Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Consumer Identity Management systems step up where traditional ID systems fall down

Bjorn Aannestad, Director, Product Management, UnboundID | March 12, 2015
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Companies that sell products and services to consumers are collecting and storing massive volumes of customer data from not just POS, order management, customer service and e-commerce systems, but also mobile apps, social media feeds, online campaign forms and Web applications such as lead enrichment databases. As a result, new types of identity management systems have emerged to address the broader scale and risk of Web-based business processes and to give customers more control regarding how corporations use their data.

Enterprises today typically use Enterprise Identity Management Systems (EIDM). These applications were originally intended to manage employee profiles for risk management and to ensure that only certain employees could access certain data sets, depending upon their position and responsibilities.

EIDM uses an older, legacy technology that works amazingly well for this specific task. The core features include: enterprise single sign-on, web access management/web single sign-on, password management, directory management, user provisioning, federation and role-based access control. EIDM is all about automating repetitive tasks while providing visibility into who is accessing internal apps and why.

One downside of EIDM is that it runs into serious problems when a company attempts to use the technology to manage tens of thousands of profiles or more, which is the case for most good-sized consumer product companies. The technology, based on traditional or legacy directory or database stores, is not designed to handle low latency at large-scale, when a company might be managing millions of records and a large number of data attributes.

EIDM systems are primarily designed for tracking and managing employee access to applications, not the external activity of protecting and managing customer identities to support business growth.

A newer version of identity management tool is often called Consumer Identity Management (CIDM). These systems, which were originally home grown, were built with the idea that B2C companies need to worry more about access to customer data, over access to applications.

Here's a common scenario that CIDM prevents: Each time a customer creates a profile through a different channel or application, a new record is created, expanding the customer "footprint" so to speak. Without containing all customer data in one place and the ability to apply proper controls and user preferences around specific data sets (a.k.a., individuals or segments of them), risk grows. There's more opportunity for malicious insiders or external hackers to exploit customer data, with sensitive information such as phone numbers, email addresses and credit card information spread in multiple locations.

The reality of customer data living in silos also makes it harder for companies to have fruitful relationships with customers by not having a "single version of the truth."


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.