Information Technology Reference
In-Depth Information
Complexity of Features
: Some functions and data structures seem common
to most organisations, but the generic implementations provided by major
IAM products tend to be a superset of required capabilities that is more
complex than warranted for any single organisation's needs. One reputed
product we evaluated boasted
five
different administrator roles, which could
confuse most administrators at any organisation. As another example, many
IAM products boast sophisticated workflow capabilities, yet auditors only
require a two-step request/authorise process to enforce the “segregation of
duties” principle. Feature complexity is a selling point for a vendor in a
competitive market but imposes unnecessary costs on a user organisation.
Sometimes, this complexity of features comes about because a vendor's
product suite is made up of disparate products brought together through
various acquisitions, and the integration is consequently clunky and
unnatural.
Custom Requirements
: IAM is an area where every organisation has some
unique requirements, and we provide two such examples in Appendices C
and D. Not all specialised requirements can be met by simple configuration
settings on a generic product, no matter what the brochures may tell you.
Many of them will require some custom development. This has two logistical
downsides in additional to a security implication that we cover separately in
the next section.
One, your own in-house resources may be unable to make these changes
because of their unfamiliarity with the new product, so you have to rely on
vendor resources to make these changes for you. You will have to pay for
the vendor's own consultants to work on your project and provide ongoing
support for those customisations, and this is not something an organisation
always budgets for at the outset.
Two, customised products are difficult to upgrade. When the vendor
releases the next version of the product and your current version goes out of
support, you will find it harder and costlier to migrate because of all the
customisations you have made to the current version.
Closed Interfaces
: The components of many brand-name products are often
described as “tightly integrated”. To a SOA-sensitised architect, the
approving tone that usually accompanies this pejorative is a source of
endless surprise and amusement. Tight integration in a product is not a
desirable feature! It is a warning sign. Loose coupling is what we should be
after.
