Skip to main content

What Coco Chanel Knew About Identity Management

“Dress shabbily and they remember the dress; dress impeccably and they remember the woman.” 

Coco Chanel, the leading figure of the 1930's fashion scene, knew a thing or two about the little black dress and smelling nice. 

Inadvertently, she also knew a thing or two about identity and access management - probably without knowing it.

A poorly designed customer identity management solution, will be remembered.  Not just by your customers and prospects, but by the organisation delivering the service too.  A badly developed registration flow or an overly complex login process, will kill your service, product or application stone dead.

Modernize Your Signup and Sign-in Services

A simple to use and seamless user registration service is a beautiful thing.  It should not act as a barrier to the service, application or product that lies beneath.  The continual re-type of identity data, not only creates a poor user experience, but creates islands of stale data, rarely updated and constantly inaccurate.  The use of "one-click" social registration services helps a little here - by at least streamlining the initial registration process.  For enterprise systems however, that social network data, will often need to be augmented and verified using authoritative internal data.

The login process, again should cover a range of device types - mobiles, tablets and the rapidly becoming omnipresent nature of lower powered UI-lacking devices such as wearables and set top boxes need to be considered too.  Generic authentication and authorization services based upon open standards such as OAuth2 and OpenID Connect, provide a solid foundation for many platform specific integrations.

Once registered and logging in, a user generally demands  a transparent and simple to use privacy and consent engine.  Consumers have a right and are more aware than ever before, of their ability to start to control the who, when and what can access their personal identifiable information and Internet of Things related data.  Can your organisation be trusted to manage their data effectively?  Can any access given to 3rd parties be revoked or at least audited?
Major Inhibitors to Digital Success

Digital success is a subjective thing, but high levels of customer engagement, low levels of friction and insightful analytics and intelligence will go some way to seeing transformation programmes delivering value.  Identity and access management plays a large part here.  By not only removing the molasses-like inertia that often exists between identity data sources within both private and public sector organisations, highly integrated and layered profile management and single customer views can provide a solid foundation to delivering personalised content and identity specific services.

Joining the Dots: Creating a Platform

Modern customer identity management is more than just profile data management.  Removing identity silo's with modern data catalysts, connectors and relationship layers, provides a great foundation to start linking login data with marketing preferences, with CRM data, purchasing history, device data, location and more.

However, that data also needs to power seamless and secure login and authorization services. Modern purchasing and service delivery systems, need to cater for a multitude of different access management scenarios.  Bring Your Own Device projects, coupled with Bring Your Own Identity brings an interesting set of security challenges.  The use of device finger printing, geo-location tagging and behavioural profiling, can all start to provide incrementally more secure access management platforms.  Working out the who in the access management question is often the easiest part, but the what they're accessing from where and why is often more complex.

The flexibility and scale of these sorts of access interactions, brings an even more complex list of requirements.  How can your service manage several million new logins per week?  Can those logins be from a myriad of different devices, applications and languages?

How can legacy systems be integrated into the new platform without the need for massive code re-writes or changes to existing workflows and processes?

An agile, scaleable and flexible platform helps here.

Moving to Success

So customer identity management seems to be a complex set of use cases, requiring not only the rapid integration of numerous different data sources, but also the ability to login and authorise a range of different user groups, devices and things, to data in a range of different formats.  Simple right?

Probably not, and will require software and services that can cover a range of different use cases, scenarios for both on-premise and cloud based capabilities.  And of course, should be wearing Chanel #5 at all times.


Popular posts from this blog

2020: Machine Learning, Post Quantum Crypto & Zero Trust

Welcome to a digital identity project in 2020! You'll be expected to have a plan for post-quantum cryptography.  Your network will be littered with "zero trust" buzz words, that will make you suspect everyone, everything and every transaction.  Add to that, “machines” will be learning everything, from how you like your coffee, through to every network, authentication and authorisation decision. OK, are you ready?

Machine Learning I'm not going to do an entire blog on machine learning (ML) and artificial intelligence (AI).  Firstly I'm not qualified enough on the topic and secondly I want to focus on the security implications.  Needless to say, within 3 years, most organisations will have relatively experienced teams who are handling big data capture from an and identity, access management and network perspective.

That data will be being fed into ML platforms, either on-premise, or via cloud services.  Leveraging either structured or unstructured learning, data fr…

Customer Data: Convenience versus Security

Organisations in both the public and private sector are initiating programmes of work to convert previously physical or offline services, into more digital, on line and automated offerings.  This could include things like automated car tax purchase, through to insurance policy management and electricity meter reading submission and reporting.

Digitization versus Security

This move towards a more on line user experience, brings together several differing forces.  Firstly the driver for end user convenience and service improvement, against the requirements of data security and privacy.  Which should win?  There clearly needs to be a balance of security against service improvement.  Excessive and prohibitive security controls would result in a complex and often poor user experience, ultimately resulting in fewer users.  On the other hand, poorly defined security architectures, lead to data loss, with the impact for personal exposure and brand damage.

Top 5 Security Predictions for 2016

It's that time of year again, when the retrospective and predictive blogs come out of the closet, just before the Christmas festivities begin.  This time last year, the 2015 predictions were an interesting selection of both consumer and enterprise challenges, with a focus on:

Customer Identity ManagementThe start of IoT security awarenessReduced Passwords on MobileConsumer PrivacyCloud Single Sign On
In retrospect, a pretty accurate and ongoing list.  Consumer related identity (cIAM) is hot on most organisation's lips, and whilst the password hasn't died (and probably never will) there are more people using things like swipe login and finger print authentication than ever before.

But what will 2016 bring?

Mobile Payments to be Default for Consumers

2015 has seen the rise in things like Apple Pay and Samsung Pay hitting the consumer high street with venom.  Many retail outlets now provide the ability to "tap and pay" using a mobile device, with many banks also offer…