“What are some of the things that you should spend some time thinking about, and really think through, as you develop an identity and access management system specifically for your consumers – for your customers out beyond the firewall and your enterprise?
Well, the first thing that you should really consider is that the enterprise authentication tools that you have been using are probably not that appropriate for your end-user customers. They’re probably too cumbersome and too rigid, and you may not want to impose that much friction on your consumers.
The second thing to keep in mind is that consumers come in all shapes and sizes and have different varieties of tastes and experiences. You’ll want an authentication system that delivers multiple methods and factors of authentication, ideally that the customers can select from, whether they want to use a thumbprint, facial recognition, pin codes or simple graphics codes.
The third thing you want to keep in mind as you’re looking at an identity and access management system for consumers is how important is the user experience in this entire process. What is the continual balance going to be between the assurance that you need as your information security team or the business and the kind of experience your consumer wants. You need to develop a system that allows you to transit back and forth between different levels of assurance and different levels of experience depending on what it is that the consumer wants to do, what they want to accomplish with your site or application.”