It is difficult for organizations to keep up with the rapid digitization of our society. Digital Identity is no exception. This will not come as a surprise if you take into consideration that Digital Identity consists of different subfields that seem quite similar at first glance. But what exactly is the connection between all Identity and Access Management (IAM) solutions, such as Workforce Identity (WI), Privileged Access Management (PAM) and Customer Identity & Access Management (CIAM)?
Workforce Identity
Within the field of WI, we distinguish between Identity Governance and Administration (IGA) and Access Management (AM).
IGA focuses on “Who is working for organization and what access do they have?” That may sound as a simple question but answering it can be very complex. Especially if an organization is dealing with many types of identities, such as (internal and external) staff, suppliers, partners, customers, but also (IoT) devices and applications. Because many applications also have their own collection of user accounts, obtaining an overall picture is complex and time-consuming. An IGA solution offers a remedy for this problem.
In an IGA solution, one digital identity of each employee is defined. All the accounts that an employee has are linked to this identity. In addition, the applications are connected to the IGA solution, so that the rights in the applications can be structured. This can be done, for example, in the form of roles with clear names and descriptions.
As a result, the IGA solution provides an overall picture of who works for the organization and what access they have. By having all IGA processes, such as joiner, mover, leaver workflows, access requests and reviews, also run through the IGA solution, possible risks can be noticed and resolved. This will give your organization (demonstrable) control over who has what access.
AM, also known as Access Control, is an extension of IGA and ensures that authenticated and authorized users, those who are entitled to access, can access applications in a secure manner. This is done based on access control measures enforced in real time using an AM solution. Take, for example, a solution that allows secure logins or makes it possible to temporarily block an account after a couple of failed login attempts.
How does Privileged Access Management relate to Workforce Identity?
Privileged Access can do more damage to organizations than normal access. This might involve the ability to make a financial transfer or adjust configurations, for instance. The privileged accounts used in this process are often shared, non-personal accounts, such as admin accounts that are supplied with a system in order to implement it. These accounts can inflict a lot of damage, especially if they fall into the wrong hands.
By (always) running the use of a privileged account through a PAM solution, you will know who has access to and who has used a (shared) account. This allows you to monitor carefully what that person is doing or has done. This mitigates both internal threats, such as malicious employees, and external threats, such as hackers.
In short, Workforce Identity determines and controls who has permission to use a privileged account. The PAM solution provides additional measures, which ensure that when someone uses the privileged account it is done securely and transparently.
How does Customer Identity and Access Management relate to WI and PAM?
CIAM is similar to Workforce Identity in the sense that it focuses on "who has what access?" but in this case for customers. There are similarities in the field of AM, but the IGA processes differ considerably; for example, there are no extensive review processes. Customer satisfaction is leading in CIAM. For that reason, we approach customers very differently from employees. We sign an employment contract with an employee and a complete registration is done by HR, possibly including a screening. This would be disproportionate for customer registration and also create a huge barrier.
CIAM is more geared towards self-service. Customers take the initiative to onboard themselves and expect this to be done in a simple, personal way. CIAM solutions will enable you to record customer information in an accessible way at times when the customer is motivated to give it. For example, the customer can give his address in exchange for a free sample. In this way, you can realize a specialized customer experience and also comply with privacy laws and regulations, such as the AVG (General Data Protection Regulation). This is because the consent given by the customer can be properly tracked.
Customers expect "the organization" to know them, not just a department. Whether the customer sends an email to sales or calls support, it should not make a difference. CIAM solutions make this possible by connecting the systems used by different departments and creating a consistent customer profile. This customer profile also provides opportunities for direct sales, cross-selling and up-selling.