Access and Authentication

Modernizing your B2C Portal Security – Introduction and Challenges

Share this post:


Business to Consumer (B2C) is an incredibly common kind of identity and access management implementation. This implementation allows consumers to self-register and self-manage their digital identities for a given retailer or service provider.  The provider does this so that they can streamline subsequent interactions with consumers and to provide a seamless user experience while providing a level of security appropriate with the provided services.



Conceptually, B2C identity has been very simple – right up until you start needing to protect multiple resources and interact with social media platforms. Social authentication using 3rd parties such as Google and Facebook have become an expected capability.

Providers are faced with the need to invest more time and resources in modifying their customer identity and access management capabilities instead of focusing on their core business values, enhancing the services provided to the consumer.

What do we see at customers today?

Let me describe a very common implementation pattern we see at customers today as part of our Product Professional Services practice.

In many cases, providers have tightly integrated their Customer Portal with the Authentication and Identity Management system. Modeling their IAM implementation and in some cases even having merged their B2C implementation with their Enterprise IAM access implementation.

This type of implementations has been a great value to a diverse set of providers, but it is becoming more challenging as the world and specifically the digital world for consumers is moving forward.  Providers struggle with:

  • Providing “always on” capabilities
  • Scale in size, being able to support a growing user population dynamically and elastic
  • Respond dynamically to changing business requirements (mergers, acquisitions)
  • Skills gaps and resource constraints
  • New security and capability demands
  • Providing the speed to market required in today’s world
  • Balance resources between security and business goals


Our team of security architects have been approached by many of our clients, which are in this type of situation, with a very simple ask:


How can I get out of the Access and Identity business and focus back onto providing my core business value to the consumer in a secure, agile, and elastic way?

Click here to rate this article

Rate this article :

Senior Architect, World Wide IAM Domain Leader

More Access and Authentication stories
By Jeroen Tiggelman on August 4, 2019

IBM Security zSecure Suite 2.4 announced

IBM Security zSecure suite V2.4 was announced on July 23, 2019 with a planned availability date of September 30, 2019. You can read the US announcement letter here. RACF has made new JSON Web Token functionality in support of Multi-Factor Authentication also available for z/OS V2.2 and V2.3. Details about zSecure compatibility fixes can be […]

Continue reading

By Gerard Boekhoud on July 24, 2019

IF001 for IGI now available

On July 19, 2019 we made  IF001 on top of IGI publicly available on FixCentral. This iFix include some strong performance improvements especially within the Access Certification module. Improvements are made in the following areas: a. Time to launch Campaign Summary Page (Especially in the event of a high number of campaigns). This improves by […]

Continue reading

By ADAM CASE on May 10, 2019

Getting started with IBM Verify

Getting started with IBM Security Verify for Multi-factor authentication With IBM Security Verify you have the ability to apply multi-factor authentication anywhere, using one authenticator. From Linux shell access to Windows remote desktop, even custom development with IBM Security Verify APIs, you can take full advantage of no infrastructure costs, third party subscriptions for voice, […]

Continue reading