Internal Considerations

Topics to reflect on internally when considering a new product or solution.

Top 5 Prerequisites – Technical

If your organization decides to transition from an on-premises IAM deployment to a cloud-based approach, you will need to carefully assess the gap between the technical capabilities desired by your organization and those offered by the passwordless vendor. Thus, there are some technical prerequisites that should be considered before selecting a Passwordless Authentication solution. These prerequisites are listed below:

Product Scalability

By carefully analyzing the product's scalability, your organization has the potential to grow and expand while being able to adapt to business changes in an agile and cost-efficient way. Along these lines, it is important to understand the architecture types of passwordless vendors to assess whether their solution will provide you with the ability to grow and meet your organization’s needs.

Passwordless Deployments

Despite the continued relevance of on-premises deployments, organizations are requiring more agile multi-cloud and multi-hybrid deployments that provide a gradual migration to the cloud. Your organization must have a clear vision on what deployment method (on premise, cloud, hybrid, etc.) would be more appropriate to the business needs and operations.

Support for Industry Standards

Success of passwordless implementation depends on the flexibility of the vendor to support both access and provisioning related industry standards and protocols. Therefore, support for all major Identity Federation standards, including SAML and OAuth can be beneficial.

Integration and migration from legacy systems

A common issue with legacy systems is the inability to remain agile and adapt to the new business models in an ever-changing world. In order to transition to a more modern architecture, organizations require high flexibility, SaaS solutions, API support, the use of container-based deployments and microservices among other things. Passwordless Authentication vendors thus provide a strong alternative for organizations looking to adopt cloud-based delivery of IAM services and wishing to replace existing legacy systems on-premises.

Technical Knowledge and Skills

You should have sufficient technical knowledge and skills to deploy and manage passwordless solutions. If there is a lack of these skills, then the vendor should have a training program to grow them or identify technical partners to provide these skills in the short term. Also, consider how managed services can be used in the absence of these skills.

Top 10 Prerequisites – Organizational

A successful passwordless vendor selection depends not only on the technology selected. There are also various organizational prerequisites that are important to consider. The following table lists the Top 5 organizational prerequisites.

Defined Process

Who administers the solution? Who guides the internal roadmap? Who liaises with the vendor? If employee/consumer accounts are breached, what is the appropriate response, and which department leads the external communication and remediation efforts?

Managing Stakeholder’s Expectations

As part of your internal IAM program management, it is essential to identify your key stakeholders and that their IAM priorities are satisfactorily met with the passwordless adoption. Provide your key stakeholders with a program roadmap and information on how their primary IAM requirements will benefit from adopting a Passwordless Authentication solution in contrast to the current or traditional systems.

Incident Response Team

Each organization needs a group dedicated to handling breaches and other security incidents. Each team member should have specific roles and responsibilities. This team handles initial responses, investigations, containment, remediation, and communication.

Security Awareness Training

Train users to avoid suspicious emails and attachments. Train responders how to investigate incidents, contain damage from events, and restore to a fully operational state.

Costs and Sustained Investment

Whether the passwordless solution is charged on a subscription or usage basis, it is essential to have the required visibility in users' usage patterns to calculate the ROI and make any necessary updates to the service subscription. Ensure that you have gathered the required organizational support on the initial investment and then engage the passwordless provider regarding your IAM requirements. It is vital to ensure that the supporting parties are committed to the passwordless solution's long-term success.