February 26, 2016 By Eric Maass 3 min read

It’s hard to argue against the cost savings, agility and efficiency of the cloud delivery model. Despite these clear benefits, organizations should take care to acknowledge that building a bridge to the cloud is not without risks.

While developing the world’s most complete cloud-based enterprise identity and access management (IAM) solution, I repeatedly encounter organizations poised to take unnecessary risks as they bridge IAM infrastructure to new cloud, mobile and social use cases.

What are the biggest risks to avoid when bridging to the cloud? In my experience, they are:

  1. Incompatibility or integration issues;
  2. Global security and compliance issues; and
  3. Unforeseen costs.

1. Incompatibility or Integration Issues

When one of our current clients first approached us, it knew cloud/mobile-first initiatives were in its future but still had over 100 legacy enterprise applications that required IAM over a long transition period. It also had several line-of-business IAM requests from both internal departments and external partners. The client needed a future-proof IAM solution that could not only protect the legacy enterprise applications, but also serve as a strategic platform for protecting future cloud and mobile applications.

Although this organization was considering both IBM Cloud Identity Service and niche cloud IAM providers, it discovered an inherent risk by going with those niche providers. Those vendors had an incompatibility or inability to integrate with the more than 100 existing enterprise systems, ranging from those in business partner relations, materials purchasing, human resources, order management and customer relations — all of which were necessary for years to come while the enterprise completed its cloud and mobile strategy.

The other vendors might have been offering slick products, but they are predicated on cloud/mobile-first strategies. Those vendors could only have handled part of the requirements, not all of them.

Get My Cloud TCO Assessment Now

2. Global Security and Compliance Issues

The use of IAM by one of our Fortune 10 clients to provide a more personalized Web experience for millions of its global customers demonstrates that IAM is no longer a cost of doing business but a business enabler. IT teams in smaller organizations realize this trend as well, especially when new business opportunities need IAM support.

If these new opportunities include globally expanding the ecosystem of identities and assets, a business can be taking a considerable risk with niche cloud IAM vendors. They may lack capabilities and experience in the global marketplace where compliance with local data privacy and security regulations is a must.

An organization can avoid risks in global security and compliance in two ways. First, choose a cloud IAM vendor who is able to offer a horizontally and vertically integrated management strategy spanning a global infrastructure platform, cloud software and professional services. Only such a vendor can assure end-to-end control of the service on a global scale.

Second, ensure that the cloud IAM vendor’s claims about having a depth of experience in global security and compliance is validated by both the market and analysts.

3. Unforeseen Costs

We recently had a government organization inquire about the costs of IBM Cloud Identity Service versus the competition. On the surface, we were told the competition had a lower cost of entry. But as with any service, there is a near-certain risk of additional costs associated with introductory-level pricing schemes.

Getting the most out of your money should be a given when comparing the prices of cloud IAM vendors. If the price seems low, be wary: You are likely paying for only one or, at best, a few basic IAM features.

Buying these shallow features today will force your team to source and pay for additional products from other vendors in the near future. You can virtually eliminate this risk by selecting an enterprise-level cloud IAM with a full set of premium IAM capabilities, which can be used in combination or à la carte as they become necessary. This one-solution approach allows you to intelligently isolate costs and fund investment dollars toward only those IAM capabilities that are in demand for the organization.

Take the Next Step Toward the Cloud

There are specific risks involved in bridging your IAM infrastructure to the cloud. You can avoid these risks by choosing a cloud IAM vendor capable of seamlessly integrating with both internal on-premises systems and external cloud applications. Your vendor’s expertise in security and compliance can also minimize your organization’s risk, especially when new business opportunities expand the ecosystem of identities and assets into the global marketplace.

Finally, to reduce the likelihood of facing unforeseen costs, choose a scalable, future-proof solution that allows you to turn on new features as you need them.

More from Cloud Security

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Best practices for cloud configuration security

5 min read - Cloud computing has become an integral part of IT infrastructure for businesses of all sizes, providing on-demand access to a wide range of services and resources. The evolution of cloud computing has been driven by the need for more efficient, scalable and cost-effective ways to deliver computing resources.Cloud computing enables on-demand access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) over the internet. Instead of owning and maintaining physical hardware and infrastructure, users…

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today