Any company with an online presence will, at some point, face the decision of whether to build identity services in-house or have them provided by an external, third-party vendor. In the past, it was possible to argue for the benefits of either approach. But recent acquisitions of major Customer Identity and Access Management (CIAM) providers highlight a growing trend: identity solutions are becoming a crucial component in the architecture of many digital businesses, and relying on in-house expertise may no longer be enough to keep up.
Identity and Access Management’s Growing Importance
Even the most basic user information, if exposed, can be utilized by sophisticated, automated phishing campaigns to gain expanded access to a user’s sensitive data. The number and variety of online security concerns increases daily, and the cost of data breaches continues to grow. The rise in breaches has triggered an increase in regulatory oversight, including the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act, making protection of user data a primary concern. The majority of digital businesses do not have the in-house expertise to stay on top of compliance requirements.
For Akamai Technologies, the solution to this challenge was the acquisition of CIAM pioneer Janrain. On Monday, January 7th, Akamai announced they would be integrating Janrain’s Identity Cloud into their Intelligent Edge Platform, providing CIAM services to Akamai’s enterprise clients. With this acquisition, Akamai also hopes to gain more visibility into online customer behavior, which could be used to drive improvements to their bot management and threat intelligence offerings.
Enterprise users of Akamai will benefit from the new capabilities, but it remains to be seen whether Janrain’s CIAM solution will remain a good fit for all businesses. As we discussed with SAP’s 2017 acquisition of Gigya, when choosing an IAM provider, it’s important to understand if identity and security are the core competencies of the company. SAP’s stated goal with the acquisition of Gigya was to enrich customer profiles for effective targeting in marketing, sales, and service approaches. This is a different end use than Akamai’s, but the value provided to the acquiring companies and their enterprise customers with the addition of an IAM solution is the same: trusted technologies for establishing a user’s identity and preferences. The value to businesses looking primarily for an identity provider is less clear, as the companies providing these services no longer have an identity focus.
The Evolution of Build vs. Buy in IAM
For both Akamai and SAP, the build vs. buy decision became irrelevant — through acquisition, they maintained full control of their IAM capabilities without having to build them from scratch. But acquisition isn’t an option available to most businesses.
Luckily, the possibilities are not limited to building from scratch or outright acquisition. Many Identity as a Service (IDaaS) providers offer extensive customization capabilities. This extensibility gives businesses a great degree of control over the look and behavior of their access solutions. Customizations range from simple things, such as branding the login page to match the company website, all the way to rules for handling advanced authorization logic. A flexible IDaaS solution may also offer options for integrating with external services, custom databases, and other identity providers, allowing businesses to maintain existing capabilities while still delivering a seamless customer experience.
These capabilities bring the conversation away from the build vs. buy dynamic and towards a buy plus build future: buy core Identity and Access Management capabilities from a trusted, independent IDaaS vendor, and build the pieces you need to fit your business. With a buy plus build model, the cost and time required to implement and maintain an identity solution can be kept to a minimum without sacrificing flexibility. And as compliance and security requirements change, IDaaS customers will benefit from updates to the service as a whole, freeing time and resources to focus on business needs.
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding more than 4.5 billion login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.