Share this post:
Business to Consumer (B2C) is an incredibly common kind of identity and access management implementation. This implementation allows consumers to self-register and self-manage their digital identities for a given retailer or service provider. The provider does this so that they can streamline subsequent interactions with consumers and to provide a seamless user experience while providing a level of security appropriate with the provided services.
Conceptually, B2C identity has been very simple – right up until you start needing to protect multiple resources and interact with social media platforms. Social authentication using 3rd parties such as Google and Facebook have become an expected capability.
Providers are faced with the need to invest more time and resources in modifying their customer identity and access management capabilities instead of focusing on their core business values, enhancing the services provided to the consumer.
What do we see at customers today?
Let me describe a very common implementation pattern we see at customers today as part of our Product Professional Services practice.
In many cases, providers have tightly integrated their Customer Portal with the Authentication and Identity Management system. Modeling their IAM implementation and in some cases even having merged their B2C implementation with their Enterprise IAM access implementation.
This type of implementations has been a great value to a diverse set of providers, but it is becoming more challenging as the world and specifically the digital world for consumers is moving forward. Providers struggle with:
- Providing “always on” capabilities
- Scale in size, being able to support a growing user population dynamically and elastic
- Respond dynamically to changing business requirements (mergers, acquisitions)
- Skills gaps and resource constraints
- New security and capability demands
- Providing the speed to market required in today’s world
- Balance resources between security and business goals
Our team of security architects have been approached by many of our clients, which are in this type of situation, with a very simple ask:
How can I get out of the Access and Identity business and focus back onto providing my core business value to the consumer in a secure, agile, and elastic way?