Handling Identity and Access Management processes manually can be time consuming and expensive, but improvements can achieved via commercial products and cloud-based offerings.

Cloud-based Identity and Access Management is the best option for enterprises provided it meets all requirements, according to Andras Cser, principal analyst serving security and risk professionals at Forrester.

From a cost standpoint, he sees cloud-based offerings as clearly superior with an estimated 310% return on investment over manual Identity and Access Management solutions.

Cser co-authored the Forrester report, “Use Commercial Identity and Access Management solutions to Achieve More Than 100% ROI Over Manual Processes.” It examines the various Identity and Access Management methods in an effort to determine comparative costs and benefits for each.

Building an in-house system might seem like a good idea at first but the costs can add up rapidly. He reveals that homemade solutions are nearly 30% more expensive than commercial off-the-shelf Identity and Access Management systems and a staggering 85% more expensive than cloud solutions.

Cser offers a disclaimer to the findings of the Forrester report, stating that only after an enterprise has defined metrics can the cost model be used effectively. “These metrics include things like the cost of a call at a help desk or time wasted by users waiting for the help desk to reset their password,” explains Cser.

This resulting cost model should serve as an effective decision-making tool for organizations considering their Identity and Access Management options. The model accounts for four distinct scenarios:

• Manual solutions
• Homemade/in-house solutions
• Commercial-off-the-shelf solutions
• Cloud-based solutions

To further break down these four solution options, the team at Forrester took into account seven different cost categories:

• Infrastructure
• Personnel
• Security
• Help desk identity administration
• Access request submission/approval
• Attestation and Compliance
• Business agility/Identity and Access Management as a business enabler

Manual Identity and Access Management

There remains a significant reliance upon manual Identity and Access Management processes; in fact, Forrester estimates that some 60-70% of organizations find themselves in this category.

Manual solutions are aptly named, requiring personnel within the organization to manually conduct Identity and Access Management tasks. This could mean that users must call a help desk to reset a password or obtain a new or different level of access. These processes often require paperwork and lengthy reviews of user access permissions.

Simply put, manual solutions are inefficient. The trade-off, however, is the low up-front cost. But as the user population increases so too do the cost of manual processes. This makes manual Identity and Access Management a viable solution for small operations, but larger firms should look elsewhere.

In-House Identity and Access Management

In-house or on-premises solutions see an organization build its own Identity and Access Management solution, often burning through considerable resources in the process.

It can be a dangerous game as in-house solutions must be well documented, designed and constructed correctly. Forrester estimates that the expense of an in-house Identity and Access Management initiative can cost anywhere from 50-150% more in maintenance and development labor than other options.

The draw for in-house solutions, as Forrester sees it, is that they are completely controllable enabling a company to implement a solution that does exactly what it wants.

Commercial off-the-shelf Identity and Access Management

At the other end of the spectrum from in-house lie the commercial systems. These carry recognizable brand names like CA, NetIQ, IBM, Oracle and Quest and can be great for automating Identity and Access Management processes.

The product licensing and maintenance fees, according to Forrester’s estimates, range from $15 to $50 per user. The performance, however, is often far superior to in-house systems.

Additionally, some users find that the licensing and maintenance costs are offset by lower labor costs. Forrester cites a potential 40% reduction in labor costs using off-the-shelf solutions.

As the Forrester report points, however, the down side is that infrastructure costs often increase. Additionally, commercial solutions tend to require long term contracts, are expensive to replace and rigid in terms of what the customer can add.

Cloud-based Identity and Access Management

Forrester sees great promise in cloud-based Identity and Access Management solutions both in terms of cost and return on investment. With an estimated $100,000 up-front cost and monthly subscription of $4 per month per user, Forrester posits that cloud solutions can bring as much as a 90% reduction in operation and personnel costs.

The advantage of cloud-based Identity and Access Management begins with low maintenance and labor costs. It continues with pay-as-you-go billing benefiting the organization as they only pay for active users. As a future-proof advantage, Forrester explains that cloud Identity and Access Management is a viable stepping-stone toward federated Identity and Access Management because the cloud provider can also act as a trusted go-between for client networks.

At present, however, cloud solutions have a tipping point of roughly 10,000 users. Beyond this level the organization’s need for customization often eclipses the cost benefits offered by the cloud system.

Making the choice

While cost is always a concern, Forrester makes clear that anything is better than manual processes and for those organizations looking for strong return on investment, cloud-based Identity and Access Management is the best bet.

Ultimately, Forrester explains that the key for those looking for a new solution is to first know the needs and metrics. By establishing a strong understanding of an enterprise›s situation, an organization can select the solution that suits its needs now and in the future.