Trusting sensitive customer identity data to legacy systems: a risk worth taking?

As the amount of data generated by always-connected consumers continues to increase, IT departments are scrambling to deploy technologies that are able to put said data to use. Understanding how to safely use this data with established business systems is a major challenge.

Historically, this task fell to legacy identity and access management (IAM) technologies, which could easily manage hundreds or thousands of corporate employee identities and devices.

Customer identities and devices, however, number in the millions, and managing that much data exposes several shortcomings in traditional IAM technology.

> See also: Big data in the cloud – where next?

Initially, IT professionals addressed these shortcomings by adapting IAM systems or building a custom solution themselves. Now, specialised customer identity and access management (cIAM) vendors are developing cloud-based platforms to manage the volumes of unstructured consumer data and generate actionable insights.

Cloud-based cIAM platforms offload the burden of safely managing structured and unstructured customer data. The technology excels at connecting multiple APIs in a multi-tenant environment, delivers extreme operational flexibility, and includes built-in software integrations for greater agility and flexibility.

Customer and internal data assets remain discrete, minimising the impact of breaches.

Security takes centre stage

Since leveraged customer data will typically be acted on at many endpoints, best-in-breed cIAM solutions have strong authentication, authorisation, and auditing policies in place, such as OAuth 2.0 and SAML.

In addition, personally identifiable information is encrypted when stored and transmitted. Strong roles and permissions policies enforce tight control over user access, and robust audit logging tracks errors and bugs in the system.

Finally, risk-based authentication minimises friction for users by evaluating risk on each login instance and triggering a two-factor authentication only when necessary. As the 'Internet of Things' grows in scale and complexity, this methodology will become increasingly important for practically all digital transactions.

Best-in-breed cIAM platforms also provide auto-compliance with data-privacy policies. A recent Gigya survey found that 91% of UK consumers are at least somewhat concerned about their data privacy.

Working with user-provisioned data means businesses must stay in compliance with frequently changing social network privacy policies, as well as with government regulations that apply to any service that interacts with that data. Maintaining this level of compliance on an ongoing basis is risky and time-consuming. Cloud cIAM solutions automate this process.

Many revenue-driving business systems rely on customer identity management functionality that is outside of the scope of legacy IAM technology.

Best-in-breed cloud-based cIAM platforms offer a streamlined deployment that shortens time-to-market, scales to fit business needs, and enables faster and easier integration with applications that help businesses monetise their customer data.

Finally, cIAM’s API-based security ensures more secure transactions, while building customer trust and protecting data privacy.

Sourced from Suresh Sridharan, Senior Director of Technology & Product Strategy, Gigya

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...