5 things your security team must do before creating a CIAM strategy

Keith Graham
Keith Graham
  • Feb 9, 2022
  • 6 min read

When orgs add new tech, the process follows a familiar playbook – just like those movies where the plot is so predictable that there’s no question about what’s going to happen next.

You know the storyline: security or IT identify the need for new tech to solve a business problem, they do a little research, talk to their peers, make a list of vendors and schedule some demos.They sign a contract with their vendor of choice and deploy their shiny tech across the company. There’s probably a quick training and a “here’s how to use this new fancy app” email to employees. Your colleagues nod their heads and then go back to their daily to-do lists. The end.

Well, here’s a little plot twist for you: The process for creating a great customer identity and access management (CIAM) strategy and deploying the right solution isn’t the same one you’re used to following.

And here’s why: While most of the tech that you and IT buy caters to your workforce, CIAM solutions are built specifically for your customers. Sure, your team still plays a leading role in creating a CIAM strategy, but there are several other key teams in your organization that you’ll need to partner with in order to successfully deploy tech that’s designed to serve your customers ... because there are quite a few teams that care about (and are measured against) your customers’ journeys.

How do you implement a CIAM program?

If you’re considering implementing a CIAM strategy, there are five essential steps you should take before you start scoping the project. Spoiler alert: They all involve multiple teams in your org.

We guarantee that doing these five things before you dive into project planning will save you time, headaches and likely a couple awkward “Why wasn’t [insert team name] brought into this project earlier?” conversations.

  • #1: Identify which teams need to be involved.

  • Oddly enough, we see a lot of CIAM projects start with a conversation about access management. Call us crazy, but we believe these discussions should start with your customers (and their journeys) and that you should work backwards from there.
  • That’s why you should bring key folks from all of the functions that have a hand in the customer lifecycle (and customer data stewardship) together first so you have the opportunity to get aligned on what the customer’s experience is today, what you want it to look like and why.
  • At a minimum, you should include representatives from four key functions in your CIAM buying committee: security, marketing, product and compliance.
  • If you’re not sure exactly who to involve (or what their titles are), here’s a handy chart to help:
  • #2: Define the demographics of your audience(s).

  • Now that you’ve got the right cast of people in the room (or on Zoom), it’s time to get specific about the different types of customers you serve. Here’s where the group should identify and document your customer segments, their demographics and personas and even think through how tech savvy (or not) those audiences are. Once you’ve got a clear understanding of who it is you’re serving, you’ll have a strong sense of what behaviors and preferences you need to consider as you’re creating and optimizing customer journeys and workflows.
  • #3: Consider the other departments that need to be aware of the project.

  • In addition to your newly formed CIAM buying committee, there are some other departments that’ll need to understand how customer journeys and workflows are changing long before you push anything live (customer support team, we’re looking at you). This is a great opportunity to host an internal workshop, which we’ve run for a few of our own customers as they prep for CIAM launch day. We think it’s a great opportunity to get input from your support teams, as they’ll have the best sense of what we might need to consider and the dead ends your customers typically run into. Ultimately, you want to make sure they’re not caught by surprise when they have to field a call from a customer who has questions about how they log into their new account or access their reward points on your shiny new app.
  • #4: Understand the compliance and privacy requirements that impact your CIAM strategy.

  • Spoiler alert: You need to become friends with your Chief Compliance Officer, your Chief Privacy Officer or whomever in your organization is responsible for making sure your org adheres to the appropriate regulatory and compliance standards. By identifying the privacy and compliance requirements before mapping out your strategy, you’ll avoid roadblocks (Remember those headaches and awkward conversations we mentioned earlier?) later in the process.
  • #5: Ask the right questions of the other teams involved.

  • Everyone involved in your CIAM strategy has different goals for the project, so getting clear on those should be the first order of business when all your stakeholders come together to talk about all things CIAM. In fact, we put together a quick list of questions to ask your marketing counterpart (and vice versa) to get the discussion going.

Starting your CIAM strategy journey

We know this sounds like there’s a lot of work that needs to be done up front before you jump to the “let’s evaluate vendors” part of the process. And while it does require time and effort, creating your CIAM strategy as a group first and mapping a clear path to achieve your goals will set you (and your customers) up for success.

We’ve helped lots of our own customers with the pre-work we’ve shared here, hosting multi-day workshops with key folks in their organizations who have a hand in the customer lifecycle and customer data stewardship. We help identify the “to be” customer experience, work to create their roadmap and even outline how to measure the CIAM effort through metrics that demonstrate increased revenue, reduced costs and reduced risk. We call it a Customer Clarity Workshop.

We’d love to help you get started, too... send us a note and let’s chat.

More articles from this author