Choosing your IAM Service Provider

It took some time, but your enterprise has finally caught onto one of the manymany reasons for contracting out to an expert IAM service provider. Now comes the challenge: making your choice of which provider fits best for you. Though IAM services can (and most likely will) save you immense amounts of money in the long run, it is a sizeable investment you want to get right the first time.

When you seek out your ideal IAM service, you need to ask three questions of every potential provider. Do they offer MSS (Managed Security Services) across the entire identity ecosystem, what percentage of their total business is MSS, and what are their industry-recognized qualifications? If you answer these questions, your identity service provider will implement a secure system and remain your trusted identity manager for years or even decades to come.

Does the IAM Service Provider cover all four IAM Pillars?

Perhaps you want your search for an IAM service provider to be a smaller affair. Surely your potential service only needs to cover your immediate needs. After all, you can always bring on new services as needed, right? This mindset sets you up for a great deal of avoidable pain. Don’t contract out to multiple services offering different solutions instead of going with a single provider who handles the solutions end-to-end. Enterprises who attempt this approach almost always regret it. When you bifurcate or even trifurcate identity across multiple services, spending gets hard to track and can even get hidden entirely. A single service makes it easy and manageable.

Randall Fields, Vice President, Simeio, has seen far too many cases of “too little, too late,” in companies looking to remediate a pre-existing problem that could have been avoided. “Most companies don’t practice preventative identity spending,” he says.  “It takes a near miss to make them appreciate the importance of full MSS coverage.” Therefore, you need to make sure that the solutions offered are scalable and applicable to all areas of your identity fabric.

Ask if the provider offers services for AMPAMCIAM, and IGA. What is their average implementation time for one pillar of IAM? Do they offer volume discounts for larger businesses? Even if you just want a solution to an ongoing problem, do yourself a favor and select a provider capable of adding coverage instead of referring you elsewhere. When you try to juggle a different IAM service provider for each pillar, you’re making company growth a headache instead of a cause for celebration.

What percentage of their portfolio is MSS?

After establishing that the IAM service provider’s capability to keep up with your identity fabric, gauge how much of a stake they have in your success. You should be looking for an identity expert, not a dabbler with identity on the periphery. Thus, they must prove themselves as invested in your goals and anticipate your future needs.

An IAM service provider recognizes that identity solutions never stay in one place. A problem with AM leads to problems with CIAM, an inefficiency in IGA slows down PAM, and shoddy PAM endangers everything else. You need a provider with the portfolio percentage to back up the breadth of their experience. Their solutions must target the problem, not the symptoms prompting your search. Use online resources like GlassdoorZoomInfoGartner, and Forrester to gauge how the company measures up in the identity sector.

Ask what percentage of the IAM service provider’s portfolio is focused on MSS. How many of their non-MSS offerings focus on identity? How many total identities do they manage and for how many clients? In many cases the IAM service provider’s big-name clients can’t be disclosed online. However, a representative might share their most impressive clients when face to face. The rest should be accessible, and easily accessible, online. A well-equipped company makes easy access to case studiespartner lists, and representative contact a top priority. Never underestimate the worth of a company that works at being the best in a niche market. A market becoming less niche with each passing year.

How qualified is the IAM Service?

Along with assessing the breadth of an IAM service provider’s achievements, you must investigate how deeply their qualifications go. Start with their account tenure. If a provider has an average account lifespan of just 18-24 months, then you can guess their clients don’t stick around long and the service lacks performance. Conversely, if their longest account has been ongoing for two decades, then you know they must be doing something right to retain the client.

Internal use of their own products and services serves as another strong indicator of competency. Termed “eating their own dog food,” by Randall Fields, this shows their trust in what they sell. Externally, you should consider their NPS (Net Promoter Score) as a sign of customer satisfaction. If at least 25% of their clients rate them a 9 or a 10 out of ten, you’ll know they’re reputable. Testimonials, business reviews, and publicized success stories are the mark of a worthwhile IAM service candidate.

Ask your prospective IAM service provider to quantify their qualifications. What are their industry recognized certifications (e.g. SOC2, GDPR, ISO2700x)? Do they provide ongoing certification services to their clients? Can they give you an accurate assessment of the ROIs you’re likely to observe from engaging their services? Typically, outsourcing your identity management to an outside firm should be 20-40% less expensive than attempting an internal homegrown fix. The deciding factor in these savings is expertise. Outside experts know how to not reinvent the wheel and implement the most efficient, secure, and scalable solutions possible.

Contact an Identity Advisor now and see how Simeio answers these questions!