What The Blueprint looks for in great identity management software
The best IAM software includes a standard set of must-have features, one-on-one customer support, and transparent pricing. You must do your research, however, as the devil is in the details in these three areas.
Any IAM software you use should include these features:
- Single sign-on (SSO): Users log in once to a single interface to access multiple third-party software applications or websites.
- Multi-factor authentication (MFA): Users provide secondary information such as answers to security questions, OTPs, or biometric information to validate login credentials.
- Password management: IT admins define and enforce automated policies for password strength, banned passwords, and user-generated passwords.
Other useful features include:
- Contextual authentication: AI calculates the risk of each login to apply MFA case-by-case.
- Mobile apps and browser extensions: Users access their SSO portals with apps and/or browser extensions to enhance the user experience.
- Company and personal password vaults: Allows users to have personal password vaults combined with company vaults to reduce the frequency of reused passwords.
Most IAM software has self-service resources such as a knowledge base, product documentation, and community forums.
The most critical feature, however, is one-on-one technical support. If you have a significant problem with your IAM software, all your employees and customers could be locked out of your network. You won't have time to comb through endless web pages looking for a solution; instead, you need direct live chat or telephone support to get back online ASAP.
Accurate pricing is key. Even if your initial price per user looks attractive, that can change quickly based on minimum annual contract costs, necessary add-on features, and different plans with widely varying feature sets.
Customer support can be another significant cost. Windows Azure Active Directory customer support will likely be at least $1,000/month for business-critical environments, while Google Cloud Identity includes 24/7 telephone and live chat support in its price per user.
How your business can benefit from using identity management software
Beyond its baseline cost, IAM software can require significant upfront work from your IT department to implement, and users must jump through extra hoops to securely log into your network. These initial costs and inconvenience will be worth it, however, as you achieve multiple, far-reaching benefits.
After your products and services, your most valuable assets are digital: business records, financial information, and customer data. Compromised passwords result in 81% of hacking breaches, but MFA blocks 99.9% of these attacks.
Overarching benefits include streamlined incident response protocols, endpoint detection and response (EDR), and the production of a granular network diagram. If you have a dedicated network security operations center (SOC), IAM user, login, and activity reports contribute directly to your identity management processes.
The cost of data breaches varies by country and industry, but in 2019, the average cost globally was $3.9 million per breach, which works out to $150 per compromised record. Avoiding even a single data breach can cover your IAM costs for several years.
SSO saves money by reducing the time employees require each day to log into multiple applications. Sure, this isn't that much on any given day, but recent statistics show it works out to 12.5 hours saved per employee per year. If you have 500 employees with an average salary of $50,000, you'll save over $155,000 annually.
This amount further increases when factoring in another time-saving feature: password self-management features that don't require IT department intervention. Each password reset performed by your IT department, for example, costs $7 to $10.
Improved IT department productivity
Greater IT department efficiency is another benefit. Okta says its automated IAM tools reduce routine IT department help requests by 50%. This doesn't mean your IT techs have more time to sit around debating the relative merits of Star Wars versus Star Trek. (FYI: Star Trek is the best.) Instead, they can put more effort into higher-level activities that maintain and protect your IT infrastructure.
Why do I need identity management software?
Your company's network footprint is continually increasing as more employees, devices, and applications connect to it. Every employee password, piece of hardware, and login screen is a potential entry point for hackers. The average cost per data record breached in 2019 was $150, which equals $3.9 million per hack.
Most of these breaches resulted from compromised login credentials, so the real question is this: Can you afford not to have robust access identity management?
Basic IAM tools and feature packages range from $2/month per user to $15/month per user. Some plans, such as Okta, have a minimum annual contract amount or demand a minimum number of users. Exercise due diligence to determine your true cost for the exact features you need. Standalone IAM providers, such as OneLogin and LastPass, rarely steer users toward tangential add-on features as Microsoft and Google do.
Customer support costs can vary widely. If you use Windows Azure Active Directory, you'll likely pay $1,000/month for 24/7 telephone support, while Google includes 24/7 live chat and telephone support in its $6/month per user subscription price. What's right for you depends on your business's anticipated support needs and your IT department's expertise.
What kind of support can I expect?
All IAM providers have a common set of self-service resources: knowledge bases, product documentation, and community forums. With a couple of exceptions, however, you'll pay more — sometimes significantly more — to access one-on-one chat, email, and telephone support.