– Chief Information Officer, Union Bank of Colombo, Nisala Kodippili

Nisala Kodippili, Chief Information Officer at the Union Bank of Colombo discusses some of the challenges, opportunities and points to note surrounding the current environment of CIAM implementation.

Tell us more about what customer identity and access management (CIAM) is:

If we take a close look at the environment today, organisations want to have a deeper digital relationship with customers. Focusing on providing a greater customer experience is important and ensuring customer loyalty is key. CIAM systems are thus critical as they provide a combination of features including customer registration, self-service account management, consent and preference management, multi-factor authentication, single sign-on (SSO) and access management – enabling comprehensive data access governance. The best CIAM solutions ensure seamless customer experience, scaling and high performance, and support a omni-channel approach (supporting mobile, web, other channels) all integrated together.

How has CIAM become an integral part of business operations, regardless of the industry, especially over the past year?

As a business increases in maturity, it becomes of increased importance that CIAM solutions are fully integrated. Usually, some businesses may have started their services with minimal customer interactions. Most start up digital businesses fulfill their customer service needs through WhatsApp and other online messaging avenues, and lead a basic digital business. When the business grows, it is imperative to provide a personalized solution - you have to know more about your customers – analyse their transaction patterns with the end goal of improving your knowledge of your customer. This generally requires a change in business model, especially when you start facilitating online payments.

You have to capture Personally Identifiable Information (PII) – an essential requirement towards building the knowledge-base. There are however, many regulatory requirements that govern the collection and capture of this data - the European Union’s General Data Protection Regulation (GDPR), and even the upcoming local data protection laws in Sri Lanka. Integration with Customer Relationship Management (CRM) and other systems is required for providing a smooth omni-channel customer experience, and CIAM plays a major role in managing this while ensuring data security is facilitated.

Over the past year, with the pandemic, organisations have seen digital transformation strategies advance by a couple of years at least, with the expedition of such required to cater to the booming digital demand. The situation came to a point where digital immigrants, those new to using technology, had to use digital services to fulfill their day-to-day needs. For example, during the periods of lockdown you have had to at least use WhatsApp to communicate with grocery service providers to obtain basic needs.

Homegrown solutions could not effectively scale to meet the unexpected increase in demand or keep up with the sheer volume of the requirements. This led to the forming of new ‘digital businesses’ while traditional organisations scrambled to evolve and cater to pandemic-driven shifting needs. It should be noted that organisations which already had a strong digital presence, have been able to take it to the next level.

To summarise, if you know your customer behavior, you are able to optimize your services and provide personalized digital experience. You can ensure the security of customer information and protection from cyber threats while enduring a smooth integration with your technology landscape.

What factors should a business consider when deciding on a CIAM solution to utilize?

There are many important factors. Firstly, the usability of the CIAM solution. You have to assess how well it caters to requirements and how easily it can be integrated into your existing environment. You would need to check if integration is possible with existing  CRM, marketing management and master data management systems that are siloed in nature.

The business should also have a very clear understanding of the organization-wide systems that carry customer data, identifying potential candidates for integration within the overarching CIAM system. It is also important to have a clear idea of the digital strategy – asking questions such as, ‘as an organization what do we do next?’, ‘what expansions are currently planned?’. ‘How will the CIAM need to be scaled?’ - factoring in spikes in the demand and usage, and the ability to facilitate uninterrupted 24 x 7 business operations.

There are certain key evaluation criteria that must be remembered. These include whether the solution can support the omni-channel experience by integrating with multiple customer channels;                               whether the system can easily integrate with existing systems by exposing  Application Programming Interface (API’s); and whether the system complies with the local and international information security      compliance requirements such as ISO27001, PCIDSS.

You would also need to check if, and how well, CIAM systems have integrated adaptive data analytics in     to      existing or planned systems. An assessment on whether the integration of dynamic identifiers such as device, location, transaction knowledge, and the possibility of incorporating biometric verification with liveness detections must also be considered. The business must also determine whether the system has to be hosted internally or through cloud-based hosting. CIAM solutions generally have to support  Identity as a Service (IDaaS) platforms as well. Finally, an evaluation of the past local resource availability is needed.

What are the latest trends and expectations in the CIAM space?

The latest trend would be progressive profiling. The idea is not to build customer profiles during the initial onboarding process but spreading it throughout the continuous engagements with customers. This avoids unnecessarily long forms that need to be filled and allow for a smoother onboarding journey. Another trend is not relying on social logins alone, due to possible country specific access limitations faced by social media platforms in recent years.

Keeping two-factor authentication simple has also been a notable trend. Generally, most base this depending on the sensitivity or scale of value of the transaction. Defining the ‘default’ or ‘minimum’ security standards in the application and allowing the customer to choose the levels of additional security is a recommended course of action.

Further, contextual access management by assessing the risk of the customer logins - by looking at location mapping, assessing the time of transaction, and using AI to detect the legitimacy of the transaction – is another key process implementation used widely.

What are some other challenges businesses could face with CIAM?

If you’ve already maintained a homegrown identity management solution, when customers then require logging in with different passwords/systems, you may face significant difficulties. There also exists the possibility of having no single-source of truth when integrating different systems, with different login credentials, outdated and inconsistencies in customer information over different channels. In this instance, data cleansing can be a serious challenge.

I’d like to reiterate that CIAM solutions implemented in a siloed manner – for example, one where the IT department is responsible for managing it alone – tend to fail. A CIAM implementation has to be a cross-functional, multi-stakeholder effort to ensure the business correctly identifies the different values, and to ensure the longevity of the system.

Another key challenge is integration with legacy systems, as discussed earlier, which occurs when there is a lack of a long-term digital strategy or transition plan.

How can business overcome these challenges without an interruption to services?

To sum it up, ensuring you use a customer-focused perspective by considering the customer’s view point when implementing the CIAM solution is of paramount importance. It ensures you create and manage a customer-friendly system and minimize any risks or negative impacts on the business, service and any stakeholders.

Nisala Kodippili will feature as a panelist on the CIAM Trend Chat Webinar hosted by WSO2, covering the current state of CIAM applications, existing challenges, and innovative solutions to overcome them.  The virtual roundtable will take place on the 17^th of June 2021 and feature a panel consisting of distinguished multidisciplinary experts and senior management from the telecommunication and banking sectors. The roundtable will be live at 10 30 am IST and registration can be accessed at https://wso2.com/webinar/ciam-trend-chat-apac?utm_source=pr&utm_medium=link&utm_campaign=pr_link_ciam_trends_210601.