An Interview With Heather Flanagan
Hiya,
This is another in my series of interviews about the future of CIAM from experts in the space.
Heather Flanagan, Principal at Spherical Cow Consulting, comes from a position that the Internet is led by people, powered by words, and inspired by technology. She has been involved in leadership roles with some of the most technical, volunteer-driven organizations on the Internet, including IDPro as Executive Director and Principal Editor; the OpenID Foundation as Lead Editor; the IETF, IAB, and the IRTF as RFC Series Editor; ICANN as Technical Writer and Editor; and REFEDS as Coordinator, just to name a few. If there is work going on to develop new Internet standards, or discussions around the future of digital identity, she is interested in engaging in that work.
I’m excited to hear Heather’s views on CIAM, identity, standards and more.
Dan: What problems do you see customer identity and access management (CIAM) solving for your customers?
Heather: While my work focuses more on the standards that underpin CIAM functionality rather than the systems themselves, I see CIAM as addressing the fundamental need for seamless and secure customer experiences in today’s digital-first world.
For customers, it solves usability issues like reducing reliance on passwords by enabling modern authentication mechanisms, such as passkeys and multi-factor authentication (MFA) in a way that's incredibly easy for an individual to take advantage of.
For organizations, CIAM ensures compliance with privacy regulations, enhances security by mitigating risks like credential stuffing attacks, and provides actionable data insights to drive personalization and business growth.
The importance of a robust CIAM solution has only grown as consumers increasingly expect frictionless interactions without compromising their data security.
Dan: What are major challenges you see with CIAM (in the industry, in implementation, etc)?
Heather: Without a doubt, the biggest challenge is getting the user experience right.
Organizations struggle to implement CIAM systems that provide strong protection against breaches while maintaining usability. They tend to see this more as an education problem than a UX problem, and I think the user has enough on their plate already; learning the how's and why's of authentication systems is out of their scope.
Another issue is interoperability—ensuring CIAM integrates smoothly with diverse applications, APIs, and existing IAM systems.
On the industry level, there’s a lack of standardization, which complicates the adoption of emerging technologies like passwordless authentication. Additionally, regulatory compliance, particularly with global privacy laws, adds complexity. Organizations must navigate these hurdles while avoiding technical debt from legacy systems that may not support modern CIAM practices.
There's definitely job security in this field, because these aren't easy problems to solve!
Dan: What excites you about the future of CIAM? Any predictions?
Heather: Well, the bad news is that these aren't easy problems to solve.
But the exciting news is that solving them will fundamentally change people's lives, and how cool is that?
Advances in authentication technologies like biometrics and FIDO-based passkeys promise not just stronger security but also significantly better user experiences. At least in CIAM, we may see more use of some of the decentralized technologies being developed in the standards space, though full decentralization is not something I see in our future, not even in the pure consumer space.
Moving beyond the decentralized debate, I think standards like the Shared Signals Framework and its Continuous Access Evaluation Profile (CAEP), which provides signals to ease the way for automated access control, will further drive innovation by providing frameworks for scalable and secure identity solutions.
The integration of CIAM with real-time analytics will enable hyper-personalization and adaptive security, making customer interactions both safer and more engaging.
Thanks again to Heather for sharing her perspective, and thanks to you for reading!
Dan