Should you build or buy a customer secure sign-on solution?

Stephen Cox
Stephen Cox
  • Mar 25, 2022
  • 6 min read

If you’re reading this, chances are you’ve already decided your org needs a secure identity management solution for your customer-facing apps.

And we think that deserves a virtual fist bump. Understanding why implementing a unique customer identity and access management (CIAM) solution is critical in the first place – and not trying to retrofit your workforce identity and access management (IAM) solution to serve an audience that behaves entirely differently (AKA your customers) – is an essential mindset shift that’ll make your customers happy and help your bottom line.

So congrats on making that first leap.

Now that you’ve decided your brand needs a new (or better) secure sign-on solution, you’ve got a few choices. You can buy a vendor-supported solution, build or rebuild one yourself or use an open-source tool.

There are pros and cons to all those options, but today we’re going to focus on the classic “build versus buy” dilemma and cover several questions you need to ask yourself before deciding between those two choices.

So you want to build your own identity and access management provider …

We understand why building and maintaining your own secure sign-on solution in house sounds enticing … at least at first.

But when you decide to build a CIAM tool as your customer’s digital journey continues evolving at just about every turn, you often end up having to choose between accelerating your time to market or securing your digital products.

That’s a tradeoff no org should have to make.

That’s why it’s so essential to evaluate the right criteria when you’re deciding whether to build or buy a CIAM offering, making sure you carefully consider what “future you” will need.

To start, we created a handy chart that maps evaluation criteria to both the “buy” and “build” scenarios, along with our take as to what level of effort is required depending on which path you choose:

Now let’s take a closer look at each criteria.

How long will it take me to get to market?

A great commercially available CIAM solution should be fairly quick to deploy to your customer-facing apps.

We’re talking about a setup time in hours or days, not weeks or months.

For example, we recently deployed Strivacity at a gaming and entertainment company across more than 100,000 customer accounts. From start to finish, it took five days.

Most home-grown CIAM projects take months to build and deploy … which is fine if you’ve got the luxury of taking your time to get to market. But most companies don’t. They also usually need their developers focused on their revenue-generating products, not distracted by other projects like becoming an expert in secure sign-on functionalities.

How much effort will deploying and maintaining this require?

Initial development costs are one thing, but how much time do you want your team to spend maintaining this solution?

Customer journeys change often. As your org scales and you start to acquire more and more new types of customers, you’ll end up having to create additional (and different) journeys so that you’re providing an exceptional experience for every person who’s interacting with your brand.

This takes – you guessed it – a ton of time. Do you want your team focused on learning about customer identity technologies and capabilities? Or should they be working on improving your revenue-generating products and keeping your company competitive in its market?

How rich do I want the features to be?

It’s pretty simple.

More features = more time spent on development.

Again, many of the features you’ll develop for launch day won’t be sufficient for what your customers will need six months or a year from now. With a commercially available CIAM tool, you can add new features and workflows with a few clicks. If you build CIAM on your own, each new feature means another lengthy development project for your team, or a potentially large consultant fee if it’s something you’ll need to outsource.

How much money can I (or do I want to) spend over time to support this tool?

Beyond the army of developers you’ll need to build your own CIAM tool, consider how much you want (or will need to) spend in order to support the offering.

For example, you’ll need to account for costs associated with hosting your solution either on-premises or in the cloud, ongoing monitoring for reliability and security purposes, CI/CD management and quality assurance, to name a few.

A major benefit of using a commercially available CIAM platform is that you’ll automatically be keeping pace with market changes to identity and access management solutions: think about new tech standards, the latest security features and the like. Not to mention that you’ll be able to divert your development team and your purchase orders to other needs.

What kind of licensing costs will I incur?

This one’s pretty straightforward: If you build your own tool, you won’t need to worry about licensing.

However, there’s lots to consider aside from licensing costs as you’re deciding whether to build or buy a CIAM solution.

The bottom line

Building a CIAM tool in house requires significant resources. There’s the initial development and deployment effort (plus having the right people on staff to do those things), security and compliance requirements to consider as well as the time and costs associated with maintaining and improving the solution over the long run.

Of course you’ll need to do all of that in addition to focusing on your org’s most strategic, revenue-generating priorities.

Yes, we’re biased, but we think it makes a ton of sense for most companies to buy a CIAM solution instead of creating their own. When you choose a commercially available CIAM tool like Strivacity, you’ll get to market faster, scale quickly when it’s time and provide your customers with the friction-free, personalized experiences that they expect and deserve.

Have other questions about building or buying a CIAM solution? Get in touch.

More articles from this author