110
Stop Treating Your Customers Like Your Employees Ian Glazer Senior Director, Identity [email protected] @iglazer

Stop treating your customers like your employees

  • Upload
    iglazer

  • View
    1.091

  • Download
    1

Embed Size (px)

Citation preview

1. Stop Treating Your Customers Like Your Employees Ian Glazer Senior Director, Identity [email protected] @iglazer 2. Please continue to hold. Your call is very important to us and it will be answered in the order it was received. 3. Work? 4. Home? 5. Your usage of this service constitutes consent to our Terms of Service. If you have any questions please consult our Acceptable Use Policy. 6. Work? 7. Home? 8. Disappointing, but not surprising 9. A Little History 10. Identity for Employees 11. Many years of common practices and patterns 12. Right Access 13. Right Access Right People 14. Right Access Right People Right Place 15. Right Access Right People Right Place Right Time 16. Identity for Customers 17. Great Innovation 18. Lacking Common Practices & Patterns 19. Right Experience XP 20. Right PeopleRight Experience XP 21. Right People Right PlaceRight Experience XP 22. Right TimeRight People Right PlaceRight Experience XP 23. Deliver the right experience 24. New Stakeholders 25. Sales Marketing Alumni Affairs Community Dev. 26. But without common practices and patterns 27. Please continue to hold 28. Disappointing, but not surprising 29. The Opportunity Before Us 30. External Identity Customer Identity Consumer Identity 31. Growth opportunity for the business 32. Growth opportunity for identity professionals 33. The opportunity to delight 34. Complete Picture for a Richer Relationship 35. Complete Picture for a Richer Relationship Delighted Customers 36. Customer Identity is IAMs Killer App 37. You cant get to the boardroom by selling user provisioning 38. Customer Identity is our chance to be business enablers 39. We are not here 40. What is customer identity management? 41. Identity World View Identity is at the core of every interaction Connected Customers Connected Employees Connected Partners Connected Products User Name Password Login 42. Business World View Customer is at the core of every interaction Delighted Customers Connected Employees Connected Partners Connected Products User Name Password Login 43. Customer identity makes interactions possible 44. X-Channel X-Business Function X-Organization 45. Cross-Channel YOUR CONTENT HERE Just change the background layer (right-click > arrange) Dont have an account? Forgot your password? Mobile Web API 46. Cross-Channel Brick & Mortar Sales Social Listening Call Center 47. Cross Business Function Delighted Customers Sales Service MarketingProduct 48. Cross Organization 49. X-Channel X-Business Function X-Organization 50. How is customer identity different from employee identity? 51. Different Ends of the Spectrum 52. IAM Techniques 53. IAM Techniques Employee- Centric IAM Traditional Organization is owner & authority Lots of User Provisioning Web Access Management plus some federation 54. IAM Techniques Employee- Centric IAM Traditional Organization is owner & authority Lots of User Provisioning Web Access Management plus some federation Customer- Centric IAM Modern Individual is owner; no single authority Profile Management Federation and social sign-on 55. Employee-Centric Technologies Customer-centric System of Record Attribute Management and Propagation Islands of Identity Single Sign-On Mobile Device Management Consent 56. Employee-Centric Technologies Customer-centric HR(s) System of Record User Provisioning Directory Synchronization Pushing Attributes Attribute Management and Propagation Most legacy systems Reducing to Active Directory Islands of Identity Proprietary WAM for legacy Federation for newer apps & SaaS Single Sign-On Common Mobile Device Management Implied in employer/employee relationship Consent 57. Employee-Centric Technologies Customer-centric HR(s) System of Record Internal: CRM and LOB databases External: Social Providers, Banks, Universities, Governments, etc User Provisioning Directory Synchronization Pushing Attributes Attribute Management and propagation Profile Management Lookup at time of use and JIT Pulling attributes Most legacy systems Reducing to Active Directory Islands of Identity Legacy systems but federation- ready apps increasing Proprietary WAM for legacy Federation for newer apps & SaaS Single Sign-On Standards-based federation Some proprietary social providers Common Mobile Device Management Uncommon, if not forbidden Implied in employer/employee relationship Consent Must be gathered and adhered to consistently 58. Different Lifecycles 59. Join Move Leave Traditional IAM Lifecycle 60. Relationship Value Progression 61. Anonymous Pseudonymous Known Higher ValueLower Value 62. Anonymous Join Pseudonymous Move Known Move 63. Access Path Progression 64. Web Mobile Thing Developer 65. Web Join Mobile Join/Move Thing Move Developer Move 66. Join. Move. Leave? 67. Long Relationships = Privacy Implications 68. HR used to provide the privacy coverage Identity need Internal-facing identity system are rarely subject to Privacy Impact Assessment Customer identity requires: Data retention and protection Persistence and respect of privacy preferences Attribute release consent management Previously ignored privacy challenges 69. Different Techiques Different Lifecycles 70. Customer identity is larger than employee identity 71. Customer Identity Components IAM Components 72. Customer Identity Components Federation User Profile Mgt Assurance Proofing 73. Customer Identity Components IAM Components IAM-like Components Non-IAM Components 74. Broker social login to content portals and other 3rd party properties Ability add and protect attributes passed to other platforms Ability to pass entitlements OpenID Connect unlocks many doors But theres plenty of proprietary too Security Token Services SAML OAuth 2.0 OpenID Connect Proprietary Federation Social Provider Connectivity Protocol Brokering Federation 75. Automated via a social provider or directory service Manual Self-service sign-up Consistent branding control throughout Self-service control over: Social providers can be used Apps can access data Attributes can be used Marketing preferences Manual - Mechanisms to ask the user for a little more data Automated data verification and record enhancement Registration Services Profile Management Profile Enhancement User Profile Management 76. Techniques to raise identity assurance 2nd Factors: Can work but user experience suffers Adaptive access control must play a roll here Ideally this is recognitions territory Plugins for different proofing providers Often based on geography Two modes: Asynchronous for offline proofing Synchronous for user quizzes But mind the user experience Integration with internal proofing sources Assurance and Proofing Identity Assurance Identity Proofing 77. Service providers have to be better neighbors Follow Finance model of FS-ISAC Teams to help people get their accounts back Part of expected customer service Attribute release consent from the social provider isnt sufficient Service Provider should provide generic consent management layer Shared Signals Account Take-Over Response Consent Management IAM-like components Not core traditional IAM services 78. Meaningful integration designed to create 360 view of the customer Sales Service Marketing eCommerce Content Management Conversion rates Segmentation Usage via Channel Behavior analysis to fuel marketing, service, sales, and recognition Encryption and Tokenization Who access what data and what were the values at that time? Think DAM for customer data Integration Analytics Information Protection Non-IAM Components Peer services 79. More than just IAM components 80. How is customer identity different from enterprise identity? 81. Technologies needed are different 82. Customer Identity Components IAM Components IAM-like Components Non-IAM Components 83. Lifecycles are different 84. Anonymous Pseudonymous Known Web Mobile Thing Developer Join Move / Change Leave 85. Techniques are different 86. IAM Techniques Employee- Centric IAM Traditional Organization is owner & authority Lots of User Provisioning Web Access Management plus some federation Customer- Centric IAM Modern Individual is owner; no single authority Profile Management Federation and social sign-on 87. Privacy expectations are different 88. Goals are different 89. Right Access Right People Right Place Right Time Employee-centric IAM Goals 90. Right Experience Right People Right Place Right Time XP Customer-centric IAM Goals 91. Stakeholders are different 92. We are not here 93. Sales Marketing Alumni Affairs Community Dev. 94. The opportunities are greater 95. The opportunity to delight 96. Stop using Employee-Centric IAM for your customers 97. Stop treating your customers like employees 98. Start delighting them 99. Your time is important to me. Continue to enjoy the conference & thanks for your attention. 100. Thank you