Identity Management Automation:
Vendor Vs. In-House Solution

Has someone from your organization approached you about automating manual identity management processes?  Let’s face it, there are many mundane tasks present in any given business day.  A majority of these tasks could be streamlined or made more efficient, so why not look at your options for automation?  Identity Management is a vast space of vendors and choices:  Are you looking for products that can integrate with many different applications out-of-the-box, scale well in growing environments, perform efficiently, facilitate great user-experiences with enhanced user-interfaces, or maybe a little bit of all of the above?  Going with a vendor and a consulting agency may appear quite costly, and it may seem enticing when an ambitious director approaches you with the option of developing a solution in-house.  However, there are a few questions you should ask yourself before going that route.

The home-grown IDM pitch typically starts with ostensibly sound arguments:  It will be cheaper, more customizable, and better tailored for our needs than if we go with an established Identity and Access Management tool or an Identity, Governance, and Administration tool. These may all seem like reasonable arguments, but you have to consider the potential costs over time.  In the short-run, using in-house talent to craft a provisioning-engine appears cheaper than purchasing software from large IGA organizations and hiring an external consulting agency to install and configure it.  You’ll initially forego the cost of buying the software or hiring an outside consulting firm, but you’ll end paying with the time of your internal resources for architecting, developing, and implementing this new solution.  You ultimately have to ask yourself, “What am I aiming to accomplish with this project?”  Are you merely integrating into a directory and provisioning or de-provisioning accounts and access?  Are you reading from some authoritative source, like a Human-Resources database, to act upon changes detected in data?  Do you want to direct your users to an internal site where they can input data and take advantage of form automation?  Where are you housing this metadata to use for automating the lifecycle of your employees and contractors?  How are you maintaining connections into these systems, and what happens if one of the applications experiences a failure, or is upgraded or patched in a manner that causes your previously established code not to function correctly?  Worst of all, what happens when the individual or small team responsible for implementing this solution leaves your organization?  Does the solution cover your auditing and compliance requirements?  Can you report on the activities that occur with the automation you are putting into place?  Does the proposed system easily allow for reviewing end-users’ access?  Will the system be easy to navigate and interface with for the average user?

The Costs Of Going In-House With Identity Management Automation

The reality is that most home-grown solutions end up falling short in many of these categories.  Even with an excessively large team, many organizations who go it alone find that they’re unable to meet deadlines or the desired functionality.  Most employees tasked with developing automated solutions still have to focus on their day-to-day tasks and projects like those mentioned above which end up taking much longer than expected.  Identity, Governance, and Administration vendors don’t have to worry about these issues.  Their architects and developers are wholly dedicated to improving their products, and their teams are vast.  This means that when applications are updated, the out-of-the-box connectors for the IGA solution are typically updated shortly after.  Vendors like SailPoint and NetIQ have been around for a long time and have an excellent feel for business needs.  They’re very conscious about security, auditing and compliance, the user experience, and the lifecycle of employees.  When you go with a vendor, you don’t have to worry about getting blindsided by a security flaw, a missed requirement, or shortcoming in reporting or auditing.  The reality is that the costs associated with home-grown IGA products drastically grow over time, and businesses that thrive almost always out-grow their home-grown solutions.  Going with a known vendor and a trusted partner, on the other hand, may be more expensive up-front, but the return on investment is drastically better in the long run. Another added benefit of going with an established name is that there is always talent available on the market to manage such systems.

Are you in a situation where you are considering looking at creating a home-grown solution?  Do you already have an in-house solution in place?  If you are looking for advice or are looking to move away from an existing in-house solution, please contact GCA Technology Services, and we’ll be happy to provide guidance!