CIAM vs. IAM in a modern Cloud World
Is IAM going to be replaced by CIAM? Identity and Access Management is the foundation of our work and interacting with partner and customer. While IAM was made for internal use, CIAM is the Customer IAM and focused to connect external systems.
While there are going discussions around of a cookie-less online world, the identity is becoming more and more important. For sure, mostly cookie-less means no 3rd party cookie. However, there are discussions to eliminate also 1st party cookies. In such a cookie-less world the login will find his way to work without a 1st party cookie.
The discussion CIAM vs IAM is a bit different, but the cookie discussion shows the important of CIAM systems in future. Right today we see websites where you need to login to get any value. This login is for sure for free, but it is a must.
Let’s have a look inon the different scenarios of a CIAM system.
CIAM in a B2C context
We all have many different logins within the web. This are handled by a CIAM system. When we register to a new e-mail address on outlook.com for example, this is done with a self-service approach and we get automatic access through such a system. Here outlook.com acts on a 1:1 base with us an individual.
Often we are connected to several systems of an company with one login. This single sign on is important for an user. The social-login approach is helpful that we as a user do not need to register again and again of different sites. With a social login the online-life is much more easy.
Simple and easy for the single user on the one site there is security on the other end. A CIAM solution offers a seamless approach around Identity and Access Management.
The key elements of a CIAM solution are:
- Single SIgn On (SSO)
- Risk Based Authentication
- Registration as a Service (RaaS)
CIAM in an B2B Context
As mentioned, a typical CIAM system is about to connect one user with the systems of a company. When we think of partners of a company or clients who are having many employees we come to the point we need to extend the classical CIAM approach to the requirements in a B2B context. This means that we need policy based access controls. If someone registers to a system, we identify him by his corporate e-mail and assign him with this to a pre-defined role. Just one point of an CIAM system in a B2B context.
This are the main areas of the B2B CIAM Context:
- Onboarding of partners to all digital properties through a governance process that will enable the business to be in compliance across all connected applications
- End-to-end partner lifecycle management (as opposed to complex, on-prem and cloud point-to-point integrations), allowing IT teams to focus on improvement and opportunity rather than maintenance.
- Centralized Policy Based Access Control (PBAC) solution with a governance process to secure applications and resources and help prevent data leaks and unauthorized access across the entire digital ecosystem.
- Provide self-service delegation of the partner organization and partner user management with identity, profile and preference management.
CIAM, the new IAM?
Let’s switch back to the cookie-less future and the importance of a CIAM system to manage identities. With this CIAM systems are set… so why using two different systems to manage identities and access?
While we are living in a modern, connected world internal user use also external / cloud systems. On the same time, we want one single source of truth for our employees, our partner and our customers. Makes sense? While the number of systems are growing Single-Sign-On (SSO) makes the live more easy.
The limitations of an IAM system and the flexibility of an CIAM solution, the direction looks like to replace IAM with CIAM and use an CIAM system for our own employees. The Idea behind is to manage the own employees like a partner with the “centralized policy based access control”.
The question is about what are you doing with your IAM system today? If you have a complex rights and roles system for your employees there are maybe reasons to do it ith an traditional IAM system. In this case, a CIAM system can be connected with an IAM system. So there are many situations where you can use just an CIAM system but very less (in real more in direction of 0) situations where an IAM solution is enough.