I had the pleasure and privilege of attending the Gartner IAM Summit in London this month, and if you missed it, I’m here to fill you in on the exciting trends in identity and access management. It was just my second in-person conference since the pandemic began and the first for which everything felt quite normal. London has lifted mask requirements, and only a few people were masking (even on a very crowded tube ride).
As a Platinum sponsor at the IAM Summit, we were able to meet many attendees and Gartner analysts that cover our space. I attended many sessions and, along with Maurice Luizink, our head of solutions engineering in EMEA, presented a session on passwordless customer authentication. (Maurice is the intense-looking gentleman in the photo above!) This was also just my second time on a physical stage since the pandemic began.
Customer Identity and Access Management, or CIAM, was featured prominently at the show. Gartner shared that access management is the second-fastest-growing cybersecurity market and CIAM is outpacing the growth within that market.
Why is that? The reasons are many, but one in particular is a major factor: authentication, identity verification, authorization and other facets of access management have a major impact on customer experience (CX). In his session on CIAM strategy, Gartner Sr. Director Analyst Nat Krishnan shared that the ability to “identify, know and engage customers, across multiple channels and digital properties is essential to the digital customer experience.” This is challenging for many CIAM approaches, especially those that provide passwordless authentication. And it’s why seamless omnichannel and multi-device support has been core to BindID since it was introduced to the market.
Krishnan also described CIAM as “the glue that binds different customer identity processes together.” This is because customer identities begin as unknown identities: a “user” on your website could be a legitimate and real user, a fraudster or a bot. To reduce the risk of fraud, identity journeys touch a lot of systems to reduce that risk. These may include identity proofing and affirmation tools, online fraud detection and many more. Orchestration has been one of the primary use cases for Transmit Security from the time our company was founded and is in most demand in regulated companies like banks and insurers. In the private sector, banks tend to lead the way on cybersecurity, so we are beginning to see those practices adopted by other verticals, like retail and healthcare.
The bottom line is that customer identity journeys are complex and demand a concerted focus from a security, fraud and CX perspective. And this is making CIAM indispensable.
My second takeaway was that passwordless authentication was a frequent (or top of mind) topic. Gartner VP Analyst Ant Allen presented his research on taking three steps to passwordless authentication. His presentation primarily addressed workforce use cases and described several forms of passwordless, from the use of one-time passcodes to the reliance on PIN protected smart cards. Clearly, many of these are suitable for workforce scenarios but not CIAM use cases. It was evident, however, the trend toward passwordless is accelerating across both workforce and customer use cases.
In another presentation, Allen discussed the importance of removing passwords from “centralized repositories” and “completely from the infrastructure.” This is a theme we touch on quite frequently because many purported passwordless approaches and products on the market fail to eliminate passwords completely. Instead, many still rely on passwords in the background for processes such as account recovery.
Allen’s advice resonates with the people we talked to at the conference, although many express some doubt in their ability to achieve the goal of password elimination. Of course, we were happy to have those conversations and show how it’s not only possible but, with the right approach, it’s very practical.
FIDO authentication was also discussed in at least three analyst presentations. I talked to several attendees who understood FIDO and WebAuthn to some degree. But many who visited with our solution engineers in our booth did not understand how FIDO could be applied to customer scenarios like we do with BindID. Some shared concerns that not all of their customers have FIDO compliant devices; of course, this will always be the case – some people carry older mobile devices. So we demonstrated how we’re able to provide other passwordless options to authenticate all users, regardless of the device. This was very well received across the board.
My third takeaway was that Transmit Security was the only vendor in attendance that is focused on CIAM. Among other vendors with CIAM products, all were born to address workforce IAM use cases. In fact, many of them had to acquire one or more companies to provide CIAM capabilities. This is a big contrast to Transmit Security, which has always been focused on customer IAM. This continues to set us apart. Gartner shared that their clients are increasingly expressing a need to keep the customer “user constituency” separate from the workforce one, regardless of the software solutions used. We understand this distinction very well.
Other CIAM-related topics were also covered. These include identity proofing and affirmation (or ID verification), fraud detection, bot prevention and more. Gartner stressed the importance of these capabilities, and we feel they will become more common outside of banking and financial services (where they feature prominently today) as the threats they address are skyrocketing.
Ultimately, the conference provided validation that CIAM is: a) increasingly important for cybersecurity and identity leaders, b) passwordless authentication is a priority for those leaders focused on improving both security and the digital experience, and c) Transmit Security has a unique position in a rapidly growing and evolving market. This was all music to my ears!
We are sponsoring the Gartner IAM Summit in Las Vegas later in the year as well. If you’re able to attend, please stop by our booth and join us for our presentation.