Lasse Andresen guest post for Forbes Technology Council
Go to original publication
It’s possibly the biggest identity crisis of the digital world—so ingrained and common that no one is talking about it. It’s the pain we’ve learned to live with: the fragmentation of identity data.
Identity data is crucial to securing systems, devices and people. It’s one of the most important drivers of customer experience, customer-centric design and product and service enhancement.
More often than not, though, it is fragmented across legacy systems, on-premises infrastructure, cloud or hybrid systems and applications. Some large organizations have over 50 disparate systems holding identity data.
And this problem is growing—not shrinking.
It’s growing in a workforce context, where identity and access management (IAM) and cybersecurity professionals battle sprawling identities. But possibly even more critically, it’s an increasing challenge for customer-facing products and services. The cost here is significant, with unusable, disconnected and unreachable identity data undermining customer experience and hampering growth.
The consumer is also increasingly demanding, wanting more personalized services, frictionless experiences and great customer care.
The Need For Quality Data
To deliver on these demands, businesses need high-quality, dynamic, real-time data. Marketing departments, threat response teams and recommendation modeling teams are hungry for data that can help them deliver on their goals; but unfortunately, identity data is rarely available and usable for these purposes
This data is buried in multiple systems, applications and databases. Not only is it unusable in this disconnected and siloed state, but it is also a headache to efficiently manage and maintain for compliance purposes.
There is a coveted CIAM goal of a unified view of the customer with rich data on use, behavior and context. Frustratingly, this is a rare occurrence, and even when achieved, the data is rarely operationalized. The main reason is simply that mainstream identity management approaches have not evolved at the same pace as the applications they enable.
While some advancements have been made, much of the thinking and technology is very similar to early IAM solutions from decades ago. We have made some progress with customer onboarding and authentication approaches, but when we go beyond that, all the customer data that drives access and authorization decisions remains separate from the rest of the business and even from connected, co-dependant and adjacent systems.
How This Headache Can Be Solved
A fresh perspective is the key to solving this issue, as well as borrowing some thinking from the connected data world. Data doesn’t have to sit in a single system to be useful, provided there’s a way to surface and connect it.
Connecting and operationalizing this identity data doesn't come at the cost of security goals but rather as an extension of them. This data serves the customer, enabling experience enhancement without exposure and orchestrated security across applications and services.
If we think of IAM in terms of data management and data value (rather than just security), this headache will begin to solve itself. IAM doesn’t need new systems; it needs new thinking and new approaches.
IAM needs to evolve toward total interoperability, where a unified and holistic view of the customer is the starting point, not the holy grail.