Identity and access management (IAM) is a very big segment of cybersecurity. Gartner, the research giant, has a conference for security professionals and a Magic Quadrant covering this segment and the key vendors, use cases and technologies. This market has grown rapidly, and it continues to grow, with vendors offering solutions that can scale up to millions of cloud users. Today, on-premise solutions do exist, however they have limitations that can be overcome with cloud based offerings.
Traditionally, IAM was focused on employees and their access rights and privileges. Later it expanded to include vendor and partner access, privileged user access and securing API access, commonly through a key-vault type of solution.
Consumer Identity Management
With the explosion of smartphones and internet browsing speeds, there are millions of users registering on websites and apps through various devices everyday. One way to simplify the registration process is through social login, a form of single sign-on, that let's you use a single username and password across websites. However, this is not the only solution or even an optimum solution, and thus we have a new segment of cybersecurity that covers Consumer Identity and Access Management (CIAM).
For any startup or enterprise capturing user data, there are always regulations covering user privacy & security to comply with. In addition, as identity theft remains a big concern, user data must be kept secure beyond regulatory compliance, as any data leak can cause damage to both reputation and the share price.
Beyond, data leaks, the concerns are also about data usage. Where inappropriate use of customer data (possibly through machine learning algorithms), can again breach ethics or regulations. A classic case reported recently was of Apple Cards offer cards with different credit limits to spouses, including the Apple co-founder.
Preparing for the Future
Here are four things that all website and app owners must remember, when registering consumers:
- Get up to speed on privacy regulations that cover your website or business
- Secure financial transactions much more, and regularly audit that coverage
- Be aware of inadvertent side effects of using machine learning on collected data
- Continue trying out new security techniques to simplify user experience (UX) for consumers