How Do You Choose the Right IAM Solution? Here Are 4 Questions You Should Ask

September 18, 2017

Cloud based services dominate today’s world and over the past few years, delivering cloud based IAM solutions is no exception. The right solution can reduce risk, cut down costs and save time, but choosing the right IDaaS vendor requires careful consideration. Putting together some basic questions to ask while covering several key elements is a first step. So…where do we begin?


Is It a True Hybrid Solution?

Ask your prospective vendor if they truly provide a hybrid solution with control and access across on-premises and SaaS-based applications. Federation for SaaS apps is a great first step, but larger companies will demand solutions that are more mature and can handle the complexity challenges of hybrid environments that include legacy on premises apps as well as new SaaS apps. If these on premises IAM capabilities aren’t supported, then companies will need to deal with disparate solutions, and that will be a struggle. At the very least, a solution should provide a single identity to access all apps -- wherever they may reside -- and from all end user platforms (i.e. desktops, laptops, and mobile devices).

How Do You Manage Access From Mobile Devices?

Today’s cloud enabled and mobile world go hand in hand and identity must be about the user... and the device.  Secure access needs contextual trust -- is your device known, managed and secured? If your org has committed to a BYOD policy, does the solution at hand support iOS, Android, Windows, etc.? Unfortunately, most IDaaS solutions fall short when it comes to mobile support because they were built and architected before mobile devices became so prominent in accessing apps. Look for vendors that provide means to ensure that these end devices are trusted and secure. Look for those who have unified mobile and app access management as it reduces repetitive tools, processes and skillsets. There is a true convergence of mobility and identity and they should go hand in hand.


How Robust Are the Access Policies?

Passwords alone can’t be trusted to properly and securely identify users and you need a solution that incorporates strong authentication and a common multi-factor experience across your apps (SaaS, cloud, mobile, and on premises). Gartner confirms this by stating,

Use multifactor authentication (MFA) and adaptive access to the front door of the kingdom, meaning use MFA capabilities rather than only passwords when signing on to the IDaaS service.”  

The basics to ask your prospective vendor is if they can support various authentication methods (i.e. support for password, soft token, hard token, biometric, and mobile device authentication). The next step is to look for MFA based on user behavior, flagging further authentication for “risky” behavior and creating automated policies that only challenge for authentication when user behavior is outside norms.

Do You Need a Point Solution or Full Platform?

What is the end goal? Point solutions will address the basic benefits of IAM but at the end of the day, you need a provider that can also address your foreseeable future needs. Too often we make the early decision of focusing on our immediate need and we ignore the complete, integrated platform by using several single point solutions wired together (i.e. EMM, MFA, SSO, etc.). Frustration will soon build, accompanied by too many logins, integrations, and various challenges. The advantages of an integrated platform are far too large to ignore. Focus on an IDaaS provider that offers integrated technologies, and the ability to provide secure access for all users and solve actual problems, not just provide more tools.

Selecting the right IDaaS platform can be a challenging project and these are just some basic questions to help create and better understand your own specific requirements, before creating your long list. Leveraging analyst reports, such as Gartner, Forrester, and KuppingerCole, are also incredibly useful. Once you’ve defined your requirements, just as important is to vet and validate these capabilities customer reviews and testimonials as well. Independent sites such as FeaturedCustomers, aggregates customer reviews, customer videos and case studies, aiding the purchasing process when you are ready. There’s nothing basic when it comes to choosing a cloud identity solution, but as you start to answer these key questions, they will inevitably help you in creating your own specs of the significant capabilities necessary for your organization.

Learn additional key criteria for selecting an IDaaS vendor here.

This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.