Business decision-makers often balk at updating their identity and access management (IAM) system, partly because of a fundamental misunderstanding of what IAM actually is. To be fair, it’s easy to confuse IAM with its most visible element: the login box. But in reality, the login box is to identity management what a light switch is to your home’s electrical system. IAM encompasses a complex set of functions that touch nearly every aspect of your business and have a measurable impact on your bottom line. Leaving an outdated IAM system in place — whether you’re managing the identities of employees, business partners, or end customers — is both costly and dangerous.
The alternative to living with this faulty wiring is to replace an in-house identity solution with a third-party system built by experts in the Identity as a Service (IDaas) field. A modern IAM solution can provide both a quick business win and long-term value by decreasing costs, increasing revenue, and making businesses more adaptable in a shifting technological and legal landscape.
Modernizing Identity Reduces Maintenance Costs
Businesses that are reluctant to invest in IAM are often unaware of how much money they’re already spending on it. Maintaining an outdated, decentralized IAM system is usually a full-time job for at least one developer. In addition, dealing with identity-related issues such as lost passwords takes up the majority of your support desk’s time.
The maintenance costs of in-house Identity are high even if we only define “maintenance” as keeping the existing system running so users can log in and access resources. When businesses improve their custom IAM systems, those costs skyrocket.
Auth0 customers regularly report that if they attempted to build our features themselves, it would take an entire team of developers. For example, Gymshark saved £900,000 per year in engineer salaries when they enlisted Auth0 to centralize authentication across their apps.
The reason it’s so challenging for companies to update IAM in-house is simply that legacy, and in-house identity systems weren’t designed to do everything that modern IAM platforms can do. A startup can get by with a simple approach to IAM if all they’re doing is managing logins for their small team of employees. But that approach doesn’t scale well, especially if the company also wants to manage the login process for its customers. So when that business moves past the startup stage, and it acquires another business, their Identity needs become dramatically more complex. How will they migrate both sets of employee data to a single system when their IAMs don’t naturally integrate? How will they control access to sensitive data during the transition period, when employees are leaving and joining the business? Trying to answer these questions yourself costs time and resources, can derail important M&A deals, and erodes the experience for external users in a context where customer experience has a direct impact on the bottom line.
Identity Is Critical to Legal Compliance and Security
If you don’t invest in a sophisticated, secure identity solution, then you’re essentially budgeting for regulatory fines and the myriad costs associated with data breaches. Given the rise in global data privacy laws and cyberattacks, the chances that you will be impacted are only increasing.
Identity-based attacks are a pervasive threat
Today, hackers the world over use authentication as their preferred gateway to attack. Verizon’s 2020 Data Breach Report found that the most common forms of data breaches are identity-based: phishing and attacks using stolen credentials. These broken authentication attacks mean huge expenses for businesses, in the form of application downtime, lost customers, and IT costs. The Ponemon Institute reports that a company that falls victim to a credential stuffing attack stands to lose an annual average of $6 million (about 4.6 million pounds or 5.1 million euros). Thwarting these attacks requires IAM features such as brute force protection, multi-factor authentication (MFA), and rigorous access control.
Identity is at the center of data privacy laws
The General Data Protection Regulation (GDPR) made data privacy a major issue for companies in the EU and around the world, and much of what it sought to regulate concerned managing access to personal data. Many of the biggest GDPR fines have been issued to companies that lacked adequate access controls or failed to protect user credentials.
Since GDPR’s passage, more countries have passed laws of their own, and today, we live with an ever-evolving patchwork of international data privacy legislation. This state of affairs will only increase, which makes compliance an ongoing challenge. According to Gartner, “By 2023, 65% of the world’s population will have its personal data covered under modern privacy regulations, up from 10% in 2020.”
When the European Court of Justice (ECJ) struck down the EU-US Privacy Shield framework in July 2020, it highlighted how these laws can change overnight and cause severe business disruption. Businesses that invested huge sums to make their in-house IAM Privacy Shield-compliant are now faced with the daunting prospect of another overhaul with Schrems 2. But IDaaS providers like Auth0 were prepared for the change, so their customers can continue doing business, uninterrupted.
IAM Unleashes Innovation
For better or for worse, your company’s IAM platform will impact your ability to innovate. This happens in two ways. The first is simple: Every hour your developers spend on authentication is an hour they’re not improving your core product.
Most companies are familiar with this logic when making other decisions about building vs. buying microservices. For example, Auth0’s research found that when companies need to incorporate a payment tool in their app, only 26% build it themselves. The other 74% use a software-as-a-service SaaS solution like Stripe or Paypal. The same logic holds true for authentication.
Companies can reserve the resources they save on IAM and devote them to innovating. For instance, Auth0 customer Signify was able to reinvest 4.8% of their sales in R&D, an investment they otherwise would have spent on authentication. According to Etienne Bertou, Signify’s principal cloud architect, “When you work with a partner like Auth0, it takes a lot off of your roadmap that should not be the focus of your R&D teams.”
Aside from freeing up resources, an IAM system can drive innovation. For example, consider the impact of centralized Identity on improving analytics and customer outreach. When a single IAM provider handles user authentication across devices and integrates seamlessly with every other system, it de-silos data to create a single source of truth about users. This idea is the heart of an omnichannel approach to retail and marketing.
Streamlining authentication also improves UX and shows users that they’re dealing with a cutting-edge business. After all, the login box is where you make your critical first impression with customers — and they’ll quickly be turned off by cumbersome form fills. When Auth0 customer Arduino introduced social logins, they increased conversions by 20%, proving the value of a modern authentication experience.
Identity Is Central to Your Business
It’s always important to make sound investments in technology, and particularly in a moment of global uncertainty. But having a secure and extensible IAM solution is one of the best defenses against that uncertainty because it makes businesses more capable of adapting to change.
Moreover, IAM is already affecting your bottom line, even if some of that impact only becomes visible when something goes wrong. Instead of waiting for an IAM emergency, start calculating all the ways your approach to Identity impacts your business. You’ll soon learn whether it’s working as a cost or as an asset.
About Auth0
Auth0 by Okta takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.
About the author
Steven Rees-Pullman
General Manager EMEA