There can be no doubt that cybersecurity threats are real and increasing in volume and complexity. Not taking a proactive stance puts your organization at high risk for a breach. According to the Verizon 2017 Data Breach Investigations Report, 62 percent of data breaches last year were the result of hacking. Of those hacking-related breaches, 81 percent were caused by stolen or compromised credentials.
The report also found that 60 percent of the breaches in the “insider and privilege misuse” category were perpetrated by insiders stealing data in the hopes of converting it into cash.
“Many organizations are still relying on defenses that are out of date. It’s tempting, especially if you didn’t suffer a major incident, to keep the same defenses from year to year,” the report’s executive summary observed.
It is clear from the Verizon report that identity and access management (IAM) can no longer be viewed as an efficiency or compliance tool but must be seen as the core of your security program. Now is the time to upgrade to a modern IAM system.
What Is the Best IAM Path?
When it comes to augmenting or upgrading your identity management infrastructure, what is the best path? Should you choose a single-vendor platform or multi-vendor point products?
According to research by the Aberdeen Group, there has been a marked shift from IAM point products to a vendor-integrated IAM approach in the enterprise. “Any approach that shifts the burden of integration from the enterprise to the solution provider is a welcome trend,” the report noted.
The Aberdeen Group found that deploying a vendor-integrated IAM platform can provide cost savings of up to 48 percent, leading to 35 percent fewer deficiencies.
This blog series will explore factors to consider when buying IAM technologies, starting with procurement and implementation.
So, what can you expect from a single-vendor platform versus multi-vendor point products as you go through the procurement process and into implementation?
Buying an IAM solution is like buying a car. The process can be long and drawn out, and there are often lots of salespeople to deal with. It is very difficult to make an apples-to-apples comparison with both cars and IAM solutions. The differences between products can be nuanced, making the buying process difficult.
- Single-vendor platform: It is simpler to procure an IAM solution from a single vendor because you are evaluating a smaller set of vendors with different strengths and weaknesses. The most competitive vendors will be able to offer flexible packages that meet your specific needs.
- Multi-vendor point products: When you use IAM point products, you need to deal with a lot more vendors, more negotiations, and more contracts. Not every contract is going to run the same length of time or will be renewed at the same time. The process is more involved and time-consuming.
You are likely to encounter challenges in implementing whichever system or systems you ultimately purchase. Make sure whatever you buy is highly configurable rather than customizable, which entails coding and can be expensive to manage. You should also ask if you are getting what you saw in the demos and not a shell that will require a substantial service engagement to get it up and running.
- Single-vendor platform: It is generally easier to install single-vendor solutions because you are dealing with only one set of programs and protocols to integrate into your existing systems. It is the responsibility of the vendor to integrate its products with your infrastructure.
- Multi-vendor point products: You have to integrate disparate and possibly incompatible systems. Rather than one implementation project, you will be overseeing four or five. The costs are likely to go up rapidly. When things go wrong, you can expect a lot of finger-pointing.
When considering a new IAM solution, there are going to be a multitude of things to weigh. How painful will the procurement effort be? How difficult will the implementation be at my organization? For both of these questions, a single-vendor platform wins hands down.
In the next blog post in this series, we will compare a single-vendor platform to multi-vendor point products in terms of integration complexity. Stay tuned.