Warning: content published in the draft wiki space may contain errors, be incomplete and is subject to change.

IAM Cost Components

Title

IAM Cost Components

Version

1.1 Draft

Summary

This research note inventories known IAM cost components to facilitate the measurement of IAM TCO.

See Also

WARNING: this is a very early draft to get us started. Please provide us with lists of cost components and we will consolidate them here.

Category 1

Category 2

Category 3

Category 4

Comments and examples

Investment / Project Costs

Operational / Maintenance Costs

Category 1

Category 2

Category 3

Category 4

Comments and examples

Investment / Project Costs

Operational / Maintenance Costs

Direct costs

Organizational Costs

General administration

 

General and administrative (G&A) expenses (headquarters, interest on borrowed money, administration, etc.).

This should probably be simply taken “as is” and provided by the accounting department.

 

 

 

 

Audit & Control

 

 

 

 

 

IT Costs

Hardware Costs

IT Infrastructure

 

 

 

 

 

 

Hardware Authentication Tokens

 

 

 

 

 

 

Biometric Systems

 

 

 

 

 

Cloud Costs

IaaS

 

 

 

 

 

 

PaaS

 

 

 

 

 

 

SaaS

 

 

 

 

 

Software Costs

IAM Software

Examples:

  • IAM products

  • PAM products

  • FIM products

  • CIAM products

  • Other software products

Acquisition and implementation

On-going maintenance and upgrades

 

 

Development Costs

 

 

 

 

 

 

Integration Costs

 

 

 

 

 

 

Testing Costs

 

 

 

 

 

People Costs

Labour Costs

Direct Labour Costs (IAM dedicated personnel)

Examples:

  • IAM Management

  • IAM Personnel

 

 

 

 

 

Indirect labour costs (other personnel)

  • IT Service Desk

  • Program and Project Management

  • Receptionists

 

 

 

 

Advisory services, outside expertise

 

 

 

 

 

Data Management

Data Quality Assurance

 

 

 

 

 

Out-sourcing

 

 

Examples:

  • General IT services

  • IAM specialized services such as manual provisioning

 

 

Indirect costs

Cost of compliance

 

 

The cost incurred by IAM policies. For example, if IAM issue a policy requiring MFA for certain applications, there is obviously a cost involved in addition to the risk reduction

 

 

 

Cost of inefficiency

Productivity loss costs

 

Labor cost of users time spent doing recertification, access request and validation

 

 

 

 

 

 

Cost of support not for the support team but for the business who calls

 

 

 

 

 

 

For CIAM, opportunity cost of having customers calling support etc.

 

 

 

Cost of failure / risk realization

Incidents

 

The cost incurred by the organization of IAM security related incidents.

 

 

 

 

Failed audit costs

 

Findings and recommendations management costs

 

 

 

 

Fines & penalties

 

Contractual penalties and regulatory fines

 

 

Bibliography


https://open-measure.atlassian.net/browse/CM-6


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.