SIC Magazine / November 2017
Customer Identity Management
One of the challenges in the digital world today is the ability to be able to translate the operational logic of business applications beyond the centralised applications in the organisation and focused on the use of employees.
If in recent years there has been a substantial change, it has not been in the evolution of technology per se, but in the way in which users, customers or consumers of the services or products of corporations are using digital media.
With the multiplicity of new services and information sources, it is necessary to transcend the traditional user repository of each business platform or technology towards a more flexible, omnipresent and scalable model for customers, in conjunction with a more adapted open management system to any casuistry of the companies business.
Traditional identity management, aimed at managing employees and direct collaborators, and where the end customer was an additional data of the applications, is transcended and will not serve to carry out the management of the identities of clients. They have come to participate actively in the services of the corporations, and therefore an adequate approximation to these new needs is required.
It is important to reflect that the current employee identity management, as a consolidated part of the organisation, performs its functions satisfactorily and should not be sacrificed to find a solution that serves both the internal organisation and customers. On the contrary, we think that the already implanted identity systems must be strengthened and prepared for a link with customer-oriented identity managers.
The characteristics of customer identities
Reflecting on the nature of customer identity, we can study the data that is currently available to them within the organisation:
· There are different data sources, of different types.
· There are various processes of capturing these data, and these are watertight, so there is no sharing between them.
· Data does not have a global common/standard data type, each data type is different, and each application can have its own structure.
· Each dataset is implemented on a different system; there is no common repository.
From this analysis the first objectives are presented to be able to have organised a system of management of customer identities:
· Associate and unify all data, obtaining the multiple identities of each user, with all its attributes.
· Provide access to this data to all systems and applications that require them to use both traditional and new platforms that should appear.
· To be able to grow in the future with new types of data associated with each user, in the same universal repository.
· Provide security and privacy for this data.
And what challenges do you face when you want to implement elements to achieve the stated objectives?
· Because data types both current and future are heterogeneous, an open model of data must be established to store and organise data, and this model cannot be structured.
· The applications that must work with these identities are not homogeneous, distributed and of different natures (Omnichannel), with which the system needs to be accessible from all these elements.
· Since the identity of the customer is determined differently depending on the application or system used, it is necessary to manage the multi-identity, based on different attributes and identification methods.
· Safeguarding the privacy and secure access to this data and establishing mechanisms so that the end customer can be the conductor of the approval of the use of this data.
· When these objectives and challenges are raised, we are dealing with identity management for clients, or CIAM (Consumer Identity and Access Management).
From the point of view of technological architecture, the implementation of a CIAM system can be provided through the use of distributed, encrypted and unstructured databases, using engines based on API gateways published to systems and applications, directly implemented in the cloud or as hybrid systems, with market technology or with solutions developed ad hoc.
Within the scope of the CIAM, mechanisms must be provided for authentication and easy access to applications, either from the entity, third parties or to recognise access from trusted third parties to the applications themselves. This is achieved by implementing federation mechanisms based on SAML, OAuth, OpenID Connect and robust authentication systems using IDP systems.
At the same time, other new service requirements for the client appear in specific applications and legal uses, which involve recognised digital signature processes. This digital signature requires the end user or consumer to have a qualified digital certificate.
From vintegrisTECH we present our nebulaSUITE solutions, which participate in the CIAM philosophy to promote these models, providing systems of robust authentication and digital signature, based on the provision of digital certificates qualified for consumers and users, by qualifying Service Provider of Trust.
nebulaSUITE is a suite of technologies that provide a global solution to the needs of authentication, privacy and integrity in both the Internet of People (IoP) and the Internet of Things (IoT).
The main features of the nebulaSUITE environment are:
· Ensure the identity of the people and devices that interact with the system.
· Ensure that operations are performed within the permitted parameters, and only by the authorised user, in the authorised environment and for the purposes proposed.
· Ensure the availability of operations at the required time and from anywhere.
· Generate binding digital signatures.
nebulaSUITE provides a complete solution to the new digital security needs, including the issuance of digital certificates, controlling their use in the cloud, signing documents from anywhere and protecting the entire system with double factor authentication technology.
· Issue digital certificates with our CA and control their use from the integrated certificate management platform in the cloud.
· Use digital certificates at any time and from any location, from your workstation or mobile.
· Have a platform for signing documents through digital certificate and/or handwritten signature with biometric control for your employees or clients.
· Protect all operations of the solution using adaptive multifactor dynamic authentication technology (Adaptive MFA).
Companies are presented with a significant challenge for organising the identity management of consumers and CIAM clients. In this area, they will increasingly need to interact with third parties to carry out processes of robust authentication, access federation and digital signature, with legally qualified, trusted service providers. From vintegrisTECH, we aim to help organisations meet these new needs with our proposal.
José Mª Jiménez de la Concepción
eMBA, CISSP, CISA
Technical director / vintegrisTECH