Some purchases are simple and low risk. If you buy blue pens instead of black pens, you may have some annoyed staff. On the other hand, buying security software is more complex. Compared to commodities and office supplies, identity management software is special because it plays a central role in protecting your company from attackers and audit failures. Unfortunately, many firms use industrial era procurement processes — designed to buy office carpets and printer paper in bulk — on this software. Using an antiquated procurement process is just one way you might be making a mistake on your next purchase.
The Most Common Identity Management Buying Mistakes
Which of these buying mistakes are you making?
1. Using a Commodity Purchase Approach
If your company has been in business for a long time, you may have a well-established procurement system. Applying this system to selecting an identity management vendor may not work. Why? Traditional procurement processes are often designed to buy physical products or commodities like raw materials. In contrast, your company only needs one identity management solution. This is just the tip of the iceberg of buying mistakes you may be making.
2. Not Asking About Training and Documentation
Have you ever asked for a manual for an iPhone app? The answer is probably no. Operating without a manual and documentation is fine for a consumer app. It’s a different story when you are configuring an identity management solution. It is critical that you take the time to inspect the vendor’s website and ask questions about documentation. In fact, documentation may not be enough. If you are overhauling your cyber security program, ask about the vendor’s training options.
Tip: Training videos are a great way to help users understand how to carry out common tasks because they can pause and rewind as needed. Don’t skip this training resource in your training process.
3. Fixating on Price
Price matters, but if your buying process compares identity management vendors solely on price, you are likely to have problems. For instance, if you have non-technical staff assessing vendors, they may not understand the technical details. As a result, business decision makers may decide to focus on the one variable they do understand — price. Ultimately, vendors and buyers benefit from considering a variety of factors that go beyond price.
Tip: If you save 10% on your cybersecurity costs this year and get hacked next year, will senior management be impressed?
4. Neglecting the End User Experience
Some identity management solution purchases are driven by a sense of urgency. Auditors may have pointed out deficiencies in internal controls. The company may have suffered a hacking incident. In these situations, there may be a drive to buy and implement new software quickly. This need for speed may lead to a mistake: neglecting the end user experience.
When the user experience is neglected, you are more likely to face resistance and inconsistent usage. That means you will not receive the full benefit of the identity management solution. To avoid this mistake, make sure that some of your end users are involved in the buying process.
5. No Cybersecurity Assessment
Implementing an identity management solution has a significant impact on your cybersecurity efforts. That’s why we recommend involving your cybersecurity professionals in the selection process. They may suggest tests and identify technical issues that may not occur to a business user. To minimize the risk of buying the wrong solution (and leaving yourself exposed), make sure your securing staff are involved.
6. No Identity Management Program and Process
Buying an identity management software solution is not enough to protect your organization. We’ve all bought software and resources that collect virtual dust. If your identity program is only used by half your staff, you may be lulled into a false sense of security. For the best results, integrate your identity management software into a wider program. For example, organize training sessions for managers so that they understand their oversight responsibilities.
7. No Analysis of Your Current State
Buying a security software product without assessing your current business state is a mistake. To understand your current state, take note of the following points:
- Do you have a centralized identity and access process?
- Do you have KPIs (key performance indicators) or other reports related to identity management?
- Is your identity management depending on manual processes?
- What “super” or administrative users do you have for your various systems?
- Does your current process produce suitable evidence for audit review?
8. No Identity Management Automation Capabilities
Skipping the opportunity to streamline your procedures and save time is a mistake. You might start the process by focusing on compliance issues. However, you should also look for opportunities to save time. If your managers and technicians currently spend hours each year preparing for audits, you can probably reduce that time by using automation.
9. Ignoring Identity Management Reports
At first glance, reports and tracking may seem unimportant. That perspective overlooks the fact that multiple users at your company rely on identity reports to do their work. Auditors need reports to carry out their reviews. Managers need reports to check whether their employees have appropriate access. During the buying the process, take the time to inspect whether the identity management solution has relevant reports.
Tip: Look for the option to customize reports so that each stakeholder at your company receives what they need to do their work.
10. Ignoring Mobile Device Support
In the past, users expected to carry out corporate functions like identity management at their desk. Expectations have changed — most business users rely on their mobile devices to carry out much of their work. Before you select an identity management vendor, test their mobile capabilities. For the best results, ask both technical and business users to experiment with the mobile interface.
Making Sense of the Mistakes
If you have made a few of these buying mistakes already, don’t worry. Few companies have a highly developed process in place to buy identity management software. Not sure where to begin? Start by examining your current state.
3 Ways Identity and Access Management Makes Agencies More Efficient and Secure (Fed Tech Magazine)
5 Questions You Need To Ask Yourself Before Choosing an IAM Solution (Solutions Review)
Identity and access management: Beyond Compliance (Ernst & Young)