The Identity and Access Management (IAM) industry has historically experienced cycles, transitioning from adopting multi-software solutions to favoring comprehensive IAM platforms. Before we explore this subject, it is beneficial to clarify what we mean by multi-software solutions and comprehensive IAM platforms.
For this article, we consider comprehensive IAM platform solutions that encompass the majority of IAM functionalities needed within a single vendor solution, except for Privileged Access Management (PAM). These platforms aim to provide a broad and total approach to managing identities and access, streamlining processes and reducing the complexity associated with handling multiple systems. These solutions are often SaaS-based, with an equal On-premises based counterpart. But even those on-premises counterparts often still need a part of the SaaS solution to unlock their full potential.
Meanwhile, multi-software solutions focus on a segmented approach. This means utilizing separate solutions for different aspects of IAM, such as identity management, access management, and Cloud Infrastructure Entitlement Management (CIEM). Each of these solutions operate independently, requiring integration efforts to ensure cohesive functionality across the IAM landscape. Some of those software solutions only have an on-premises part and do not come with an SaaS counterpart.
Observing the current market trends, we are entering a significant phase largely marked by big consolidated IAM platforms. Major vendors are making substantial acquisitions, which increasingly challenge the competitiveness of multi-software solution stacks.
Let’s consider the advantages and disadvantages of both types of systems. Furthermore, we’ll look into the decision criteria that can help to find the best solution for your business. One area that we will not go into is the problems surrounding using the same system for both internal and external workforce. As this is a problem that is present either way on both systems, we will tackle this later in a different post.
Specialization vs Rigidity
When discussing the choice between a comprehensive IAM platform and a multi-software approach, we inevitably meet the debate of specialization versus rigidity. The multi-software approach often provides a higher degree of specialization, reflected in an increased number of possible features to be utilized in a high maturity environment, and closer fit with existing IAM processes compared to a comprehensive IAM platform solution. This makes the multi-software approach more suitable for organizations with IAM processes that are challenging or highly costly to streamline into standardized procedures.
However, we believe that no process is truly impossible to streamline into a standardized solution, though it can be quite tricky to align all necessary levels to achieve this standardization. Comprehensive IAM solutions offer solid foundations for their setups and processes, which can make your IAM stack much easier to set up and maintain compared to the customized or numerous integrations required for multiple separate solutions working together.
Implementation & Integration time
A significant factor for many organizations when choosing between a multi-software approach and a comprehensive IAM platform is the implementation time of the new software into their ecosystem. Organizations often anticipate a longer project timeline with a multi-software environment due to the complexity and interconnectivity required for the environment to function correctly. In contrast, those opting for a comprehensive IAM platform benefit from pre-configured and pre-connected components, such as Identity Manager, Access Manager, and Directory Services, with all necessary connections and basic workflow paths already set up. This typically results in a shorter go-to-launch timeline compared to a combination of multiple tools. Implementation and integration using a comprehensive IAM platform usually gives a faster return of investment compared to a multi-software approach.
User training & Adoption Time
Another important consideration when choosing between a comprehensive platform and multiple tools is the time required to train your helpdesk personnel, administrators, and users. The duration it takes for them to become proficient with the tools is a significant factor as well.
In many cases, companies that opt for multiple-tool deployment experience longer user training and adoption times compared to those using a comprehensive IAM platform. Comprehensive platforms often have user experience and workflow paths integrated into the software from the start, making it easier for users to navigate and perform actions efficiently.
A disadvantage of the multi-software deployment approach is the need for users to interact with various components individually, as opposed to a comprehensive user interface provided by a single platform.
Support
An important but sometimes overlooked aspect in the decision-making process is determining the level and level of support you will receive for your IAM systems. If you opt for a multi-software approach, you might encounter issues that arise between the different platforms you have chosen, making it challenging to receive support for these problems. Often, the support personnel for one tool may be unfamiliar with how another tool interacts with their system, complicating the resolution process.
In contrast, with a comprehensive IAM platform, you have a single point of contact for support, which simplifies the process of addressing issues. Problems are typically localized to the product itself, making it easier to receive straightforward and effective support.
Future proofing
A last point to consider is how future-proof a potential solution or product is, particularly in terms of upgrade cycles and features. When we talk about features, we often refer to advancements such as Machine Learning AI capabilities or Identity Threat Detection and Response (ITDR) integrations. But these can also be advancements into processes or flows that become available on platforms to further support certain industries or markets.
The upgrade cycle also varies depending on your choice of programs. Comprehensive IAM platforms often provide bundled maintenance upgrades, ensuring that all components are updated simultaneously. In contrast, with multi-software setups, where you might encounter situations where you need to delay patching one product because another product has not yet completed its bug-fix cycle. This can result in the need for multiple maintenance windows instead of just one, complicating the upgrade process.
Besides the actual upgrade cycle, feature roadmap is another important pillar on which companies often make decisions on for what to go to. Comprehensive IAM platforms often have a very broad feature range that they deliver to their customers as to be as generic as possible. While software used in multi-software environments often try to focus on a certain section of the market and tailor their features more towards that market. However, some of these have started a shift as well into becoming more of a comprehensive IAM platform.
Conclusion
Both multi-software setups and comprehensive IAM platforms can make sense for corporations, depending on their specific use cases and organizational needs. The decision largely hinges on factors such as the complexity of IAM processes and the unique requirements of the organization.
Some factors, like the availability and capacity of developers, can also play a significant role in this choice. It's important to make a well-considered decision on the direction your organization should take. Trying to make or justify this decision can be tricky. We encourage you to reach out to see how we can help your organization define the next steps of its IAM program.
In terms of long-term strategy, the trend of vendors evolving into a one-stop identity platform is not going to stop anytime soon. Going with a financially stable and technically sound vendor will become crucial. Financial distress is an important decision factor, given an IAM solution will easily run for 10 to 15 years in your organization.
For now, we see only a couple of mature IAM players left in the market: SailPoint, Omada, Saviynt, OKTA, Microsoft, and CyberArk. Most others are currently challengers or have potential financial due diligence objections.
Author: Sébastiaan Verheyen, Advisor
Explore
Connect with us
- Find office locations kpmg.findOfficeLocations
- kpmg.emailUs
- Social media @ KPMG kpmg.socialMedia