Cloud-based Identity & Access Management: build vs buy?

September 15, 2020

Hamish Ridland

Hamish Ridland

Head of Delivery, PingCloud

Which approach is better value long-term?

Identity and Access Management – IAM – is an essential part of every organisation’s efficient online operations. The question is, should you build your IAM system or buy a ready-made solution? 

The current benchmark for IAM is a seamless, secure experience: users have come to have high expectations in today’s online business context. 

Unfortunately, getting access to large companies’ products and services still requires customers and staff to traverse any number of back end systems built on disparate technologies.  To provide a seamless experience for customers, a global access authority is required that allows customers to log in once without the need to supply different usernames and passwords for every transaction.

SaaS options.

There are a number of IAM models that address the complex access management problem. Software as a Service (SaaS) allows you to start immediately and at a low cost point.  You can sign up for a few dollars per user, follow the documentation, and you’re on your way to a single sign-on experience that will delight your customers. SaaS solutions are great for greenfield development where the technology stack is modern and using the latest standards. SaaS caters for simple use cases, especially new technology, giving you speedy service with outsourced management. 


But what if the SaaS model doesn’t fit your enterprise? What if you can’t use a SaaS solution because of the complexity of your systems, or you need the ability to access data from your legacy systems via Single Sign-On? Couldn’t you build an IAM platform yourself? How hard could it be, right?

Is custom building your own IAM really an option?

There are multiple stages and levels of complexity involved in implementing a custom IAM system. Once you’ve identified the software you want, you then need to configure and deploy it.

After deployment, you enter the iteration and support phase. You’ll need to support multiple environments for development and testing, capture events and log data that is monitored and alarmed to support personnel to take action.  You’ll need automation to remove human error and provide repeatable and reliable no-downtime deployments.  Of course, you’ll also inevitably have to upgrade your platform over time. 

Every stage of this process demands the work and expertise of highly skilled developers and system designers. Each aspect and stage of the process will require different specialities and skill sets, too, so you’re going to end up with a big team, or hire a whole bunch of consultants.

Cloud and DevOps specialists are the most in-demand people in the workforce. They’re difficult to hire, because there’s a massive shortage of supply, and their salary rates and fees reflect that demand. Even if you manage to assemble a team with the right skill sets, these skills are in demand and you’ll be in constant danger of having your team members approached by recruiters. 

The new PaaS model IAM: costs and benefits compared.


PaaS IAM systems are cloud-based platforms, but unlike SaaS systems, they’re custom-designed and configured to the specific needs of each client. PaaS systems don’t require you to do any configuration or maintenance, the engineers supporting your system are the same engineers that built the software. This avoids the need to hire and train engineers yourself in a 3rd party’s software. 

A PaaS IAM platform doesn’t require you to spend capital on up-front development or licensing, infrastructure and there are no hidden, maintenance and upgrade expenses allowing you to work to a fixed budget. 

Let’s compare the relative costs of DIY systems and PaaS IAM. The Total Cost of Ownership – TCO – IAM system breaks down into three major components:

  • product licensing costs,
  • development and implementation costs,
  • operational & maintenance costs.

A PaaS combines your product licensing and operation costs into a fixed fee and also immediately eliminates development and implementation costs, because the platform is ready to work as soon as you turn it on. PaaS systems also massively reduces your time to value as the platform is ready to onboard your apps straight away.

The timeline above shows the dramatic time, and cost savings PaaS IAM bestows, compared to a typical DIY in a public cloud such as AWS.

PaaS is efficient and cost-effective.

PaaS saves your organisation time and money up-front by avoiding the costly development process of DIY systems and provides a more flexible platform to accommodate complex environments.  The PaaS subscription model also includes regular iterative updates, so your IAM software is always current within vendor support and patched against the latest security threats. 

Rather than reinventing the wheel, PaaS gives you a solution built on hundreds of prior implementations, so the bugs are worked out before you get started. Using a PaaS platform, you can invest your IT budget and talent into projects that enhance your core product offering, and consume your IAM needs as a service.

IAM isn’t simple but done the right way it bestows a competitive advantage on your business.  If you’re struggling to decide between buying or building, we’d love to help you figure it out.
Versent is a market leader in IAM and PaaS solutions. Our innovative IAM products like PingCloud will give you the sophisticated IAM services you need with optimal cost-efficiency, and help you avoid unnecessary headaches.

If you’d like a demonstration of our products, or you’d like to learn more about PaaS IAM and how it can streamline your business, please get in touch with Hamish Ridland, Head of Delivery, PingCloud: hamish.ridland@versent.com.au.