Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt

Title

IAM Cost Components

Version

1.01

Status
colourYellow
titleDraft

Summary

This research note inventories known IAM cost components to facilitate the measurement of IAM TCO.

See Also

Note

WARNING: this is a very early draft to get us started. Please provide us with lists of cost components and we will consolidate them here.

Category 1

Category 2

Category 3

Category 4

Comments and examples

Investment / Project Costs

Operational / Maintenance Costs

Direct costs

Organizational Costs

General administration

General and administrative (G&A) expenses (headquarters, interest on borrowed money, administration, etc.).

This should probably be simply taken “as is” and provided by the accounting department.

Audit & Control

IT Costs

Hardware Costs

IT Infrastructure

Hardware Authentication Tokens

Biometric Systems

Cloud Costs

IaaS

PaaS

SaaS

Software Costs

IAM Software

Examples:PAM Software

  • IAM products

  • PAM products

  • FIM products

  • CIAM

Software
  • products

  • Other

Software
  • software products

Acquisition and implementation

On-going maintenance and upgrades

Development Costs

Integration Costs

Testing Costs

People Costs

Labour Costs

Direct Labour Costs (IAM dedicated personnel)

IncludesExamples:

  • IAM Management

  • IAM Personnel

Indirect labour costs (other personnel)

  • IT Service Desk

  • Program and Project Management

  • Receptionists

Advisory services, outside expertise

Data Management

Data Quality Assurance

Out-sourcinge.g.:

Examples:

  • General IT services

  • IAM specialized services such as manual provisioning

Indirect costs

Cost of compliance

The cost incurred by IAM policies. For example, if IAM issue a policy requiring MFA for certain applications, there is obviously a cost involved in addition to the risk reduction

Cost of inefficiency

Productivity loss costs

Labor cost of users time spent doing recertification, access request and validation

Cost of support not for the support team but for the business who calls

For CIAM, opportunity cost of having customers calling support etc.

Cost of failure / risk realization

Incidents

The cost incurred by the organization of IAM security related incidents.

Failed audit costs

Findings and recommendations management costs

Fines & penalties

Contractual penalties and regulatory fines

...