From access control to strategic enabler

Vision on Identity and Access Management (IAM): A Dynamic Evolution

Over the past fifteen years, Identity and Access Management (IAM) has undergone a significant transformation. Where centralized access control once wasn’t a priority for many organizations, decentralized management was the norm. Only larger companies or organizations with a strong focus on security or technology invested in centralized solutions. However, the ongoing digitalization and rise of the internet made the need for secure and manageable access increasingly urgent. It is no coincidence that many leading IAM software vendors emerged between 2000 and 2010.

As the internet continued to grow, e-commerce took on a more prominent role in online user experiences. Authentication needed to be not only secure but also user-friendly. E-commerce companies feared losing revenue due to complicated login processes. At the same time, the number of online business applications increased rapidly, reinforcing the demand for secure yet accessible authentication. These developments led to the foundation of the FIDO (Fast Identity Online) Alliance in 2013, aiming to reduce reliance on passwords and create secure, user-friendly open standards.

The COVID-19 pandemic accelerated the need for remote-access systems. Mass-scale working from home and global adoption of video conferencing made secure and simple authentication more critical than ever. At the same time, new attack vectors emerged, increasing the need for monitoring and account protection.

Today, technologies like YubiKeys, passkeys, authenticator apps, and biometric scans are standard features of authentication processes. Single sign-on and the ability to work from anywhere in the world have become the norm. The IAM landscape has changed dramatically in fifteen years: a broad range of software suites is available, security standards have improved, and authentication has become much more user-friendly. At the same time, there is a growing offering of services designed to protect end users against malicious attacks. The question now is: what do these developments mean for organizations and users?

 

The Challenge of Choice and Implementation

Organizations often experience “decision fatigue” when selecting an IAM solution. Questions arise such as: which package fits best with the existing IT landscape and user needs? Is it future-proof? Which solution scales effectively with growth ambitions? And which package offers the most control over access policies? These questions are complex and cannot be answered based on product specifications alone.

Moreover, the requirements for IAM solutions targeting customers (CIAM) differ fundamentally from those for employees (Workforce IAM). Making an informed decision about software, implementation, and configuration requires a thorough understanding of the organization itself.

IAM is sometimes still seen as just another software package, similar to a word processor. In reality, it is the gateway to almost every business process: from entering patient records and generating shipping documents to processing payments and operating equipment remotely. IAM governs who gets access, when, with what level of permission and detects anomalies. It can accelerate business processes but may hinder them if chosen or configured poorly. There is always a trade-off between ease of implementation and adaptability. The ability to integrate with other applications is also a decisive factor.

 

Customer- and Workforce-Centric IAM Solutions

Customer Identity and Access Management (CIAM)
CIAM solutions focus on the customer. The emphasis lies on ease of use, control over personal data, and GDPR compliance. Identity wallets and advanced authorization tools empower users to decide what information they share. The EU is actively supporting this through various initiatives. Additionally, many CIAM vendors are introducing AI-powered services that detect threats and automatically protect user accounts.

The complexity of CIAM implementation typically depends on:

• The digital channels used for customer interaction
• The desired user experience per channel
• The sector (commercial, semi-public, public)
• The registration and onboarding processes
• The data and actions protected by the CIAM system

Workforce Identity and Access Management (Workforce IAM)
Workforce IAM focuses on managing access and permissions for employees. With upcoming regulations like NIS2, more organizations are required to strengthen access controls. IAM is no longer just an IT tool it’s a critical link in ensuring business continuity.

Workforce IAM platforms often act as central hubs: they automate account provisioning, manage lifecycle changes (like role changes or promotions), and handle account deactivation. HRM software often forms the backbone of the broader IAM landscape. Many organizations operate multiple IAM components working together in an integrated ecosystem.

Implementation complexity is influenced by factors such as:

• The applications employees use
• The need for hybrid (cloud/local) access
• Regulatory requirements for information security and risk management
• Organizational dynamics like staff growth, role changes, and external hiring

 

Organization and Users as the Blueprint for Implementation

A successful (C)IAM implementation starts with a clear understanding of the organization, its users, and its ambitions. Workforce IAM platforms will increasingly support process-based configurations, allowing them to adapt to organizational changes. Reporting capabilities will also become more important in response to stricter compliance requirements.

On the CIAM side, we’re seeing growing emphasis on user-friendliness and brand consistency. Integration with identity wallets and third-party ID providers is becoming a top priority. Consumers today demand seamless digital experiences and full transparency.

Organizations with a strong grasp of their operations, strategic goals, and user expectations should engage closely with their (C)IAM implementation partners. Together, they can create a robust, future-proof IAM solution that evolves alongside the organization.