An Interview With Brian Bell
Heya,
This is another in my series of interviews about the future of CIAM from experts in the space.
Brian Bell is is the Chief Executive Officer of FusionAuth. He has over two decades of leadership experience at the intersection of identity security and developer-centric software. Most recently, Bell served as CEO of Split Software, where he led the company through rapid growth and a successful acquisition. His career also includes leadership roles at Ping Identity and Zuora.
I’m excited to hear Brian’s views on CIAM, identity and more.
Full disclosure: Brian is CEO of my employer, FusionAuth.
Dan: What problems do you see customer identity and access management (CIAM) solving for your customers?
Brian:
At the most basic level, CIAM solves the “can my users get in easily and safely?” problem. It helps customers onboard users without friction, keep accounts secure, and make sure identity isn’t the reason people abandon signups or churn. And it’s mission-critical for our customers: if users can’t log in securely and seamlessly, revenue stops, engagement drops, and trust evaporates fast. Customers have zero patience for broken or clunky identity experiences, so CIAM has to be right.
At a deeper level, CIAM gives companies a clean, reliable way to manage identity at scale. That means better security, cleaner data, and fewer homegrown workarounds spread across teams. It becomes the foundation for compliance, personalization, and consistent user experiences across channels.
AI agents raise the stakes even further. They’re incredibly powerful – they can act on behalf of users, automate workflows, call APIs and move work forward without constant human input. That’s transformative. But they also introduce real security risk if you’re not intentional. An agent with too much access, vague permissions, or unclear delegation can do real damage very quickly. CIAM becomes the guardrail – defining who an agent represents, what it’s allowed to do, how long that trust lasts, and when it should be revoked.
Where it gets really interesting is at the edge. CIAM is increasingly the control plane for modern applications — APIs, microservices, and now AI agents. It’s no longer just about who a user is, but what they’re allowed to do, from where, on what device, and on whose behalf. As software becomes more autonomous, deterministic authorization and fine-grained permission become critical. You need clear, enforceable rules – not guesswork – because the blast radius of a bad decision grows as autonomy increase. CIAM is the system that decides trust in real time.
CIAM starts as “login,” but it quickly becomes the backbone of trust for modern digital businesses.
Dan: What are major challenges you see with CIAM (in the industry, in implementation, etc)?
Brian: CIAM looks simple until you actually have to run it in production. On the surface it’s “just login and signup,” but in reality it sits at the intersection of security, product, privacy, scale, and developer experience — and each of those pulls in a different direction. That’s where things get hard.
One of the biggest challenges is that many CIAM platforms hide that complexity behind rigid abstractions. The demos look great, but once you hit real-world edge cases — migrations, messy legacy data, regional privacy rules, or a sudden 10x in users — teams realize how little control they actually have. Identity data is incredibly sticky, so early architectural decisions matter a lot more than people expect.
On the implementation side, teams usually swing between two extremes: over-engineering too early, or treating CIAM like an afterthought. Both lead to painful rewrites. The teams that do best treat identity as foundational infrastructure and choose solutions that can adapt as their product evolves, not ones that force them into a fixed model.
And then there’s the developer reality. Developers don’t want to become identity experts or fight a black box. They want CIAM that fits into their architecture, gives them control when they need it, and otherwise just works. Because when CIAM fails, it fails loudly — users can’t log in, revenue stops, and suddenly identity is everyone’s problem.
CIAM isn’t hard because the ideas are complicated. It’s hard because it has to be boring, invisible, flexible, and rock-solid — all at the same time.
Dan: What excites you about the future of CIAM? Any predictions?
Brian: What excites me most about the future of CIAM is that it’s finally being treated as core infrastructure, not a bolt-on. Identity is becoming the control plane for modern applications — especially as everything moves toward APIs and AI-driven workflows. We’re shifting from “can this user log in?” to “can this actor do this thing, right now, under these conditions?” That’s a much more interesting problem.
My prediction is that CIAM becomes far more programmable and composable. Rigid, one-size-fits-all identity platforms won’t keep up with how fast products evolve. Teams will expect identity to fit their architecture, not the other way around — and developers will win those decisions. That’s a big reason we’ve focused on being flexible, embeddable, and developer-first at FusionAuth, instead of forcing customers into a black box.
The other big shift is AI and non-human actors. We’re about to see more agents, services, and systems acting on behalf of users, and CIAM will be the thing that defines trust, delegation, and boundaries in that world. The companies that get this right will quietly enable the next generation of applications — and the ones that don’t will feel very old, very fast.
The future of CIAM is less about shiny login screens and more about invisible trust at scale. That’s a future I’m genuinely excited about.
Thanks again to Brian for sharing his views.
Cheers,
Dan