IAM vs. CIAM: Why is classic IAM no longer enough

The IT world grows ever faster, and digitisation is well under way. One of the most relevant signs thereof, is the fact that traditional business models move ever more often away from the sale of physical products towards the trade of value-added services. And what’s the most important part in granting users access to these services? That’s right: you must identify them! This is where security comes in. Why has the proven, traditional and inward-looking Identity and Access Management (IAM) had its day, and why should you now replace it with Customer or Consumer IAM (CIAM)? Read on our cyber security blog post and we shall show you.

Enterprises need to know their clients and be able to reach them, if they want to serve them at their best. Many believe that this is a central function; but security aspects are no less relevant. This is where Customer Identity and Access Management (CIAM) starts from, based upon functioning technologies, among which Web Application Firewalls (WAFs) and strong authentication approaches, but without forgetting secure application development, to prevent the apps from turning into easy points of access for business applications in the back-end.

The Dark Side of Digital Transformation

“Digital Transformation” is no longer a buzzword; it has long since turned into a stimulus for the change of business models, and the development of new ones. Even more so, in the direction of digital services, including e.g. information services in your car, fully automated monitoring and maintenance services in the industry, or even just comfortable streaming services such as Spotify. What is the difference with before? Let us explain it with a plain example: in earlier times, you would buy a CD in a shop, of course anonymously. Today, music streaming is offered mostly as a subscription, usually paid by providing credit card data. If you want unlimited access to services, you must be prepared to trade in your personal data.

IAM was yesterday, today it’s CIAM

We are convinced that traditional IAM today is no longer enough. The needs keep growing, and not just because of the digital transformation; it’s the number of identities that keeps growing, because consumers expect to be able to access apps and Web sites in different functions and from different devices: this means, always and everywhere. Which points to one thing: we need to procure an overall view on our clients. Identification and management of identities and access rights is fundamental, but an important role is also played by the integrity of customer data, behaviour analysis, and the allocation of objects and devices. Therefore, we speak today of CIAM – and yet more tomorrow. The ideal Customer IAM improves the customer experience, reduces security risks, shrinks costs and increases the availability of applications and of the help desk.

The four cornerstones of Customer Identity and Access Management

If new business models are expected to be successful, it is of top importance that consumers can be reached, identified and served, always keeping an eye on data security – that is, security of the app and of the web-based services to which the consumer has access. And since Customer IAM is extremely versatile, the domains of IT and marketing will be kept apart. In practice, this means that if you wish to perform the digital transformation with success, you need to know and master the following four cornerstones:

  1. Identity and Access Management
  2. Cyber Security: WAF, starke Authentifizierung, App Security etc.
  3. Marketing Automation
  4. Know Your Customer (KYC)


Identity Management encloses topics such as the registration, collection and use of data about the clients, and therefore also the interface to marketing services, marketing automation above all. Another important aspect is control of the access, namely to systems and data. Part of the picture are also the interfaces to CRM systems, in which existing customers are managed, and their data analysed (Big Data). To finish, add the creation of interfaces to KYC solutions, for instance in the bank industry, which include the initial identification of clients.

When you have laid these (technical) foundations, then you can automate your marketing and therefore provide optimal services to your customers. But you need to be aware of this: even the best marketing cannot take you anywhere, if sensitive client data go lost, or even if they fall in the wrong hands. Therefore, it is evident that without security the digital transformation is doomed to fail. Do not let this happen!

Master your greatest challenges with full success

Our target is providing you with added value, answer your questions, and do away with your fears. We have put together the most frequently asked questions, the ones that always show up in this context – and which should be familiar to you too:

  • How can the client authenticate himself as easy, clear and secure as possible?
  • What applications can be accessed by the client and in what form?
  • Who can be granted access to the data?
  • How can the access path be made fully secure, from the app all the way right to the back-end?
  • How can the integrity of data be achieved?
  • Which legal requirements need to be taken into consideration?

And what about you?

Are you familiar with these questions? Are you too still looking for the answers? We can help you and bring light into the dark. Contact us – we would be pleased to help you!


Contact us!


<< >>

Cyber Security , Data Governance

Michelle Gehri
About the author / Michelle Gehri

InfoGuard AG - Michelle Gehri, Senior Marketing & Communication Manager

More articles from Michelle Gehri

Related articles
Cyber Security Blog

Exciting articles, the latest news and tips & tricks from our experts on all aspects of Cyber Security & Defence.

Blog update subscription
Social Media