Warning: content published in the draft wiki space may contain errors, be incomplete and is subject to change.
IAM Cost Components
- David Doret
Title | IAM Cost Components |
|---|---|
Version |
|
Summary | This research note inventories known IAM cost components to facilitate the measurement of IAM TCO. |
See Also |
WARNING: this is a very early draft to get us started. Please provide us with lists of cost components and we will consolidate them here.
Category 1 | Category 2 | Category 3 | Category 4 | Comments and examples | Investment / Project Costs | Operational / Maintenance Costs |
|---|---|---|---|---|---|---|
Direct costs | Organizational Costs | General administration |
| General and administrative (G&A) expenses (headquarters, interest on borrowed money, administration, etc.). This should probably be simply taken “as is” and provided by the accounting department. |
|
|
|
| Audit & Control |
|
|
|
|
| IT Costs | Hardware Costs | IT Infrastructure |
|
|
|
|
|
| Hardware Authentication Tokens |
|
|
|
|
|
| Biometric Systems |
|
|
|
|
| Cloud Costs | IaaS |
|
|
|
|
|
| PaaS |
|
|
|
|
|
| SaaS |
|
|
|
|
| Software Costs | IAM Software | Examples:
| Acquisition and implementation | On-going maintenance and upgrades |
|
| Development Costs |
|
|
|
|
|
| Integration Costs |
|
|
|
|
|
| Testing Costs |
|
|
|
|
| People Costs | Labour Costs | Direct Labour Costs (IAM dedicated personnel) | Examples:
|
|
|
|
|
| Indirect labour costs (other personnel) |
|
|
|
|
| Advisory services, outside expertise |
|
|
|
|
| Data Management | Data Quality Assurance |
|
|
|
|
| Out-sourcing |
|
| Examples:
|
|
|
Indirect costs | Cost of compliance |
|
| The cost incurred by IAM policies. For example, if IAM issue a policy requiring MFA for certain applications, there is obviously a cost involved in addition to the risk reduction |
|
|
| Cost of inefficiency | Productivity loss costs |
| Labor cost of users time spent doing recertification, access request and validation |
|
|
|
|
|
| Cost of support not for the support team but for the business who calls |
|
|
|
|
|
| For CIAM, opportunity cost of having customers calling support etc. |
|
|
| Cost of failure / risk realization | Incidents |
| The cost incurred by the organization of IAM security related incidents. |
|
|
|
| Failed audit costs |
| Findings and recommendations management costs |
|
|
|
| Fines & penalties |
| Contractual penalties and regulatory fines |
|
|
Bibliography
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.
