Have you ever walked into a store to buy something very specific but ended buying a lot more than you actually use or wanted? If you answered yes, chances are that you did not have a choice as what you wanted was packaged as part of something larger. The end result is that the extra stuff not only burnt a big hole in your pocket but also ended up taking “shelf space”.
Well, that happens more often than you think when purchasing software solutions too!
This is especially true in the IAM/IAG space with most of the existing vendors selling product suites that are large and cumbersome. The customers who have purchased the suite end up scaling up the project scope (time, effort and money) to realize the ROI, and in most cases do not get anywhere closer to the promised returns.
Does this model make IAG inaccessible to a majority of the companies? Are these vendors and companies missing out on a critical need that can be better met by providing these as services??
Every IAG implementation has two primary considerations:
Coverage denotes the scope of users and applications that need to be brought into the purview of IAG.
Maturity levels of the implementation could be:
Some companies (typically those that are heavily regulated) are at full maturity and need coverage for their entire user and information assets base. For these companies, buying a product suite and everything that it entails is the right decision.
But for most companies, the maturity level and the coverage requirements do not justify a full product suite purchase and implementation. These companies should have an option to buy IAG services that allow them to get to the desired results speedily and at a low cost.
In our experience, we have found that many companies start by doing access audits on a small set of critical applications and their users. In almost all cases, these companies detect significant violations, and take corrective actions outside of the IAG systems. For many companies this is probably all that is required of IAG….periodic access audits! These have numerous pitfalls and isn’t the correct way to tackle IAG (We will cover more on this is a separate post)
But most companies would like to implement IAG systems to do some level of access certification for internal or external compliance. These companies do not have formal compliance teams or IT to handle this. They typically use very labor intensive and error prone processes to achieve the certification. Such companies are at an intermediate maturity level, and would like coverage of probably all of their internal users and applications.
But then, the problem of buying something that is more than what is needed rears its ugly head for these companies. They may not have the budgets to embrace a full suite. What is needed for this majority is a platform that is a) Capable of delivering exactly what the organization wants (no extra shelf space and burning holes in the pocket) b)Available as service that is agile, adaptive and can be on boarded rapidly.
As companies get higher up in maturity or coverage (or the other way around too!), having IAG solutions available as services that can scale can be of immense help. As seen above they can help companies fast-track basic IAG (which may be all that a company may need) at a very low cost, or get to intermediate implementations suitable for many midsize companies at a very reasonable cost and time-frame.
Tuebora has recognized this need and has built a IAG solution available as a service. Its flagship platform iGovernance 360 is built to offer Inclusive IAM/IAG for organizations of any size. Available on the cloud as well as on premise, iGovernance 360 gives organizations the power to buy the right fit for their governance needs.