Skip to main content

Customization of IAM Solutions: Risks of Having it Your Way

April 20, 2018

Forty years ago Burger King launched a revolution in customization, declaring that they could provide you the power of creating your perfect burger combo. Made to order, fresh, fast and no extra cost. The slogan “Have it Your Way” (replaced now by “Be Your Way”) has more than impacted our drive thru satisfaction, it has become a way of applying customization to anything and everything. However, I know the limitations of my BK order. I understand what BK offers out of the box/bag and what they are designed to provide. I know I cannot order a grilled salmon salad with champagne vinaigrette dressing on the side. 

Similarly, we’ve come to expect ultimate flexibility from identity and access management (IAM) solutions because leadership, end users, or business processes push the “Have it Your Way” mentality. IAM solutions are designed with out of the box functionality that provides efficient processes and security best practices. Bringing the mindset of customizing everything into the IAM world holds several risks, for example:

  • Customization of any IAM tool creates more work to maintain it, both short and long term;
    • Costs money via resources and time
    • Slows down application or system upgrades, as customizations have to be closely watched for code changes that could break
    • Isn’t typically supported by the product vendor, so if you customize it and it breaks, it’ll be a costly fix
  • Expanding any tool beyond what it was designed for puts your processes on thin ice. If Burger King did suddenly offer salmon, I wouldn’t take my chances
  • The current processes may not fit well with the out of the box functionality, so “your way” should be evaluated before considering customizing the solution

The final risk is crucial for businesses to consider prior to implementing IAM solutions. When evaluating customizations, dare to ask “why?” There may be diagrams of current business processes, but why is it that way? Answers typically sound like something from the drive thru window - “The owner of this system left the company and didn’t document the process. Then the owner of the next system wrote a script and the reviewer wanted a report formatted like this. Then this manager wanted to verify or approve using X method, while another liked Y method better.” And so began the request for a Burger King solution, because everyone wanted it “their way.”

If this sounds like your culture or system complexity, look for the logic in the processes. To lead a successful IAM program, you’ll have to weed out the comfort of “that’s how it’s always been” vs. real system or process complexities. The goal should be a holistic, centralized solution with opt-in capabilities that focuses on solving the real pain points of all business lines in the best way possible and minimizes custom configuration. However, some scenarios may require more effort to fix, than can be resolved through a customized IAM solution. Remember that out of the box functionality is your friend, not your foe. As much as feasible to your business, try to mold your processes to fit the tool, not the other way around. Don’t be afraid to challenge the status quo, reducing the risk of creating a custom IAM burger recipe that will quickly lead you to timeline and budget heartburn. 

    Dusty Anderson

By: Dusty Anderson

Client Solutions Advisor

See More

Related Blogs

May 17, 2018

Dear Board of Directors, It’s Time to Do the Right Thing and Elevate IAM

I talk with IT executives regularly and have noticed a trend across industries that is concerning. While the threat of a data breach looms large on th...

See Details

December 01, 2014

What to Consider Before Starting an IAM Initiative

nytime an organization implements a new solution or program, there are a number of things to understand and prepare in order to maximize success. Iden...

See Details

May 23, 2016

Next Generation Identity and Access Management (Next Gen IAM)

Having spent the last 17 years in the identity and access management (IAM) space, I know two things are certain: Evolution is inevitable, and change i...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.