It’s hard to argue against the cost savings, agility and efficiency of the cloud delivery model. Despite these clear benefits, organizations should take care to acknowledge that building a bridge to the cloud is not without risks.
While developing the world’s most complete cloud-based enterprise identity and access management (IAM) solution, I repeatedly encounter organizations poised to take unnecessary risks as they bridge IAM infrastructure to new cloud, mobile and social use cases.
What are the biggest risks to avoid when bridging to the cloud? In my experience, they are:
- Incompatibility or integration issues;
- Global security and compliance issues; and
- Unforeseen costs.
1. Incompatibility or Integration Issues
When one of our current clients first approached us, it knew cloud/mobile-first initiatives were in its future but still had over 100 legacy enterprise applications that required IAM over a long transition period. It also had several line-of-business IAM requests from both internal departments and external partners. The client needed a future-proof IAM solution that could not only protect the legacy enterprise applications, but also serve as a strategic platform for protecting future cloud and mobile applications.
Although this organization was considering both IBM Cloud Identity Service and niche cloud IAM providers, it discovered an inherent risk by going with those niche providers. Those vendors had an incompatibility or inability to integrate with the more than 100 existing enterprise systems, ranging from those in business partner relations, materials purchasing, human resources, order management and customer relations — all of which were necessary for years to come while the enterprise completed its cloud and mobile strategy.
The other vendors might have been offering slick products, but they are predicated on cloud/mobile-first strategies. Those vendors could only have handled part of the requirements, not all of them.
2. Global Security and Compliance Issues
The use of IAM by one of our Fortune 10 clients to provide a more personalized Web experience for millions of its global customers demonstrates that IAM is no longer a cost of doing business but a business enabler. IT teams in smaller organizations realize this trend as well, especially when new business opportunities need IAM support.
If these new opportunities include globally expanding the ecosystem of identities and assets, a business can be taking a considerable risk with niche cloud IAM vendors. They may lack capabilities and experience in the global marketplace where compliance with local data privacy and security regulations is a must.
An organization can avoid risks in global security and compliance in two ways. First, choose a cloud IAM vendor who is able to offer a horizontally and vertically integrated management strategy spanning a global infrastructure platform, cloud software and professional services. Only such a vendor can assure end-to-end control of the service on a global scale.
Second, ensure that the cloud IAM vendor’s claims about having a depth of experience in global security and compliance is validated by both the market and analysts.
3. Unforeseen Costs
We recently had a government organization inquire about the costs of IBM Cloud Identity Service versus the competition. On the surface, we were told the competition had a lower cost of entry. But as with any service, there is a near-certain risk of additional costs associated with introductory-level pricing schemes.
Getting the most out of your money should be a given when comparing the prices of cloud IAM vendors. If the price seems low, be wary: You are likely paying for only one or, at best, a few basic IAM features.
Buying these shallow features today will force your team to source and pay for additional products from other vendors in the near future. You can virtually eliminate this risk by selecting an enterprise-level cloud IAM with a full set of premium IAM capabilities, which can be used in combination or à la carte as they become necessary. This one-solution approach allows you to intelligently isolate costs and fund investment dollars toward only those IAM capabilities that are in demand for the organization.
Take the Next Step Toward the Cloud
There are specific risks involved in bridging your IAM infrastructure to the cloud. You can avoid these risks by choosing a cloud IAM vendor capable of seamlessly integrating with both internal on-premises systems and external cloud applications. Your vendor’s expertise in security and compliance can also minimize your organization’s risk, especially when new business opportunities expand the ecosystem of identities and assets into the global marketplace.
Finally, to reduce the likelihood of facing unforeseen costs, choose a scalable, future-proof solution that allows you to turn on new features as you need them.