Internal Considerations

Topics to reflect on internally when considering a new product or solution.

Top Prerequisites – Technical

If your organization decides to transition from an on-premises IAM deployment to a cloud-based approach, you will need to carefully assess the gap between the technical capabilities desired by your organization and those offered by the IGA vendor. Thus, there are some technical prerequisites that should be considered before selecting an IGA solution.

Product Scalability

Relying just on existing on-premise directory services limits the flexibility and scalability of supported IAM functions including authentication and authorization to on-prem as well as cloud applications. By carefully analyzing the product's scalability, your organization has the potential to grow and expand while being able to adapt to business changes in an agile and cost-efficient way. Along these lines, it is important to understand the architecture types of IGA vendors to assess whether their solution will provide you with the ability to grow and meet your organization's needs.

Support for Industry Standards

Success of IDaaS implementation depends on the flexibility of the vendor to support both access and provisioning related industry standards and protocols. For instance, commonly asked for authentication and identity federation standards include support for LDAP while user provisioning services commonly require support for SCIM.

Integration and migration from legacy IAM Systems

A common issue with legacy systems is the inability to remain agile and adapt to the new business models in an ever-changing world. In order to transition to a more modern IAM architecture, organizations require high flexibility, SaaS solutions, API support, the use of container-based deployments and microservices among other things. IDaaS IGA vendors thus provide a strong alternative for organizations looking to adopt cloud-based delivery of IAM services and wishing to replace existing legacy systems on-premises.

Technical Knowledge and Skills

Typical job roles that use Access Management, IGA, and Access Governance functions are security analysts, system administrators, and identity managers. If there is a lack of these skills, then the vendor should have a training program to grow them or identify technical partners to provide these skills in the short term. Also, consider how managed services can be used in the absence of these skills.

Top Prerequisites – Organizational

A successful passwordless vendor selection depends not only on the technology selected. There are also various organizational prerequisites that are important to consider. The following table lists the top organizational prerequisites.

Overall IT Governance

Since cloud services are outside the direct control of the customer organization, the overall responsibility and security is shared between the customer and the Cloud Service Providers (CSP). By having a common governance approach, the customer thus ensures that its organization adheres to industry standards, compliance and regulations. This is of particularly importance in a hybrid IT environment and deployment model.

Managing Stakeholder's Expectations

As part of your internal IAM program management, it is essential to identify your key stakeholders and that their IAM priorities are satisfactorily met with IGA adoption. Provide your key stakeholders with a program roadmap and information on how their primary IAM requirements will benefit from adopting IDaaS IGA in contrast to the current or traditional IAM delivery.

Having defined service-level agreements (SLAs)

IGA vendors should provide SLAs depicting their responsibility to safeguard customer data and prevent data loss and data integrity issues, especially for cloud-native services.

Baseline Controls

An understanding of baseline controls for availability, viability, physical and logical security are important to be considered and evaluated as per your organizational policies. Understand your baseline requirements and evaluate the vendors that satisfy your baseline operating requirements.

Data Residency

By ensuring that your employee and organization's data is securely stored in your local environment, your organization will be complying with privacy and data residency regulations. This could significantly improve security, data flows, and trust in your organization.