Accelerate your Digital Transformation through Identity
By Anne Bailey (KuppingerCole Analysts), Guus van Es, Jan Jaap van Donselaar and Clarence Chase
Digital transformation is a unique journey for each organization, but there are common foundations that underpin successful ones. Digital identity, especially the unification of enterprise identity and access management (IAM) and consumer identity and access management (CIAM) is an enabler of further efficiencies and innovations within your organization. In this whitepaper KuppingerCole in collaboration with Deloitte discuss the phases of digital transformation and how a unified approach to IAM and CIAM fuels this journey.
- Introduction / Executive Summary
- What is the digital transformation journey?
- How does digital identity both secure and enable your digital transformation?
- Where do you start? And other FAQ
Introduction / Executive Summary
Digital transformation is a clear business imperative. However, how to bring about a digital transformation in your own organization is often less clear. Critical building blocks of a digital organization must be intentionally assembled, and digital identity is one of these foundational enablers as it serves to connect anyone to any service, provide heightened security, and yield improved user experience.
Digital transformation is a response to fundamental changes to "business as usual" or BAU. The years 2020 - 2021 saw extraordinary external factors that supremely disrupted BAU like a mass work-from-home movement. But the global pandemic is not the sole initiator of digital transformation. Fundamental changes to BAU that upend your competitive landscape have been increasingly closing in on the business over the past decade and demand a response in order to compete in a changing world. But aside from outpacing the competition, organizations want to delight their customers by building 1:1 relationships with them and creating omni-channel digital programs. This undercurrent is what spurs you to look for what enables you to embark on your digital transformation to achieve your digital business.
If digital transformation is a response to the changing business environment, what actions should you take to begin that transformation? Digital transformation is not about implementing the latest technology advancements, but requires context to know why and how you should evolve your business. Digital identity has become the fabric of the digital economy. Together Deloitte and KupppingerCole recommend using identity as a frame for your digital transformation because identity is the center piece of the digital experience.
Digital identity is the unifying factor in modern enterprises because it facilitates communication and collaboration between the previously disparate and siloed organizational departments, as well as to customers and external partners: it connects customers to the services they access, business processes with suppliers and partners, employees to each other and the projects they manage, and enterprise resources with the individuals that may access them. To enable this, we recommend using an identity-centric approach called an Identity Fabric – a paradigm of comprehensive identity services that deliver capabilities required for providing seamless and controlled access for everyone to every service. Digital identity is a key component in any digital transformation initiative and serves as a key security measure for the de-siloed organization. An Identity Fabric offers an actionable architecture that enables anyone to connect to any service or process. Digital identity must sit at the center of your digital transformation efforts because it not only protects your people, processes, and assets, but it enables businesses to foster innovation and improve user experience.
- Respond to fundamental changes to “business as usual” in order to compete and thrive by harnessing digital identity for your digital transformation
- Strategically design your organization’s governance and processes to provide context for technology decisions and implementation in order to achieve a sustainable digital business
- Protect and enable the digital experience with digital identity
- Accelerate and better control your digital transformation with unified digital identity
- Find answers to your top questions like where to start and which digital identity capabilities to focus on first
Listen to Guus van Es, Partner and Deloitte‘s European Identity Offering Leader, who explores the different phases of digital transformation within organizations.
What is the digital transformation journey?
By and large, the digital transformation journey will depend on your organization’s current status – the purpose of your business, the organizational culture and attitude towards change, and a strategic investment in improving the business and/or operating model and associated IT architecture and gaps. Though it isn’t possible to plan every detail of your journey, you should set goals to guide your organization’s transformation. First examine the skills that digital organizations have mastered, and then determine where your organization is currently in its digital transformation journey.
What does a digital organization look like?
Organizations that are thriving because of their digital transformation typically have well-honed capabilities and strategy in three domains: their core, their work, and their customers. These three domains should be well synchronized, with integrated processes and easy communication and collaboration between each.
Digital organizations have a fully digital customer experience, where the customer relationship, access to the organization, and management within the organization is streamlined for retention and growth. This is closely integrated with the organization’s digital work, or the operational processes that employees must manage. Data which is needed in one domain should flow seamlessly into the other. The digital core refers to the organization itself, its structure, and its relationships to ecosystem partners to drive efficiency. Mastering these domains in a cohesive manner can be a high level and long-term goal of organizations that wish to become digital.
How digital is your organization?
Organizations can be loosely categorized by their state of mind regarding their digital transformation. These are: exploring digital, doing digital, becoming digital, and being digital.
Exploring digital is the earliest phase of the digital transformation journey. Here the organization is adding digital capabilities to automate existing capabilities. In other words, digital tools are superficially added to enable the organization to do more of the same. There is no real engagement with the trends and issues that require the organization to change at a deeper level.
Doing digital is the next step, where digital transformation efforts are still largely focused on leveraging technologies but with the intent of extending and augmenting the existing capabilities rather than just automating. There may be artificial intelligence initiatives for “smart” processes that link insights to action, or efforts to adopt cross-departmental tools to reduce dependence on silos. But an indicator of this stage is the endless cycle of new digital projects without seeing the results across the entire organization.
Organizations that are becoming digital consider how their organization as a whole must adapt to changing environmental and competitive pressures, and use digital technologies along with other organizational projects to achieve that. The organization has not reached an ideal state yet, where all departments, processes and information are synchronized. But it is making meaningful effort to evolve.
The final phase is being digital. The organization has fundamentally changed, perhaps seen in its operating model or business model. These changes are supported by digital processes and technologies. Being digital requires a constant consideration, revision, and improvement of digital processes so that the organization remains connected, flexible, and prepared for the environment in which it exists.
Listen to Jan Jaap van Donselaar, Senior Manager Cyber Risk Advisory who talks about how the synergy between enterprise and customer identity creates a basis for business benefits.
How does digital identity both secure and enable your digital transformation?
In the past, enterprise and customer IAM have been separate worlds that coexisted. Enterprise IAM has primarily been a security measure that in principle should enable work, but has overwhelmingly been perceived – and used – as a barrier. Most IAM products like identity and access governance (IAG) products as well as privileged access management (PAM), password rotation, etc., are security and compliance first products. CIAM has an entirely different approach altogether by enabling a smooth customer experience. CIAM is marked by self-service models to increase access to services and to personalize marketing. Thus CIAM products are designed to serve these use cases, which widens the divide between IAM and CIAM. Unifying these separate worlds of IAM and CIAM may not have been such a high priority in the past, but digitalization has changed this.
Enterprise IAM and CIAM have also been plagued by similar challenges that could be solved in a unified manner. Each persona – the employee and the consumer – are faced with inconsistent user experiences. There is a chronic lack of single sign-on (SSO), meaning that both employees and consumers must maintain more passwords than can be safely done. Typical workflows involve multiple channels and applications, meaning that consumers must reauthenticate on each device or when they access a service portal rather than an ecommerce site, and employees may have to manually assemble information that is spread across different applications. A central platform to manage all identities and access is lacking in most organizations.
But to achieve your digital transformation, you should be aiming to reduce the distance between identity initiatives in your organization. IAM and CIAM should work with centralized directories, should have consistent access management and governance controls throughout the organization, and should enable smooth and efficient work. This calls for a unified IAM and CIAM termed an Identity Fabric, a holistic digital identity paradigm for everyone and everything that interacts with your organization to use and connect to any service or application in your organization. The Identity Fabric should be thought of as a consolidated portfolio of isolated but corresponding capabilities that enable smart, safe and simple consumption and connection to services on-premise, in the cloud, with partners, and in hybrid environments for employees, partners, and customers. This heightened flexibility, new channels of communication, and secure exchange of digital identities is foundational to the digital business.
What role does digitalization play in unifying IAM and CIAM?
Does becoming more digital unify IAM and CIAM? Or does striving to unify IAM and CIAM make your organization more digital? The answer is yes, no matter which you answer first. The reason is that digitalization blurs the traditional demarcation between enterprise IAM and CIAM, and the most effective ways to unify IAM and CIAM is with well-designed, digital solutions.
A strong driver for an Identity Fabric to unify digital identity for digital transformation is the increasing similarities in previously incomparable roles: the employee, and the consumer. Employees and customers are demonstrating that they have similar expectations especially regarding ease of use, security, and control over data. It is no longer only the employee responsible for governance that is concerned with access control; the consumer is now also requesting reports on what personal data organizations have access to, and is exercising their right to manage their own personal data. And it is not only consumers that require a frictionless experience; employees need consistent and smooth access to several applications, cohesive views on data from multiple sources, and policies that reflect their level of access, but without any time wasted.
The nature of digital services mean that employees and consumers often need to access the same applications, requiring further alignment between IAM and CIAM. Customer-facing apps interact with back-office systems. This further facilitates a constant flow of data directly from consumers to organizational systems and creates more touchpoints for employees and consumers. Employees and consumers need an agile digital identity scheme that provides each the correct access and protections seamlessly, enabling and securing the inner-workings of the digital organization.
What are the advantages of implementing unified digital identities in your organization?
Unified digital identity improves security and control over information, processes, and tooling by reducing the threat surface and improving the organization’s cyber posture. It allows monitoring in real-time of employee and consumer access to individual systems yielding more accurate threat protection. Digital identity is critical for operations and security, where SOC and SIEM depend on identity information to understand the security state of the organization. Better insights on where consumer data is stored are generated for overall stronger governance and to satisfy compliance requirements. An intentional digital identity strategy also helps enable zero trust architectures, both internally and externally by replacing trust with risk-driven and contextually aware verification.
By addressing some of the persistent pain points of consumers and employees alike, unified digital identity management can improve the user experience of both parties. Consumers clearly demand smooth and easy user experiences that are fully digital, omni-channel, and privacy preserving. Employees share this expectation with the added benefit of smoother and more secure workflows. Moving towards SSO and passwordless solutions for IAM and CIAM are among the ways that digital identity helps elevate the user experience for both employees and consumers.
Operational efficiency is a major win for unified digital identities in the enterprise. Efficiency can be achieved through integration across business units and channels by simplifying the technology landscape for identity. We recommend identifying strengths that may exist in one domain – for example authentication in CIAM may be highly secure and frictionless – and bring it to other domains like enterprise IAM. Efficiency via the optimal use of knowledge is another advantage. Siloed organizations have the chronic struggle of being short on knowledge without a cohesive overview. Ultimately, removing silos helps to enable cross-cutting and informed strategic decisions instead of decisions based on limited information.
By approaching identity holistically and by aligning people, governance, and processes, you can accelerate and better control your digital transformation across your organization.
Listen to Clarence Chase, Deloitte’s Managing Director Technology who is sharing real-world practical insights on the convergence of enterprise and customer identity
Where do you start? And other FAQ
Sometimes half the battle is knowing where to begin. We recommend having a clear picture of the outcomes that you want enabled through your organization’s digital transformation program. Take time to visualize what your organization would look like if its core, work and customers were digitally integrated and synchronized as is seen in section 3.1. Then formulate that into a vision and strategy, and map it to gaps in your current capabilities and your upcoming projects.
Involving the right people is essential on a digital transformation journey. Establish a stakeholder and governance outreach for approvals, funding, and other practical necessities. But don’t exclude second-level business owners and cybersecurity leaders from planning committees, as these are important sparring partners to help define project scopes. Identity programs are often divisive topics in organizations, and you need to bring the key stakeholders on board.
Particularly for digital transformation journeys that center on digital identity, address identity on all levels, starting from your business strategy up to injecting identity into the secure software development lifecycle. By bringing digital identity directly to the continuous integration/continuous delivery (CI/CD) processes, applications and software will be designed from day one to handle the variety of identities – both enterprise and consumer – that must be consumed.
The following are frequently asked questions by those exploring digital transformation initiatives, and our recommendations for how to begin – or continue – your journey.
What are pre-requisites for a strong digital transformation?
Change management is a profession that you cannot do on the side. In reality, it is often overlooked in favor of technical expertise. Proactive change management, associated stakeholder management (formal and informal) and clear and consistent messaging is a must for the pace and level of adoption. Change management should be incorporated by leadership teams that hope to move from doing digital to being digital. As change management stakeholders require clarity on the business benefits of the pursued changes and intermediate successes, progress and lessons learned should be communicated regularly.
What digital identity capabilities are highly desirable?
Authentication is an interesting place to start, especially when considering unified digital identity. For both sides – employees and consumers – the digital user experience is crucial. Most have a multifactor authentication (MFA) or user credential overload, so enabling more SSO in the organization can be beneficial. Improving authentication across the organization can increase visibility to workforce activity in the cloud and on-premise applications and allow users to toggle between standard and privileged accounts.
When considering an approach to streamlining authentication, the best place to begin is to fully understand the persona. The employee for example can use device or network recognition, then expand out to provide different factors for authentication. This could be touch rather than typing a password, using FIDO2 specifications for authentication, or a push notification.
Is there an order to deploying digital identity?
Since each journey is so unique, there is no order. This must be a decision based on your organization’s current status and goals. However, if there is no identity lifecycle management or repository system already in place, these should be prioritized in order to give you an understanding of how users enter the system, evolve over time, and what occurs when relationships end.
Are non-human identities part of a holistic approach to digital identity?
Yes, non-customer roles, device identities, and machines identities are part of the concept that all personas are required to have an identity to access all relevant systems.
It should be noted that this holistic approach does not prescribe one system for workforce and CIAM plus non-human identities, but it combines different tooling and services which can be integrated together for seamless communication and workflows.
What is the expected effort that must be invested before being digital?
In our experience, we see identity transformations taking 1.5-2 years. The typical blocks to work on are vision, strategy, governance, design of technical capabilities, and then finally to embed these into the organization.
Where should IAM sit in the organization?
This is a hot debate. There is no correct placement, but there are incorrect placements. Most important is that IAM should sit where it has strong ties to the business and aligns with the development and application lifecycle. Be careful of letting IAM be driven solely by security goals or user access goals. It should be balanced between cybersecurity and business units, with intentional stakeholder involvement to prevent a lopsided identity initiative. Irrespective of where it sits, it must be focused on governance, innovation and change management.
Is artificial intelligence (AI) part of digital transformation?
Yes, in the sense that AI is often part of the tooling that enables digital transformation. But remember that a digital transformation is a response to the changing world to better grow and compete, not a collection of the newest and greatest technologies. But AI is a good example of the strong overflow effects of digital transformation. When partners and vendors along your supply chain are able to take action from smart insights, their efficiencies do not stop at their boundaries but are felt by partners in ways like more efficient and de-siloed communication.
Take time to visualize what your organization would look like if its core, work and customers were digitally integrated and synchronized ( see How digital is your organization? )
A unified approach to IAM and CIAM is a critical foundation of becoming a digital business. Digital identity programs can improve your organization’s cyber posture, improve the user experience for consumers, employees, and partners. But above all, digital identity is an enabler of innovation – towards smoother workflows, heightened security, and creative business processes.
As you consider beginning or continuing your organization’s digital transformation journey, critically assess the IAM architecture, including CIAM. Take steps to ensure the growth and evolution of your organization, open new channels of communication with your partners and customers, and seamlessly give access to all users wherever they are accessing from in a secure manner with digital identity.
Senior management should place digital identity at the center of its data driven business model and operations.
The Future of Digital Identity