A CISO and architect view on designing the fundamental building blocks of a scaleable, secure and usable consumer identity and access management (CIAM) system. Covering: business objectives, drivers, requirements, CIAM life-cycle, implementer toolkit of standards, design principles and vendor selection guidance.
Consumer identity and access management (CIAM) is a critical component of any modern organisation's digital transformation initiative. If you used the Internet yesterday, you would very likely have interacted with a website that had customer identity and access management at its foundation.
Making an online purchase, checking your bank balance, getting a quote for car insurance, logging into a social media site or submitting and paying your income tax return. All of those interactions require high scale, secure identity and access management services.
But how are those systems designed? Modern organisations need to not only meet end user privacy, security and usability requirements, but also provide business enablement opportunities that are agile and can respond to market changes rapidly.
The modern enterprise architect and CISO is no longer just focused upon internal employee security - they now need to address the growing need for digital enablement across consumers and citizens too.
About The Author:
Simon Moffatt is a recognised expert in the field of digital identity and access management, having spent nearly 20 years working in the sector, with experience gained in consultancies, startups, global vendors and within industry. He has contributed to identity and security standards for the likes of the National Institute of Standards and Technology and the Internet Engineering Task Force. Simon is perhaps best well known as a public speaker and industry commentator via his site The Cyber Hut.
He is a CISSP, CCSP, CEH and CISA and has a collection of vendor related qualifications from the likes Microsoft, Novell and Cisco. He is an accepted full member of the Chartered Institute of Information Security (M.CIIS), a long time member of the British Computer Society and a senior member of the Information Systems Security Association. He is also a postgraduate student at Royal Holloway University, studying for a Masters of Science in Information Security.
Since 2013, he has worked at ForgeRock, a leading digital identity software platform provider, where he is currently Global Technical Product Management Director.