Understanding Deployment Options When Evaluating CIAM

Keith Graham
Keith Graham
  • Jun 11, 2021
  • 4 min read

As we continue to discuss the top reasons to consider using a CIAM platform, this blog focuses on the good and bad of the different deployment options that are available.

On-Premises CIAM

Any on-premises CIAM application, like any application within the enterprise, will either require physical hardware or can be virtualized and operated from any supported virtualization platform. Depending on where a brand chooses to operate and where they host customer-facing applications, additional instances of the on-premises CIAM application or appliance may be required in different data centers across regions. This may even be a requirement simply to maintain a high availability environment for customer-facing applications. Any dependencies on the Operating System on which the CIAM application is based may add additional operating system license or support costs and require additional expertise.

Hosted CIAM

Hosted CIAM describes the approach where an on-premises CIAM application is hosted using a shared-computing approach such as on Amazon Web Services or Azure. This approach is often offered by the CIAM application vendor where they may shoulder the burden on operating, managing and monitoring the underlying operating system and any CIAM application or services that they're providing. While this 'cloud-washed'/managed services approach may remove some cost and risk otherwise associated with an on-premises offering, it doesn't provide the necessary advantages commonly gained from native cloud computing approaches such as elasticity (the ability to scale as needed and in a cost-effective manner) and resiliency through high-availability to ease of geographic distribution. This approach also may not benefit from some of the ease of receiving CIAM updates to the CIAM services themselves.

IaaS and PaaS That Provide Some CIAM Functionality

Many IaaS and PaaS providers have some IAM functionality that brands may look to use to solve some basic problems for their customer facing applications. While it may seem desirable to use these on-demand, cloud-delivered IAM capabilities from the same offering/development ecosystem, they're already being used for IaaS and PaaS. The reality is that this approach may fall short on providing the full depth of functionality and supporting advantages that a CIAM platform can provide.

Brands also may have little to no control over where and how their customer data is being stored. Data Residency is becoming more important with the ever-increasing responsibility to comply with local regulatory requirements and data protection laws. This can leave brands at a disadvantage to their competitors who may be using a fit-for-purposes CIAM service.

Lastly, this approach often results in far more home-grown glue and in-house development than may have originally been intended when starting to use this type of capability. Brands looking to use IaaS and PaaS offerings to solve CIAM problems for their customer facing applications should carefully evaluate the capabilities on offer and scope the true cost of integrating and maintaining this approach.

Cloud-based CIAM Platform

Finally, let's discuss Cloud-based CIAM platforms.

Any Cloud-based CIAM platform should be leveraging the advantages of being cloud native and SaaS delivered. This type of CIAM offering is most closely aligned with the current and ongoing needs of a brand, and its use with any customer facing applications - both in terms of functionality and non-functional requirements. Cloud-based CIAM platforms should be highly available, with guaranteed service levels of 99.99% (that's just over 52 minutes of unavailability per year). Some CIAM platforms may offer 100% coverage. although usually at additional cost.

Benefiting from elasticity, these offerings should be able to cope with seasonal or peak burst-activity based on customer needs and remain performant throughout these periods - without any incurrence of additional cost on the brand. This approach alone helps mitigate the over-provisioning/under-provisioning problem where brands may struggle to balance the higher costs of over-provisioning with the needs to remain performant without under-provisioning (which can lead to slow response times and a poor customer experience).

Due to software development best practices and modern approaches to the distribution and deployment of cloud services built around the microservices paradigm, CIAM providers should be able to provide security and performance guarantees around dedicated services, data stores and networks for each organization they serve. This approach is particularly appealing to highly regulated industries, or to those where internal policy may require mission critical and customer facing services to remain on-premises.

This blog is an excerpt taken from the whitepaper, "An Evaluator's Guide to Buying or Building CIAM."

More articles from this author