Overcoming Barriers to Identity-as-a-Service

Like many organizations, you may be considering a cloud-based identity service (also referred to as Identity-as-a-Service, or IDaaS). If you are unsure whether a cloud-based solution is right for you, we recommend that you take a look at our recent blog post on that subject. If you decide that IDaaS might be a good fit for your organization, it’s likely that you’ll begin thinking about some potential barriers to IDaaS. Let’s address each of these head-on, and see whether these obstacles are ones that can be overcome.

It’s Not Stable Enough

Many times, organizations are concerned that a SaaS application will offer less stability than a functionally equivalent system deployed on-premise. Is this in fact the case? Many enterprises have single points of failure within their IT infrastructure by design. It’s well known that organizations simply can’t justify fully redundant infrastructure for 100% of their applications – they have to choose just the key systems. Compare this with a cloud-based IDaaS system, which is likely running on a commercial-grade cloud infrastructure. This is much more robust than most organizations’ standard infrastructure and as a result, is likely to offer a higher level of uptime.

It’s Not Secure Enough

This is a valid concern, as your IDaaS system and its associated data are now stored outside your organization’s traditional boundaries. First, we need to puncture the assumption that on-premise is automatically more secure than cloud-based. The era of organizations having airtight perimeters is over – due to both a business need to open up internal applications to customers, partners, and suppliers, as well as a sophisticated set of attackers who can penetrate most any organization. We’re seeing some of the ramifications of this, with near-weekly data breaches in the news. In comparison, IDaaS services are typically deployed with a very limited set of entry points, which narrows the possible ways in which an attacker might gain entry. And most IDaaS vendors undergo rigorous and ongoing penetration tests to ensure that the front door of their systems is secure and up to date.

It Costs too Much

It’s well-known that SaaS solutions significantly change the cost model for enterprise applications. Traditional on-premise systems are typically licensed with an upfront capital expense, with annual maintenance charges. With SaaS, these costs typically shift to a subscription-style approach, which are usually classified as operational expenses.

Putting the dollar amounts aside for a moment, the first question to ask within your organization is whether and how up-front capital expenses (CapEx) are treated differently from ongoing operational expenses (OpEx). For some enterprises, it’s much simpler and easier to obtain funding and execute for OpEx vs. CapEx. If this is the case, it might make IDaaS a more compelling option.

Assuming that both options are on the table, make a back-of-the-envelope calculation for on-premise vs. SaaS costs. Keep in mind that even though prices will naturally differ between vendors, the capabilities and implementation costs of solutions will also differ. If vendor A’s product requires a lot of custom coding while vendor B provide a simpler configuration-based deployment, then vendor B may be a better option even if the license costsappear to be higher. All things being equal, SaaS solutions are typically simpler and faster to deploy and operate versus on-premise systems, which translates to lower costs of ownership.

It Doesn’t Work with my On-Premise Apps

Some IDaaS vendors that claim to offer services such as “enterprise identity management,” are really just focused on managing access to external SaaS business applications. These vendors may provide the ability to connect to on-premise directory systems but will fail to integrate with your on-premise applications. That’s why it’s really important to validate that vendors you’re considering will work with your on-premise systems. We recognize this, and built our IDaaS offering, MyAccessLive, to use some of the same advanced integration technology as our award-winning, on-premise identity governance solution.

So this is a legitimate requirement and may in fact be an insurmountable obstacle for some vendors.

It Breaks my Existing Processes

You should view the deployment of an IDaaS system (or any IAM system, for that matter), as the opportunity to engage with the line-of-business, analyze, and improve your current business and technical processes. Some IDaaS vendors will impose changes on your processes due to technical limitations, while other vendors provide more flexibility to adapt the technology to match your current processes. But – please – don’t fall into the trap of automatically accepting your current processes as gospel and just automating them. View an IDaaS deployment as an opportunity to change your processes for the better and to thoughtfully validate that other processes are good as-is.

Interested in learning more about overcoming barriers to Identity-as-a-Service, please visit our interactive recommendation tool to get started.

No Comments