IT Buzzwords: From IAM and CIAM to PAM

IAM, CIAM and EIAM - Nevis differentiates IT security buzzwords and explains how the customer journey relates to the security experience.

Sep 27, 2021 - 3 min.

What is important for the customer journey is not always the right thing for your employees. Many companies do not notice this fine distinction between target groups until it comes to implementing appropriate security measures: After all, the more precise the privileged access management (PAM) and the finer the distinction between CIAM and EIAM, the greater the security comfort for all those involved and the long-term protection against cyberattacks. But where exactly are the differences between all these abbreviations? Don’t they all describe the same thing? We check out the most important IT buzzwords – concisely, clearly and above all, understandably.

Identity and Access Management, also known as IAM, describes the management of internal users. While customers and contractors are also usually included in identity management, the focus is on employees. Specifically, authorised employees are given access to required resources for a specific period in time. IAM solutions start with the provision of a new user account but also range from more extensive functions such as managing access rights and company-owned employee identities to supporting compliance issues. Furthermore, IAM is used for the automated execution of individual workflows, authorisations and also authentications for security-relevant tasks. The aim is to guarantee an optimal user experience for authorised individuals by providing quick and uncomplicated customisation of access rights as well as identities. 

When traditional IAM is no longer enough 

As soon as the tools are to be extended to include the management of customer data, conventional IAM reaches its limits: it can authenticate customers, but the standard solution does not provide any information about who the customer is and which role is assigned to him after login. Added to this are the increased requirements that are coming about as a result of the digital revolution. This is because the number of digital identities has also increased. Consumers act in different roles on different devices every day – at any time and anywhere around the world. As a result, a consistent user experience is expected more than before, and in addition to direct customer contact, this also includes active problem-solving. In other words, there needs to be an overall view of customers that goes beyond the classic challenges of access authorisation – with a focus on customer data integrity, behavioural analysis and device mapping. The future is CIAM (Customer Identity and Access Management): It reduces security risks, lowers costs, increases the availability of applications and optimises the customer experience.

Using CIAM to ensure an optimum customer journey

Focusing on customer and partner identity management, Customer Identity and Access Management is dedicated to continuously improving the customer journey across all digital channels. As a nexus between IT and sales, it is, therefore, part of the digital marketing infrastructure and goes further than pure IAM solutions: Starting with the personalisation of social plugins that raise awareness of a brand, the customer profile grows through every contact with a company. This data can be linked to in-house sales and marketing activities to provide a consistent user experience. They can also create the feeling that the company knows the customer personally at all times and every point of contact. As a result, the site visitor develops into a loyal customer and personalisation is continuously optimised – from the front end to marketing automation. CIAM thus accompanies the customer on every step of his journey. This close link between the tools and the customer means that, on the one hand, they need to meet expectations and, on the other hand, they must constantly be expandable so that they can be adapted to different situations and different needs. However, this should be planned to prevent overloading the system afterwards and avoid delays. The basis is always fast and flexible customer authentication, independent of the preferred device. 

Professional digital identities – the focus of EIAM

EIAM stands for Enterprise Identity and Access Management and is often confused with IAM because they are aimed at a similar target group – the employees of a company. In fact, however, EIAM goes beyond the traditional access authorisation provided by IAM solutions. This is because it looks at the entire period an employee spends within an organisation, from the first day of work until the termination of a working relationship. Consequently, EIAM describes any use of digital identities and their access authorisations for systems and services. It includes the creation, application, administration and deletion of the identity. In other words, it is a combination of organisational management and IT. In this way, organisations ensure the consistent application of legal requirements such as compliance guidelines, as well as the integrity, trustworthiness and availability of information.

The difference between PIM and PAM 

Basically, the buzzwords PIM and PAM both refer to privileged accounts, which come in various forms. These include global administrators, domain administrators, local administrators, break-glass accounts and SSH keys for remote access. They may all have privileged access due to their application or the type of data used. To protect these accounts from unauthorised persons, the two tools mentioned above are used. PAM stands for Privileged Access Management and refers specifically to access management, i.e. the organisation of privileged passwords as well as accounts and the assignment of authorised actions. Specifically, it is about who has access to a privileged account and what precisely can be implemented after registration. In contrast to this, we have Privileged Identity Management, which is known by the abbreviation PIM. This relates to the technical perspective, i.e. how user accounts are classified in order to obtain a higher level of network privileges. The context results from the directory environment: PAM is located on-site in each system and focuses on access control there, while PIM performs the tasks in the cloud (AAD). In other words, the areas are related but focus on different areas of IT security.


Security meets customer experience – the benefits of CIAM