adding relationship management to identity: it's a must for customer-obsessed companies
DESCRIPTION
General Session presentation from 2014 IRM Summit by Eve Maler, Principal Analyst Serving Security & Risk Professionals at ForresterTRANSCRIPT
Adding Relationship Management To Identity: It’s A Must For Customer-Obsessed CompaniesEve Maler, Principal Analyst, Security & Risk
June 5, 2014
@xmlgrrl
2© 2012 Forrester Research, Inc. Reproduction Prohibited
In April 2014, ForgeRock commissioned Forrester Consulting to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones. Forrester tested the assertion that companies can obtain significant value by implementing IRM solutions that treat customer identities, and their identity data, as mission-critical for the top line of the business.
3© 2012 Forrester Research, Inc. Reproduction Prohibited
In April 2014, ForgeRock commissioned Forrester Consulting to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones. Forrester tested the assertion that companies can obtain significant value by implementing IRM solutions that treat customer identities, and their identity data, as mission-critical for the top line of the business.
In conducting online surveys of 111 B2C and B2B2C executives with responsibility for IAM and six interviews, Forrester found that new business and technical demands require a strategic focus for which existing IAM infrastructure may not be sufficient, and that there is a significant opportunity to utilize IRM-supportive technologies in support of customer-facing IT initiatives.
© 2012 Forrester Research, Inc. Reproduction Prohibited
The Age of the Customer is a 20-year business cycle in which the most successful enterprises will Reinvent themselves to Systematically Understand and Serve increasingly powerful customers.
The age of the customer – what is it?
4
© 2012 Forrester Research, Inc. Reproduction Prohibited
Four institutional imperatives in the AoC
Become a digital business leader
Reinvent
Transform digitally enabled
customer experiences
Systematically
Create contextual mobile offerings
Serve
Turn big data into customer
insights
Understand
Age of the customer
© 2014 Forrester Research, Inc. Reproduction Prohibited 6
The past
Information
Price Location
Tech
© 2014 Forrester Research, Inc. Reproduction Prohibited 7
Information
Price Location
Tech
Today
© 2012 Forrester Research, Inc. Reproduction Prohibited
Source: Forrester Consumer Technographics, US and Canadian Online Population 18+, 2013
Mobile connects us everywhere
Canada USA “Where do you access the Internet on your smartphone?”
© 2012 Forrester Research, Inc. Reproduction Prohibited
Source: May 2013 “Winning The Customer Experience Game” Forrester report
Of course, behind every customer touchpoint is a technology story
10© 2012 Forrester Research, Inc. Reproduction Prohibited
So, what did we find in our study?
The demand for “external-facing IAM” is widespread.
Traditional IAM architecture is not prepared for customer engagement.
IRM success is evaluated differently from IAM success.
IRM platforms must be agile, modular, coordinated, and scalable.
Companies are straining against a view of IAM as a
tactical IT concern
12© 2012 Forrester Research, Inc. Reproduction Prohibited
IRM deserves its special moniker because it operates at special scale
Source: A commissioned study conducted by Forrester Consulting on behalf of ForgeRock, April, 2014
Partner Employee Consumer0
500,000
1,000,000
1,500,000
2,000,000
2,500,000
3,000,000
101 – 1,000
1,001 – 10,000
500,001 – 5,000,000
© 2012 Forrester Research, Inc. Reproduction Prohibited
Companies are dubious about the IRM preparedness of existing IAM solutions
13
Source: A commissioned study conducted by Forrester Consulting on behalf of ForgeRock, April, 2014
Considering the IAM technology solutions you use internally now, how prepared are these solutions for use in external
deployment scenarios?Not at all prepared;
8%
Not very prepared;
22%
Some-what
prepared; 36%
Very prepared;
34%
Base: 111 B2C and B2B2C Executives
66% feel less than “very prepared”
Yes; 88%
No; 5%
N/A 5%
Don’t know; 2%
Does your budget for building out external-facing, customer and
partner identity and access management include investment in
new IAM software?
IRM priorities are increasingthe pressure on IAM projects
15© 2012 Forrester Research, Inc. Reproduction Prohibited
The definition of success is shifting
Source: A commissioned study conducted by Forrester Consulting on behalf of ForgeRock, April, 2014
Have you been asked to measure the revenue impact of your customer-facing
IT projects?
Yes; 83%
No; 9%
Don’t know; 8%
Base: 86 [Those who work on customer-facing IAM projects]
Base: 111 B2C and B2B2C Executives
© 2012 Forrester Research, Inc. Reproduction Prohibited
Source: A commissioned study conducted by Forrester Consulting on behalf of ForgeRock, April, 2014
Metrics are moving from input to output and from internal to business-focused
What types of success metrics govern your IAM-related projects today?
5) Drive customer intelligence
4) Drive increased revenue
3) Fraud detection/prevention rates
2) Regulatory compliance (e.g., PCI, HIPAA, EU Data Protection Direc-
tive, etc.)
1) On-time and on-budget
What types of success metrics do you anticipate will govern your IAM-related projects three years
from now?
5) Drive customer intelligence
4) Regulatory compliance (e.g., PCI, HIPAA, EU Data Protection Direc-
tive, etc.)
3) Drive increased revenue
2) Fraud detection/prevention rates
1) On-time and on-budget
© 2012 Forrester Research, Inc. Reproduction Prohibited
Source: A commissioned study conducted by Forrester Consulting on behalf of ForgeRock, April, 2014
Metrics are moving from input to output and from internal to business-focused
How will success metrics that govern your IAM-related projects increase or decrease
over the next three years?
On-time and on-budget
Regulatory compliance
Drive customer intelligence
Drive increased revenue
Fraud detection/prevention rates
-7%
-1%
5%
7%
8%
Three years from now versus today
Base: 111 B2C and B2B2C Executives
© 2012 Forrester Research, Inc. Reproduction Prohibited
IRM requires the right architecture
We’re undergoing a digital transformation. I didn’t think IAM was going to be so important for this, but now I realize it’s valuable to create a targeted architecture and not have to build specialized applications each time. The users will be able to access the same platform, and their access will be controlled by authorization. It’s really an enabler in completely transforming the way we do things. People expect 24/7 access.
– Media/advertising
100%
© 2012 Forrester Research, Inc. Reproduction Prohibited
Source: January 24, 2014 “Mobile Moments Transform Customer Experience” Forrester report
Mobile expectations are rising; customer-obsessed companies prioritize mobility
20© 2012 Forrester Research, Inc. Reproduction Prohibited
Mobile is a really difficult thing to control in our environment.13,000 students probably have 15,000 different devices – probably more like 30–90,000 different devices. So I don’t do anything to attempt to control their mobile experience, other than making the system available to them.
– Higher education institution
About a year and a half ago, we put the entire sales team on mobile devices. They don’t even get provisioned laptops [anymore].
– Cloud services provider
© 2012 Forrester Research, Inc. Reproduction Prohibited
Source: A commissioned study conducted by Forrester Consulting on behalf of ForgeRock, April, 2014
Strategic priorities reflect the IRM imperative
“Please indicate which of the following are, or will be, strategic IAM priorities for your company.”
Managing IAM for multiple types of network-connected devices owned by employees
Using IAM to control and enable employee access to cloud/SaaS services
Mitigating operational expenses and security risk by extending IAM to employees
Consolidating disparate employee IAM systems
Ensuring IAM systems scale to handle anticipated customer growth
Managing IAM for multiple types of network-connected devices owned by customers
Using IAM to enable and unify customer access to cloud-based services
Consolidating disparate customer IAM systems
Driving business value and revenue by extending IAM to customers
21%
24%
25%
22%
20%
21%
19%
25%
28%
35%
37%
32%
36%
27%
31%
41%
39%
21%
33%
33%
40%
40%
46%
43%
36%
32%
48%
Will be a priority in more than a year Will be a priority in the next year Is a current priority
Base: 111 B2C and B2B2C Executives
IAM
IRM
© 2012 Forrester Research, Inc. Reproduction Prohibited
What do you need to scale?IAM
Roles and entitlementsIRM
Users and engagement
[F]or external users, the effort tends to be more focused around the technology and the deployment, whereas when you start internally, there’s a lot more focus on method and process and business change, about 80% business change and 20% technical. For external-facing systems, it tends to be 80% technology and implementation and 20% process.
– Global IT services
© 2012 Forrester Research, Inc. Reproduction Prohibited
What do you need to do to users?IAM
ControlIRM
Enable
A business customer can also wear a consumer hat. … The platform will know if the user is a merchant. …The user will be able to jump right from the ad itself, and be able to upgrade directly. It’s the cross-use of the platform with the different identities that we’re trying to implement.
– Media/advertising
© 2012 Forrester Research, Inc. Reproduction Prohibited
What do you need to do about mobility?IAM
Trap at the front doorIRM
Accept gracefully
I can’t take Nigeria off the network like I’d like to. I’m 100% sure I have someone doing research there; they’re all over the world, all the time.
– Higher education institution
25© 2012 Forrester Research, Inc. Reproduction Prohibited
Increase your customer obsession quotient by:• Evolving your customer-facing projects to
account for strategic IRM• Preparing your identity platform for mobility• Leveraging IRM agility to build security and
customer intelligence