs and their businesses – along with governments and universities – must identify vendors that can provide this standard because the methods of consumer engagement directly drive revenue. Customers might deposit checks from their phone, order a service through a cloud app or make a purchase from a laptop that recognizes their identity and in turn shares the right information with the vendor.
As consumers look for and expect more ways to engage with businesses, companies are making the shift from the closed, protective world of Identity and Access Management to the open, evolving and confidently secure Identity Relationship Management universe. This is because Identity and Access Management tools are a necessity for managing trust relationships with parties inside and outside of a company – relationships that are now tied directly to the bottom line.
This shift in business emphasis has a direct technical impact on how we think about Identity and Access Management. As a result, CIOs need to take into account the following four business-focused pillars when choosing an IRM solution:
CONSUMERS AND THINGS
over employees
Traditional Identity and Access Management platforms were designed for on-premises employee use and are unable to meet the need for a quick, secure and device-flexible experience that customers seek. Modern identity management must manage access privileges for all stakeholders across a variety of devices.
ADAPTABLE
over predictable
Unlike traditional Identity and Access Management designed for specific static events, Identity Relationship Management must understand contextual circumstances. For example, a user logging in from a different device or location should have access to the information they need.
TOP LINE REVENUE
over operating expense
Identity and Access Management has always been viewed as a necessity for employees and therefore a business cost. In today’s world, the security system is used to authenticate and authorize both consumers and employees. If an Identity Relationship Management solution is efficient, secure and accurate, it can directly contribute to a business’ top line revenue, as customers will have easy access to secure applications where they can buy services.
VELOCITY
over process
Today, CIOs make Identity Relationship Management decisions based on speed, ease of use and the ability to scale to handle customer volume – not on implementation and cost of deployment.
Changing business values and a new technical approach to Identity and Access Management
With this shift in business values, vendors also need to change their technical approach to Identity and Access Management. There are additional pillars that focus on technical values that coincide directly with business values, which are essential to modern organizations.
Modern Identity Relationship Management solutions need to manage several stakeholders in their access system – consumers, partners, employees, devices, etc. – and this change is likely to grow the user base exponentially. These Identity Relationship Management systems need to be able to provide access at Internet scale, verifying millions of identities instantaneously – the direct result of which will be an internet-connected, consumer-facing world.
Due to the wide variety of devices that now exist, Identity and Access Management systems need to provide access in an “anywhere, anytime” environment and must implement a borderless design to do so. Data users’ access is spread out across various locations – company premises, the cloud, hosted by SaaS providers – meaning borderless design will help to account for this increase in complexity. A good Identity Relationship Management solution is one that is designed from the ground up to handle multi-faceted Identity and Access Management issues, with an integrated and cohesive stack.
Identity Relationship Management solutions that are able to satisfy the business needs of an organization, and the new values of the CIO, will shape the future of Identity and Access Management. The shift to cloud, social, mobile and SaaS is revolutionizing the enterprise. Identity and Access Management needs to evolve to help businesses capture new opportunities without worrying about the associated complexities that are a result of this change.
Call to action
These pillars, found at KantaraInitiatve.org, form a simple framework to shift thinking from the way we see and manage digital identity today to the reality of what is possible. It’s a framework for a simple and agile movement that will impact your business opportunities for the better. If you agree with the pillars please visit KantaraInitiative.org to find out how you can become a signatory to show support. Find out how you can join this conversation and help shape the future.