website header 2_edited_edited.png

The Customer IAM (CIAM) Actionable Advisory Assessment

Solid security doesn't have to drag down your customer experience.
unsplash-ciN8mnrlvFY_edited.jpg

Customer IAM (CIAM), also known as Consumer IAM, poses a very different set of challenges than Enterprise IAM with higher regulatory standards pertaining to customer data and consent (such as CCPA and GDPR). An Identity And Access Solutions CIAM Actionable Advisory Assessment (AAA) delivers quick-win roadmaps, built upon solid architecture, to provide your organization with both a secure CIAM and a seamless customer experience. 

Our CIAM Actionable Advisory Assessment will allow your organization to discover and define what needs to be in-place, assist in building a reference architecture, and provide a roadmap for you that can be practicably executed. It is a blueprint that focuses on a practical, structured, and coherent approach to the management of users’ identities and their access to systems and data. Our roadmap will ensure the right consumers get access to the right resources at the right times for the right reasons.

 

In order to provide this level of assurance we cover the following "core" components as part of the CIAM Assessment:

CUSTOMER IDENTITY STRATEGY

  • Registration-as-a-Service including:

    • Social Identity Integration

    • Just-in-Time (JiT) Provisioning

  • Identity Profile Verification including:

    • Profile Validation

    • Profile Authentication

  • Secure Single Sign-On (SSO) including:

    • Risk Based/Step Up Authentication modeling 

    • Multi-Factor Authentication (MFA)

  • Identity Lifecycle Capabilities including:

    • Identity Data Aggregation

    • Profile Personalization

CUSTOMER PROFILE & CONSENT STRATEGY

  • Self-Service Capabilities including:

    • Self-Service Profile Management

    • Self-Service Preference Management

    • Self-Service Consent Management

  • Centralized Terms & Conditions Visibility

  • Terms & Conditions Opt-In/Opt-Out Allowance

  • Audit & Compliance Requirements for:

    • Adherence

    • Alignment

    • Provability

  • Identity & Profile Governance including:

    • Identity Correlation

    • Deduplication & Clean-up

THREAT DETECTION & PREVENTION STRATEGY

  • Customer Data Security including:

    • Security of Customer Data Store(s)

    • Consumer Data Analytics

  • API Management & API Security

  • Customer Entitlement Management

  • Customer Access Controls including:

    • Strong Authentication Methods

    • Coarse-Grained Authorization Methods


A Deep Dive Into Our CIAM Assessment Process:

An Identity And Access Solutions CIAM Assessment will...

ASSESS & VALIDATE THE CURRENT POSTURE OF YOUR CUSTOMER IAM

Identity And Access Solutions assesses and validates the current state of your organization’s CIAM environment(s) by identifying, summarizing, and prioritizing the unique needs and challenges you face. This is achieved by interviewing key stakeholders, business and application owners, and information security personnel to ascertain your current customer requirements and the consumer facing resources (both human and technology) you have available to address these known requirements. We will then identify any additional requirements and validate your organization’s current state CIAM architecture from a holistic point of view, taking into account the customer, consumers, staff, processes, and technologies that shape your environment. This will allow us to determine whether your organization’s requirements can be attained through improvements in processes, better utilization of existing technology, or if the acquisition of new products will be necessary to achieve your ideal future state.

ANALYZE YOUR REQUIREMENTS & RESOURCES

Identity And Access Solutions will evaluate and classify the identified Customer IAM challenges, requirements, and resources gathered during the assessment of your current state CIAM environment to develop an initial action plan for your organization that is efficient, secure, and cost-effective.

DEVELOP YOUR FUTURE STATE AS AN ARCHITECTURAL BLUEPRINT & BUILD THE ROADMAP TO EXECUTE IT

Identity And Access Solutions will develop a detailed blueprint and roadmap that will enable your organization to achieve its ideal future state. This long-term, comprehensive roadmap takes a phased approach, focusing on incremental achievements to address your organization’s CIAM and information security services needs and vision. The corresponding architecture is comprised of the implementation of core CIAM processes, procedures, and/or technologies. These components will allow your organization to build an exceptional Customer IAM services framework that ensures the effective and secure performance of your CIAM services in the future.

Three Phases With One Goal In Mind

The CIAM Actionable Advisory Assessment is a zero-trust driven, three-phased approach to building a tangible, viable plan that answers all of your questions, like: What Can I Do? What Should I Do? How Am I Going to Get There? What Will This Cost? and How Will I Maintain It?

Phase 1 - Customer IAM Discovery & Findings

Identify:

What does the organization need?

What is your organization’s most pressing Customer challenges?

What current state Customer issues have the most risk associated with them?

Are there regulatory requirements the organization hasn't fulfilled?

What works well currently?

What are the processes that your Customers seamlessly follow?

What technology implementations are making your Customer's experience more enjoyable?

Summarize

  • Breakdown of the current Customer IAM state specific to the organization

  • Document In-flight CIAM adjacent projects that might impact time-to-market (TTM)

  • List all current CIAM challenges & issues

  • Define the risks and potential costs if individual CIAM issues are not mitigated

What does the organization want?

What would make your current processes easier or more approachable for your Customers & Consumers?

What additional ventures do your IAM and information security personnel wish to address?

How can the organization streamline the audit and compliance mechanisms in place today?

What isn’t working well?

What processes or procedures tend to get bypassed in order to make Customer interactions easier?

What processes or technology are deemed to be a hassle by your Customers?

Prioritize

  • Prioritize the Customer IAM and Consumer IAM:

    • Issues

    • Risks

    • Requirements

  • Define which must be addressed now vs. at a later point in time

  • Ascertain what the cost of doing nothing is

Phase 2 - Customer IAM Future State Build-Out

Plan

  • Customer IAM requirements to mitigate the issues, risks, and regulation gaps

  • Future State CIAM Architectural requirements

  • Organizational Constraints & Dependencies around Customer processes and technology

Build

  • Future State Customer IAM Reference Architecture(s) (by temporarily removing budgetary, resource & timeline constraints)

  • Conduct a Gap Analysis (i.e. how to get from Point A to Point B in your CIAM journey)

Phase 3 - Customer IAM Roadmap Build-Out & Operations Model

Build

  • An Actionable Program-Driven Roadmap (using budgetary, resource & timeline constraints)

  • Actionable Implementation Project Plans consisting of:

    • Constraints & Dependencies

    • Preparatory Steps

    • Work Breakdown Structures (WBS)

    • Deliverables & Outputs Required

    • Resourcing Requirements 

    • Costing & Budget Requirements

Run

  • Customer Identity & Access Management  Vendor Recommendations to fulfill your organization's CIAM Roadmap requirements (when current technology won't cut it)

  • Post-Production Operational Staffing Models to assure your team can care and feed for your CIAM implementations

  • Optional Managed Service offerings to allow for you Project Teams to stay focused on Projects and your Operations Team to stay focused on their core management initiatives