Top 5 Trends in CIAM to Watch

Jing Gu | Friday, July 23, 2021

Customer expectations are ever-increasing and regulatory standards are growing in number and scope. In response, Customer Identity and Access Management (CIAM) as an industry is constantly evolving to stay ahead to enable identity and security teams, along with developers to deliver seamless customer identity experiences.

Some trends are mere fads while others have the staying power to transform digital identity experiences as we know them in customer-facing applications. The trends that are here to stay are worth paying attention to because recognizing and accounting for them will help you build future-proof CIAM solutions that meet your customer needs, both now and later. 

We delved into analyst and reputable third-party research published within the last three years to identify the top five trends in CIAM with the highest promise of longevity. Read on for an overview of the top five CIAM trends along with statistics from existing research. 

For an in-depth discussion of actionable strategies for meeting these trends, download the PDF report today

Trend 1: World-Class Identity Experiences

Identity is unique in that it touches 100% of acquired users. Not only does it bridge the gap between a visitor and a customer of your product, but it also serves as the gateway for product engagement.

But a good experience is not world-class, and what’s good now is not going to be good enough in a few years. Upleveling the authentication is important because companies, now more than ever, are competing on the basis of customer experience.

  • 86% of companies are competing based on customer experience (Gartner, 2020)
  • Customer experience identified as the top competitive differentiation across all industries (Adobe, 2019)

When assessing the characteristics that make up a world-class identity experience, we can look at current consumer sentiment and usability studies. 

  • 57% of consumers would prefer passwordless authentication. (Ponemon, 2020)
  • When it comes to MFA, a usability study from Brigham Young University found that only 29% of consumers agree that the second factor was worth the convenience tradeoff. What’s more, the same study found that 35% of respondents mentioned difficulties with their second factor not being immediately available to them when they’re trying to log in. (Brigham Young University, 2019)
  • 83% of consumers are willing to share some data to enable a personalized experience. However, personalization must be balanced with respect for privacy. A notable finding from the same study reported that 64% said a brand experience is invasive when the brand had information about a consumer they didn’t share knowingly or directly. (Accenture, 2019)

Read our full PDF report for recommendations on actionable strategies to create a modern, world-class identity experience.

Trend 2: Domain Shift from Backend to Product Experience Design

CIAM historically grew out of Identity and Access Management (IAM), and there’s a lingering connotation of IAM-related technology as being a backend enabling technology in the realm of engineering, security, and identity teams. 

However, as businesses undergo digital transformation, more people across the organization are paying greater attention to CIAM efforts including UX, marketing, product, and customer experience stakeholders. 

This is because authentication has a direct impact on customer acquisition rates, and great digital experiences are built from knowing who the customer is. Moreover, the pace of digital transformation is picking up as research from Twilio shows that the pandemic has accelerated digital transformation by 6 years on average across all industries

The domain shift and intensifying focus on CIAM is actually great news for identity and security professionals. This is because CIAM strengthens the recognition of your team’s impact on business metrics that translate directly to revenue. 

Trend 3: Self-Sovereign Identity in the Age of Privacy

There’s no question that we’re living in the Age of Privacy. Gartner reports that, by 2023, 63% of the world’s population will have our personal information covered under modern privacy law which is up from 10% in 2020. The increasing regulatory pressures are backed by elevated customer awareness. In 2019, Pew Research found that 79% of consumers are concerned with how companies use data collected about them. 

Even if customer demands and regulations weren’t as stringent as they are today, investing in privacy is the right thing to do out of respect for customers and their trust in doing business with your company. 

It’s against this context that we’re seeing an increasing interest in the idea of self-sovereign identities. 

At its core, self-sovereign identity is an approach to digital identity that empowers individual ownership of identity. In contrast with the most common approach today where an application lets a user create a digital credential used only to access its services, the self-sovereign model introduces the concept of a self-signed, cryptographically verifiable credential that can establish trust in the user’s identity and used to gain access across applications. 

Self-sovereign identity is a movement that inherently makes it difficult to be fully realized on an individual company basis. However, the core principles of identity ownership can be leveraged in your products to better prepare your organization and customers for digital identity ownership.

Trend 4: Continuous, Risk-Based Authentication

Continuous authentication is a method of confirming identity and risk on an ongoing basis. That is, instead of treating authentication as a singular event, it allows you to assess risk and make adaptive access decisions using real-time signals from users and devices. 

Authentication as a binary decision based on the ability to reproduce a password accurately is not secure enough to combat increasingly aggressive methods like brute force and bot attacks or the elevated sophistication of phishing attempts. Without risk-based authentication that accounts for the integrity of a user’s identity claim, behavioral patterns, and device security posture at the time of login, companies can be at higher risk for account takeover fraud and breaches. 

Real-time risk signals are a critical component of continuous authentication because risk status is not static. For example, your customers may be getting new devices, travel to new locations, or download risky software onto their devices that could potentially compromise their authentication security.

Zero trust principles are taking off in workforce IAM at the moment but, not to be left behind, companies are also showing an appetite for continuous authentication for customers. This is especially prominent across industry leaders in the financial services and eCommerce industries. 

The impetus is different for CIAM. Continuous authentication for the workforce revolves around securing access to company resources across all endpoints regardless of device management status. In CIAM, continuous authentication allows companies to take the burden of authentication off of users and instead have machines do the work of establishing trust. 

Continuous, risk-based authentication is an ongoing process of data collection around the user and device risk signals, orchestrating the appropriate authentication experience based on those risk signals and optimizing risk models over time to make better access decisions. As a sequence of activities, security and identity teams should look to establish an iterative loop that allows for ongoing monitoring and optimization over time. 

Trend 5: Ecosystem Simplification

Historically, CIAM systems have been developed on a per-application basis. This may have worked for the first application but creates an environment where each application becomes a silo. 

Siloed application environments, in turn, lead to interoperability issues stemming from disjointed directories, difficulty with data sharing, and inflexible integrations. Not to mention, scalability becomes an issue as new applications, acquisitions, and mergers have a multiplier effect on ecosystem complexity. 

Both developers and IT leaders are feeling the strain from outdated or overly complex CIAM systems. Developers spend 17 hours/week on code maintenance and refactoring amounting to $85B in annual opportunity cost while IT leaders express a desire to spend more on innovation but 55% of the budget is tied up with maintenance costs. 

You may choose to roll-your-own CIAM program or explore investments in CIAM platforms that are designed to meet customer needs across their identity lifecycle and accounts for edge cases as well as integration and scalability needs. 

Conclusion

The world never stops changing and neither does CIAM. Here we discussed 5 emerging trends that are taking hold in CIAM. 

Take the next step in your CIAM journey and put this knowledge to work with actionable strategies presented in our full report that you can download here

If you have questions, want to see our full body of research, or discuss your specific CIAM initiatives, book a meeting with our CIAM specialists today.