IAM and CIAM: What They Are and Why You May Need Both


In the world of data breaches, 2021 was a record-setting year. According to the Identity Theft Resource Center, the number of reported data breaches rose 68% compared to 2020.

The increasing volume of data collected and stored by organizations is appealing to an increasing number of attackers. Whether through ransomware payments or sales on the dark web, data is the coin of the hacker realm.

Data drives innovation, competitive advantage and operational efficiencies. Protecting this data requires a multipronged approach, including a zero-trust methodology of first verifying the user’s identity before granting any access.

All organizations should have some level of identity and access management (IAM) enabled—at a minimum, multifactor authentication should be leveraged. A strong IAM strategy protects your data, but what if your IAM strategy could also help you use customer data to increase engagement, satisfaction and sales?

CIAM 101: What is customer identity and access management?

More than just another security acronym, the power behind customer identity and access management (CIAM) lies beyond securing and easing your customer’s access to your applications, websites and portals—although it does that, too.

CIAM provides access to your customers’ behaviors through the data collected while they use those sites.

Some of the most advanced online retailers use a CIAM experience for their customers. Consider your Amazon shopping and access experience. A single sign-on to your Amazon account gives you access to Amazon’s sites for shopping, music, books and movies. That’s CIAM at work.

For the user, CIAM eases the friction of logging in and moving through multiple offerings from a single entity.

For the organization, it provides a trove of data about how their users interact with their sites, their products and their services.

Comparing CIAM and IAM

IAM is the foundational concept of identity security and is used to provide secure access to a company’s resources to employees, vendors and partners. It’s sometimes referred to as workforce IAM because it secures day-to-day tasks and operations.

IAM is a framework of solutions and policies that ensure the right users have the right access to the right resources at the right time, across a given environment.

Features of IAM:

  • Creation, deletion and modification of a user’s identity throughout their entire user life cycle.
  • Management and certification of system access roles and policies. Attributes such as the user’s division, department, and title can be utilized to make decisions about their access. 
  • Authentication and authorization of resource access, including advanced and conditional access policies, so that only those users who should access information are able to do so. An example of this would be human resources documents that are only available to designated staff.
  • Federated identity to link users’ electronic identity and attributes across identity domains.

CIAM is a subset of IAM. It applies IAM best practices to managing and securing external customer and consumer identities that are “unknown” to the organization. With the right user experience baked in, CIAM also provides a frictionless user experience that can be tailored to the user’s preferences and behaviors.

Features of CIAM:

  • Flexible and secure authentication options, including self-registration, bring your own identity (BYOI), keys and tokens
  • Single sign-on (SSO) for easy navigation to other websites or subsites without re-entering credentials
  • Customer “ownership” of their identity throughout the life cycle
  • Enhanced privacy requirements that support changing privacy regulations
  • Tailored experience based on individual customer habits and behaviors
  • Scalability to easily align with a growing customer base into hundreds of millions of users

When to choose CIAM over traditional IAM

Because CIAM includes many aspects of IAM, it may be confusing to know when or if you should implement each one. The chart below helps illustrate how each plays a role in securing access to your organization’s data and resources.

Any organization with an online presence designed for a level of e-commerce, even if that commerce is not a direct purchase, should use CIAM to secure, understand and improve their external users’ experience.

The user data collected with CIAM helps organizations create a more satisfying user experience and increase purchases and engagement. When you research that new tennis racquet online and then see ads for it everywhere else you interact online, that’s CIAM at work.


The benefits of IAM and CIAM

IAM and CIAM both include SSO and multi-factor authentication (MFA) capabilities. Depending on the solution selected, additional options may include self-service password management and adaptive MFA.

These available options can have a significant impact on user and IT team satisfaction and the organization’s bottom line.

When users are allowed to reset their own passwords using MFA, satisfaction increases while the cost-of-service desk tickets decreases.

Gartner found that between 20-50% of all service desk calls were linked to password resets. Forester Research reports the average dollar amount of the help desk labor involved with each password reset is $70 or more.

Adaptive MFA uses AI to determine if the user logging in is the same user that was previously verified. This decreases the need for MFA to be used on every login.

This process uses behavior analytics to determine the level of risk involved with a login request. For example, if you work from home and generally log in every morning at approximately the same time from the same IP address, the system can qualify that it is you. With this process, you may be prompted to verify your identity via MFA within the first few days of utilizing this system, but after, you may only be asked to input your username and password.

If you take your work to the local coffee shop one morning, your login will be red flagged by the system because you are using an unsecured network (assuming you are using their guest wi-fi access) that you don’t normally use. This login will request your MFA credentials as well.

Improve user experience and protect critical data

In today’s threat landscape, an IAM program is an essential part of any security strategy. With a strong IAM foundation already in place, it may be time to advance your strategy with CIAM to increase engagement, satisfaction and sales.

For organizations designed to execute a level of e-commerce whose external users are making some kind of transaction or registering personal identifiable information, CIAM is the only way to provide them with the two basic things they expect:  a great user experience, and protection from fraud, breaches, and privacy violations.



More Info Provided By

Customer identity access management (CIAM) is Okta’s largest source of new opportunities. CIAM is a type of identity and access management (IAM) that integrates authentication and authorization into whatever your clients need to access (e.g., applications, social media, online banking, online streaming services, application development, etc.). CIAM can support millions of users, as opposed to thousands of users in a traditional IAM, for a seamless customer experience. Your clients are already talking about CIAM, and Okta can help

Share on facebook
Share on twitter
Share on linkedin

You Might Also Like

Subscribe to Edge Digest

Get monthly insights from IT experts delivered to your inbox

Contact Us