Choosing a good CIAM solution should take into account the user experience, and security of customer data. What specific security features should one look for when selecting a solution?
1) Good at managing user's credentials.
2) Support all kinds of authentication methods.
3) Provide a way to collect customer data.
4) Easy to integrate with your applications such as CRM.
5) Depends on your need, you may need the support of hundreds (or thousands) of transactions per second.
6) Open standards
7) Regulations and Compliance.
8) Personal data privacy control and user consent management.
9) Capability to classify users into roles and link roles to permissions.
10) Capability to collect all kinds of user data with an evolving schema (i.e. no need to be fixed).
11) Good user self-service features.
12) Identity proofing capability may be critical to you.
Broad question but great question! To keep it quick, below are the "5 pillars" to ensure seamless integration and user experience (CIAM - IAM). I'm sure you've heard this referenced before by Gartner and others.
- SSO, 2FA, Multi-Factor and Adaptive Authentication
- Privacy & Compliance
- Integration, Flexibility, Scalability & HA
- Analytics & reporting
A great team by the way to connect with on all security related solutions and topics is the partner OPTIV.
Hopefully that helps. Not sure if your enterprise, if so I'd definitely take a look at the "all in one" solutions that provide both key CIAM & IAM features, with many additional services (ex. OKTA, Ping Identity, SecureAuth, OneLogin, DUO).
Security starts within the enterprise first with strong security policies that the product should comply to. Examples are centralized administration, passwordless authentication. Two-factor authentication.
Also, one question is whether to provide the same level of security for your external and internal identities
PAM (human to machine) = CyberArk and alike
Secrets Management (machine to machine) = Vault OSS and alike
Complete all-inclusive solution = Call me to see a demo of Akeyless Vault
The access authentication should prove the identity of the human person, not the device they possess. If you do this we can stop bot attacks and access breaches.
What tools do you use to make your remote work efficient? Providing use cases along with the pros & cons of the tools would also be beneficial for the community.
Thanks for sharing your experience!