websights IAM: How mature is your Identity and Access Management strategy

Looking for inwebo.com? You are in the right place! Read all about it in our blog post

Come and join us in person at upcoming industry trade shows and conferences

How mature is your Identity and Access Management strategy?

Is there any company that is not engaging in a digital transformation? Is there any company not focusing on digital channels to better serve its customers? Probably not. What I have noticed though, over the past year, when discussing the role of Identity and Access Management in digital transformation, is that each company is evolving at its own pace, but it usually follows the same steps.


It is inevitable that companies move faster towards digital maturity in industries that were disrupted early on. Industry, in itself, is not the only differentiator for maturity: even inside one industry, some enterprises are faster than others, simply because they have the mindset of an innovator. The observation that companies are at different stages in their transformation journey intrigues us. That’s why we have embarked on a research project together with Forrester to map out the state of digital transformation, as seen from the angle of Identity and Access Management.

Five stages in the TrustBuilder Maturity Model

We developed a maturity model with five distinct stages. These stages vary from a mere digital presence, up to using digital transformation to implement new business models and new ways of generating revenue.

First stage: Digital Developers

In this stage, a company is opening up its legacy applications, has brought its catalog of services online and offers its services through a web application or a mobile app. No services from third parties are offered, the catalog is restricted to the company’s own services. You might think that every company is already well past this stage, but this is not necessarily the case. While it would be difficult to find a bank that does not have its own mobile app, this is not so for insurance companies or HR services providers.

Second stage: Experience Experts

Companies in this stage realize that customer experience is important when offering services through digital channels. From an Identity and Access Management standpoint, this means companies will move away from username and password combinations or hardware tokens. Instead, they will offer Single Sign-on capabilities, passwordless authentication or allow their customers to use Identity Providers such as itsme or eHerkenning. Some companies will also build their own signing applications, and embed adaptive security that applies step-up authentication only when required, thus avoiding countless authentications.

Third stage: Connected Companies

Connected Companies are opening up to the external world. For retail banks, for instance, this may mean implementing PSD2 Access to Bank Accounts adopting standards of the Berlin Group or Open Banking. Connected Companies are enabling integration with third-party platforms and applications and are using APIs to do that. This requires the right level of API security.

Fourth stage: Ecosystem Extenders

Now that customer experience is good and security optimal, companies start offering add-on services to their customers. Their own applications are enriched with content and services from third parties. This has a double advantage: by adding more services, customers will use the app more often, and prospects will discover the core services of a company by checking out the extra free services. As an example: Belgian bank KBC is allowing prospects to use mobility services in its app for free. That way, potential new banking customers can discover the high level of service on offer and become a client.

By creating digital ecosystems, banks are becoming ‘supermarkets of services’. As recent research from Deloitte shows, this approach works: banks that are considered digital champions can boast a better return on equity and are 4% more cost-effective.

What we are seeing in the market is that the ecosystem that banks are building, differentiates them. Some offer only services that are closely linked to their core business, i.e. financial services. Others go much broader, building a portfolio that includes, for instance, travel or utility services.

Fifth stage: Monetizing Masters

While these extra services in stage four still came in a ‘freemium’ model, stage five is where service providers start monetizing the extra services they offer. This can be in a reseller model, through a reseller commission, or simply by combining services into bundles and putting a specific price tag on that services bundle. An example from abroad is for banks to help customers seek premises for their business through a partnership with a real estate firm. Customers may be willing to pay for this help, while it allows a bank to know about purchase plans early. The bank can then capitalize on that opportunity to offer a mortgage. This allows a bank to sell both pre-buying services, mortgages and aftersales services (insurance products, for instance). No wonder we are seeing partnerships between banks, real estate websites and insurance companies.

Will you lead or follow?

Ecosystems are the way forward, and the way companies build these ecosystems to empower new business models will make the difference between leaders and followers, as Arnoud De Meyer and Peter J. Williamson explain in their book ‘Ecosystem Edge’. Companies cannot afford not to take part in an ecosystem. As an example: PSD2 forces financial service firms to exchange data with other players in the market, and they inevitably end up in an ecosystem.

The evolution towards new digital business models is unstoppable. Knowing where you stand and what gaps you still need to fill as you evolve in your digital journey will help accelerate your transformation.