Build vs.

Buy
Whitepaper
September 2022

Customer Identity and

Access Management

Okta Inc.
100 First Street
San Francisco, CA 94105
info@okta.com
1-888-722-7871
Whitepaper Build vs. Buy 2

Contents 3 Getting Customer Identity Right is Hard

7 Benefits of Purchasing a Customer
Identity and Access Management
9 Conclusion
10 How We Can Help
Whitepaper Build vs. Buy 3

Every team building a web or mobile app faces the same dilemma with every new
piece of functionality: build in-house or use out-of-the-box services to make the job
easier and faster.

Our developers can handle customer identity. It’s a login box. How hard could it be?

But customer identity and access management (CIAM) is so much more than just
the login box. As businesses grow and continue to add features, it’s possible the complexity
of maintaining a robust DIY CIAM system can become a larger drain on resources
than anticipated. Developer hours are a precious commodity, and time spent
maintaining DIY identity, security, and privacy compliance is time taken away from
core business innovation.

Getting
Customer
Identity Right
is Hard

So how do you drive innovation and maximize developer time without compromising
security, launch dates, or budget?

A pre-built CIAM system is one such solution. A digital identity layer comprised of
APIs, SDKs, and out-of-the-box customizable components can serve as building
blocks to increase speed-to-market, lower development costs, and focus in-house
developers on the core features of the application. Customer-facing applications require
a common set of fundamental features related to authentication, authorization, and
user management. Applications need to support common workflows such as account
creation, user login, password reset, account recovery, and multi-factor authentication
(MFA) enrollment. Additionally, applications need to accommodate different levels of
access depending upon the user.

This whitepaper discusses the key considerations when making a build vs. buy decision
and the advantages of a pre-built solution.
Whitepaper Build vs. Buy 4

Ad Eam Nisl
Denique [Okta] is one of the things that I can put in my toolkit to
Interesset say: Hey, we’re gonna move faster because we have this
identity component nailed.
Mel No Scott Howitt,
CISO, MGM Resorts International

Lower the Total Cost of Ownership (TCO) of Application Development

Identity management is one of the highest-risk areas for cost overruns, because
feature and system complexity are so often underestimated and in a state of constant
evolution. A home-grown approach introduces greater uncertainty into the equation
and costs increase significantly when internal teams get sidetracked on building
deep user features or discover that their requirements have transformed due to a
changing landscape. Teams may still deliver on time, but only with the help of costly
contract resources. When you offload identity to a trusted provider, you help ensure
the development team delivers the full scope of your project on budget.

Example TCO reduction of application development

.

3
Developers
 6  $200K  90% = $270K
Month Fully loaded salary Improvement Reduction to TCO
identity
timeline

Common Google-esque calculation of the value of an engineer for companies where the technology is the primary
generator of revenue. Here, we are calulating the average annual revenue contribution of an engineer multiplied by
the number of engineers that are removed from the engineering pool to deliver an identity layer.

Things in the identity space change almost by the hour,

and we need a technology partner that can keep up
with that pace of change on a daily basis.
Eash Sundaram
EVP Innovation, Chief Digital & Technology Officer, JetBlue Airways
Whitepaper Build vs. Buy 5

Ad Eam Nisl Focus Resources on Core Application Functionality

Denique Your success depends upon how well you execute the core product features that
make your application useful to end users. A modern identity layer frees your team to

Interesset remain laser-focused on functionality that drives revenue and customer engagement;
and allows your developers to more quickly move onto the second, third, or fourth app
Mel No that your customers are demanding.

Reduce the Risk of a Security and Compliance Breach

When was the last time your team updated their password hashing algorithm? User
data and PII are the most common targets of attacks, yet the average lifespan of an
effective encryption algorithm is 18 months. Protecting users often falls by the wayside
in favor of requirements that drive growth or revenue. Plus, a secure identity service
requires your team to have specialized knowledge—and time—to address vulnerabilities
at every layer of infrastructure, from the operating system, database, and transport layer,

Ad Eam Nisl to the application stack and code vulnerabilities. Because development teams rarely
have this level of security expertise on staff, they may not know their user security has
Denique failed until sensitive data is already vulnerable. And they often aren’t aware of security

Interesset developments, like when an algorithm is compromised, or an attack vector is discovered.

Mel No
A well-chosen identity management service safeguards your user data from attackers
because the team that built it is comprised of experts focused on advanced security
to cover identity and access attack vectors. Security measures include powerful
encryption, API security, advanced firewall protection, and robust data management
and system access procedures. These same security measures and infrastructure
enable your teams to be compliant with geographic and vertical-specific regulations
such as HIPAA, FedRamp and GDPR.

National Bank of Canada services millions of clients

in hundreds of branches across Canada. As an
organization, we have clear objectives, one of which
is to simplify the customer experience. Okta’s smart
authentication and contextual capabilities enable us to
give our clients a seamless, secure online experience.
Rish Tandon
CTO, Heal
Whitepaper Build vs. Buy 6

Keep Developers Motivated

Although identity is important to the success of a customer-facing application, not

all developers enjoy building identity and security infrastructure. Although it’s a
high-risk area and often fraught with complexity, user management is sometimes
perceived as mundane, and many developers would rather work on features tied to
core product differentiation and cutting-edge systems. The high overhead associated
with implementing user security can be especially demotivating—there is a great deal
of risk, and much conflicting guidance. On the other hand, many developers perceive
working with modern REST-JSON API services as interesting and accessible.

Deliver High Scalability and Reliability

When user management fails, users are locked out. If the login experience fails due to
a lapse in availability, end users won’t know or care why—but their perception of your
organization and your brand will suffer. The level of consumer load is unpredictable, and
marketing departments do not always know or share when a promotion will drive an
influx of users. If you decide to manage this yourself, you have to be confident in your
team’s ability to offer multiple nines of availability, and scale easily as the user base
grows. You must be prepared to provide double or triple redundancy in your datacenter
or in collaboration with an infrastructure-as-a-service provider. You will need to provide
for seamless upgrades and maintenance to ensure uninterrupted service. Companies
who take on these nontrivial responsibilities often find the maintenance overhead
unmanageable. An outside user management service provider can completely remove
the operational headaches.

Facilitating integration across the ecosystem,

making sure identity persists across systems, and
having identity be the central way we’re relating to
the customer, with a high degree of reliability and
availability—that was really important to us.
James Fairweather
Senior Vice President of E-Commerce and Technology, Pitney
Whitepaper Build vs. Buy 7

Benefits of
Ad Eam Nisl There are compelling reasons to purchase identity management rather than building it:

Purchasing
Denique Increase revenue through faster time to market for apps: Customer needs can
change on a whim and organizations today need to be agile enough to capitalize on

a Customer
Interesset market opportunities or risk revenue. The right customer identity solution can deliver
an identity layer for secure customer experiences so your development teams don’t
Identity
Mel No have to reinvent the wheel when it comes to authentication, authorization, and user

and Access management, and can instead focus on building the features that differentiate your
app and get them into the hands of consumers. And speaking of revenue—it’s as much

Management about preserving it as it is generating it—so scalability is also a factor here. Resource-
intensive actions like authentication, password encryption, and search need to keep
pace with user demand during peak periods.

Reduction in engineering costs: Implementing a third-party identity management

solution is straightforward and enabling powerful features can be as easy as flipping
a switch. Hundreds—if not thousands—of valuable development hours can go back to
writing business logic instead of being spent building authentication. Time that was
dedicated to testing and security for authentication can be returned to core app work.
Integrating and mapping identity providers is time-consuming and can be painful.
With the right third-party solution, these integrations are already built and provided.
An out-of-the-box CIAM solution should also offer SDKs for popular development
stacks, further reducing additional coding needed to integrate the authentication
system. A company’s engineering team can focus on configuration rather than coding
and customizing.

Increased security: When was the last time your team updated their password hashing
algorithm? User data and PII are the most common targets of attacks. The average
lifespan of an effective encryption algorithm is 18 months, but protecting users often
falls by the wayside in favor of requirements that drive growth or revenue. A CIAM
solution takes on the responsibilities of keeping user data stored and transported
securely, and adheres to regional compliance policies and certifications. In addition, a
CIAM solution provides federated identity so that users don’t engage in bad practices
like reusing the same password to avoid having to remember multiple login credentials.

Case Studies from Different Industries

Schneider Electric - Driving Growth with Unified Identity Management
With over 170,000 employees across more than 100 countries, Schneider Electric, a
global leader in energy management and automation, needed an identity management
strategy that could scale with the company’s next phase of growth while maximizing
efficient use of resources. Schneider Electric’s primary need when choosing CIAM
was a single sign-on system to create a unified authentication process. This way, they
could use the same identities and credentials for all of the company’s diverse systems
and applications.
Whitepaper Build vs. Buy 8

A cost-benefit analysis quickly proved that Schneider Electric would be better off
leveraging its employee resources to deliver on core business goals and objectives.
Third-party identity management could break down barriers within the corporation
and solve challenging identity integration problems. The Okta Customer Identity
Cloud (formerly known as Auth0) also provided a robust and flexible solution that was
developer-focused and easy to integrate. The platform was web and mobile friendly,
supported open standards, and offered robust features and future-proofing with broad
identity provider support and easy migration.

Once Okta CIC was selected and implemented, many benefits were realized. Using
its identity management solution eliminated extra development work. This freed up
more resources for IT innovation. Time to market was faster and the system benefited
from increased security and best practices. Okta CIC also provided fast, thorough
reactions to vulnerabilities.

Before any news sites reported on last year’s

Heartbleed zero day vulnerability, Auth0 [now Okta
Customer Identity Cloud], emailed us to alert us to
the situation. There was already a patch to eliminate
the Heartbleed threat from Auth0’s systems, followed
by a confirmation email that Auth0 had already
installed this patch on the Schneider Electric i
nstance of Auth0’s service.
Auth0 helps our platform team look really good. In this
scenario, not only had the security issue been patched,
our IT you
To challenge team was about
to think able tohowsave valuable
important timeisby
neutrality to leveraging
your organization,
thethe
consider detailed
following:steps on how the issues were mitigated to
 owreport
• H directly to
many departments in our
your internal team.
organization What’s
will rely more,Provider?
on the Identity Auth0
• H
cycled the certificates, something else that would
 ow many different tech stacks will your IAM solution need to support?
have
been very labor intensive for the team to do on its own.
• How often do any one of your stakeholders or business units roll out a new technology?

• W
 hatWith
is thethe Auth0
average time platform, we can
it takes to rollout a newplan and integrate
organization-wide application or
‘big identity architecture
bang’ technology early
solution and to challenged
are you save critical time andyour average
with decreasing
ensure a secure system is in place when a project gets
rollout times?
 owoff
• H muchthecould
ground.
faster rollout times reduce costs for your organization?
Speaker,
Title, Schneider Electric
Whitepaper Build vs. Buy 9

Bluetooth - Unifying Identity across On-Premise and Cloud Apps

Bluetooth, a global leader in wireless technology, had a growing ecosystem that
presented various challenges. The business, which started as a single application,
swiftly grew to multiple different apps. Apps developed in-house as well as third-party
SaaS apps (Sharepoint, ServiceNow, SiteCore) all required different authentication
credentials. Bluetooth’s existing homegrown solution was forms-based and used
username and password credentials. This platform was not suited for federated identity.
The company needed a modern identity solution with single sign-on to support all of
their homegrown and third-party SaaS apps. The solution had to be implemented while
keeping the existing platform operating with a future path for full migration. User roles
and access were also vital to ensure proper levels of access to confidential documents.

Third-party identity fit the bill. It was easy to implement and allowed the team to add
SSO and modern authentication. The legacy system was kept intact while a migration
plan was implemented and carried out. It took only days to implement versus the
months needed to implement an in-house platform. Top-notch documentation with
detailed code samples covered introductory and advanced topics, allowing Bluetooth
SIG engineers to quickly understand and implement their modern identity solution.
Bluetooth worked with developer success engineers to develop a proof of concept to
jointly showcase the platform’s capabilities. Support response times were short with
rapid turnaround.

Conclusion Innovation without Compromise

Managing modern identity is challenging. Keeping up with evolving standards, best

practices, and constantly patching security bugs takes time and money away from the
core business. By considering features that grow with your organization’s needs and
understanding how other companies have successfully evaluated and implemented their
own solutions, you can reap the benefits of an identity management solution–without
compromising on security, user experience, or increasing developer hours.

Your organization can transform your CIAM from a critical point of risk and a potential
blocker for business into a system that not only enables your organization’s ability
to drive revenue but actually enhances it. With Okta Customer Identity Cloud, you
can implement CIAM in days instead of months, future-proofing your organization
by utilizing the easiest, most comprehensive and extensible CIAM solution available.
Whitepaper Build vs. Buy 10

How we can help Okta can help you manage identity for your users. As security experts, we have built an
identity-as-a-service (IDaaS) platform designed with state of the art security in mind.
Over 80,000 developers in 167 countries trust Okta Customer Identity Cloud as their
identity management solution.

Among the features and benefits:

•T
 heability to configure and implement enterprise federation
and single sign-on requiring only basic configuration and no coding.
•E
 nterprise
connections include Active Directory, LDAP, ADFS,
SAML, Google Apps, and more.
•S
 ocial
connections with all major providers including LinkedIn,
Facebook, Twitter, Google, and many more.
•T
 raditional
username and password authentication, via either
the Auth0 DB or any Custom DB, with enhanced security features
such as multifactor authentication, breached password detection,
brute force attack protection, and anomaly detection.
•U
 serscan be migrated from existing systems painlessly with
no forced password resets.
•M
 ethods to audit and view identity-based analytics to ensure
organizational compliance and upsell opportunities.
•C
 ompanies can easily manage user access with fine-grained
permissions and powerful, custom rules.
•D
 elegated administration allows companies to administer
granular access, visibility, and user management to customers.
•W
 ith Okta Customer Identity Cloud it takes less than 30 minutes
for a developer to set up robust and customizable identity management
for any technology stack.

Resources
For more examples of how other companies evaluated Okta Customer Identity Cloud,
previously known as Auth0, please visit our customers’ page, our pricing page or
contact sales.

About Okta
Okta is the leading independent identity provider. The Okta Identity Cloud enables
organizations to securely connect the right people to the right technologies at
the right time. With more than 7,000 pre-built integrations to applications and
infrastructure providers, Okta provides simple and secure access to people and
organizations everywhere, giving them the confidence to reach their full potential.
More than 15,800 organizations, including JetBlue, Nordstrom, Slack, Takeda, Teach
For America, and Twilio, trust Okta to help protect the identities of their workforces
and customers. For more information, go to okta.com.