When it comes to identity governance, how do you know what’s best for your business? Weighing the pros and cons of best-in-breed vs. platform
When it comes to identity management security tools today, there are two main camps: best-of-breed and platform. When choosing between best-of-breed solutions and integrated platform solutions it's important to weigh their respective advantages and disadvantages. In order to perform a thorough analysis, it’s recommended to have a firm grasp of your organization’s objectives, maturity, priorities and capabilities -- for example, whether your organization can effectively manage multiple vendors, or whether your organization would benefit from a platform approach that may be too broad for your complex needs.
You could think of it in terms of buying a car. Having a high-end car may seem attractive, but it comes with additional challenges and responsibilities. You can only choose what's best for your organization once you've taken a realistic and accurate look at your organization, its skills and its needs.
What a platform approach offers (and doesn’t)
A platform approach can be very appealing for several reasons; perhaps the biggest plus side is cost savings. It can be cheaper to work with one vendor for multiple needs, especially if it’s a vendor your organization is already working with for other needs. This approach can also save the trouble of having to perform multiple integrations with other tools like Privileged Access Management (PAM) and Identity Governance and Administration (IGA). The operational costs related to running Identity services as a platform may also be lower.
If an organization already has an established relationship with a platform vendor, a platform may enable them to license additional modules without having to go through the process of evaluating a whole new vendor. There's also the possibility of a consistent look and feel across the tools, which can improve the user experience. The platform may often offer a support channel and additional learning tools, too.
However, cost isn’t everything and sometimes, what you see isn’t really what you get. What appears cheaper initially may not be in the long term. Even if it is cheaper, it may not always be the best choice for a few other reasons.
What a platform purports to make available may not be exactly true, so careful evaluation is key. For example, acquired technology in a platform play may not be consistent yet, as it’s still being integrated into the platform. Integrations can sometimes take a considerable amount of time, even years, and this is becoming more common as market consolidation continues. And one-size-fits-all is not always sufficient. The depth of functionality is often not equivalent -- or not consistent -- across the platform.
Take a platform that offers access management (AM), identity governance (IGA) and privileged account management (PAM). The vendor may have a specialized focus in one segment, while the other capabilities are less mature. They may be bolted-on in a way that still requires additional work to integrate them with your existing services. Again, this all underscores the need for thoroughly evaluating the offerings and purported integrations.
Then there's the issue of dependency. Imagine having all your identity-flavored eggs in a single basket. If a platform vendor is breached and you’re using multiple modules they offer, that could expand your risk.
Examining the best-of-breed option
A best-of-breed approach can enable organizations to build their technology stack with the most appropriate tools that serve specific purposes. As a result, you can configure it to your unique needs and this can often result in deeper coverage, with more benefits to your business. Integration capabilities are most likely to be deeper and much more likely to meet your criteria if you're a larger organization with complex workflow needs.
Adopting best-of-breed also means you can select tools from vendors that are specialized in specific areas rather than having to choose from more of a generalist. For instance, IGA vendors offering best-of-breed solutions typically have deeper experience in this domain and may be able to offer more relevant expert advice and best practices, leading to faster time to value. This approach also offers greater agility and fewer dependencies; a best-of-breed solution will also likely innovate faster in its roadmap and be easier to integrate with your existing security and application landscape. Finally, the best-of-breed vendor is focused on their core capability, which leads with fewer distractions for their product and management teams.
That said, a best-of-breed approach isn’t for everyone. Maybe your organization doesn’t have the resources needed to ensure all of these different pieces work together. Maybe you just need something you can count on to get the job done well enough, or maybe vendor consolidation and management is a major challenge.
Four decision points
When deciding what is best for your organization, here are four things to consider:
Size and scale of your organization -- Are you limited to one physical location, market or geography? Do you have a complex number of target applications to be managed? Is yours a large, international organization with complex workflows and changes in staffing from M&A, temporary staff and/or different identity types?
Requirements and goals of your project -- Do you require a light-touch approach to compliance and user access rights, or are you in a highly regulated industry that requires specialist capabilities?
Vendor onboarding -- Do you have an existing relationship and deployment of a platform that solves your needs, but you've not yet deployed? How easily can your organization evaluate and onboard a new vendor while maintaining that vendor relationship through project delivery? If you go through an existing relationship, that can lead to vendor lock-in, which can sometimes cause problems.
Agility and ease of use -- Was the platform you’re evaluating born with extensibility and integration in mind, or was it born to serve a single platform-focused delivery? Is it "platform in name only"? There's often a lot of talk about “better together,” but does this really exist, or are you buying into a future roadmap wish list?
The choice between best-of-breed and integrated platform solutions depends on the organization's specific needs, priorities and capabilities. It's about balancing the desire for flexible functionality and innovation against the need for simplicity, consistency and cost-effectiveness traded off against reliance on a single supplier.
A best-of-breed approach for improving IGA
Managing identity permissions across a hybrid landscape is a specialist activity; if not done correctly, it carries risks that directly affect business outcomes. Best-of-breed solutions have been built with years of successful outcomes baked in. Best-of-breed solutions offer in-depth, specialized services that are hard to come by in generic, one-size-fits-all solutions. Organizations today need the agility and flexibility to adapt their security posture to the rapidly changing state of their business environment.
There's a risk that a generic platform will prevent you from reaching your security goals. Tread carefully, talk to other customer references that have already been on a similar journey, and appreciate the complexity and fast-moving nature of the threat landscape.
When organizations choose best-of-breed, they do so for its ability to ensure delivery of their requirements in a rather rapid timeline. This is something that’s found in the best-of-breed solution with a long history of delivery. Platforms tend to offer basic services or managed services that are not geared toward customers who want to manage IGA themselves once it’s deployed successfully and they have been properly trained.
Weighing the options
The choice between best-of-breed and integrated platform solutions depends on your organization's specific needs, priorities and capabilities. It's about balancing the desire for specialized functionality and innovation against the need for simplicity, consistency and cost-effectiveness. Consider the decision points and information discussed above to help you decide what will best serve your organization.
Image Credit: Tero Vesalainen / Dreamstime.com
Paul Walker is field strategist, Omada.