7 Key Costs Areas to Investigate When Purchasing an Identity and Access Management Solution

7 Key Costs Areas to Investigate When Purchasing an Identity and Access Management Solution

The true cost of ownership.

So you think Identity and Access Management (IAM) product licensing is your main financial concern with an identity management project…? Think again! Unfortunately, many organizations undergo a very shallow evaluation of total cost of ownership (TCO) when selecting a solution, and this results in unexpected costs that end up dooming projects with cost overruns and diminishing business benefits as scope must be cut to save money.

In today’s age, it is common to see the big name vendors practically giving away their software knowing that implementation fees and long-term engagements will easily make up the bulk of revenues. The primary reason for this is that the old-school legacy identity manager solutions (think Oracle, Sun, Microsoft, IBM, CA) are complex and require considerable services and development resources to successfully deploy. Compare this to next generation identity and access management software solutions who have slightly higher license costs but dramatically lower implementation and support costs and the real TCO will quickly be uncovered.

Below are some key cost areas you should investigate when pursuing an IAM Program.

  1. Hardware Costs: What is the architecture of the solution? How many servers are actually needed and can the solution run on top of existing hardware?
  2. Software Costs (infrastructure-related/OS/DB): What Operating System does the solution run on and do licenses need to be purchased? What database is used, and are you currently licensed for that version of the database (i.e. MSSQL vs Oracle)? Don’t just think about one-time costs, think about the impact of introducing new technologies if they do not match your enterprise architecture standards. For instance, think twice about selecting a Java-based solution if you have no in-house Java expertise.
  3. Product Licensing/Maintenance: Often a small component of an IAM implementation, one-time product costs must be evaluated holistically with all other costs.
  4. One-time project costs to implement: This is where major financial impacts come into play. Review implementation project costs seriously because they can dramatically impact the total spend in an IAM project. Does the solution take 400 man-days of effort or 100 man-days of effort to implement? Think of the resource costs along with product costs to come up with an accurate picture of the total solution cost.
  5. Ongoing Support costs (Application Management): Once the solution is up and running, what will the ongoing support costs be? Do you have in-house expertise to support it, or is it a technology that requires external support assistance (resulting in higher costs)? Will simple types of support calls require developers or specialty resources to solve the issue or can changes be implemented quickly via a GUI configuration?
  6. Depreciation of old identity manager: If an older identity manager is being depreciated as part of a legacy migration make sure you talk to your finance team to account for any hidden costs.
  7. Ongoing modifications/business changes: Like it or not, business process changes will occur that will require modifications to your identity and access management solution. How easy is it to change the solution to meet ongoing business changes? If developers are needed, plan on hefty ongoing costs to keep the solution working effectively. If the solution is easily configurable, ongoing maintenance will be easier resulting in fast adaptation to business changes.  Being able to adapt quickly results in operational improvements that are hidden cost savings.

By thinking of all these items, you can make an intelligent business decision around which type of identity management solution should be selected. As stated above, product licensing is a small piece of the puzzle, so be sure to look at the big picture to make a smart business decision.

Follow Avatier Chief Innovation Officer and Chief Information Security Officer, Ryan Ward, on Twitter at https://twitter.com/ryawarr

Watch the Avatier Identity and Access Management Time to Value Gwinnett Medical Center Customer Testimonial

top 10 identity manager migration best practices Free Top 10 Identity Manager Migration Best Practices Workbook

Learn the Top 10 Identity Manager Best Practices to lower your migration risk. Use this identity manager planning guide to ensure a smooth transition to Identity Management HD.

Written by Ryan Ward

Ryan Ward is CISO at Avatier, responsible for security initiatives as well as strategic direction of IAM and security products. A sixteen-year veteran of the security industry, Ward comes to Avatier after five years with MillerCoors where he served as Enterprise Security Manager of the brewing company and USA Information Security Officer for the public company SABMiller. In those positions Ward was responsible for all Information Security initiatives for MillerCoors. Prior to MillerCoors, he served as Senior Information Security Leader at Perot Systems while supporting the Wolters Kluwer account. He previously held the position of Vice President of Information Systems for Allscripts.

Ryan is also a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP).