Identity Management Success

Hello Readers:

I have to begin the post today by relating something that happened to me (yet again…) yesterday. There was a piece of software I had to purchase for a couple of client projects. To protect the guilty, let’s just say that the software to be purchased was document management related, and published by a very well-known vendor. Anyway, company credit card in hand, I went off to the website to place an order for electronic delivery. After several attempts to match my ID (along with the requisite password reset request,) the transaction was underway. After two attempts, their ordering system kicked back a three paragraph long message about why the system could not place the order. At the bottom of the tome was a phone number. I called it.

The number went to “customer service.” Customer service had never seen such strange behavior from their ordering system. “What browser are you using?” (The absurdity of the experience hearkened back to a technical support call I made to a very large computing systems and storage vendor several years ago. Their backup tape library device had literally eaten two DLT tapes, and locked the access door so that even it’s emergency door release mechanism wouldn’t work. I had to get the tapes out and called for assistance. Their first question…..ready….? “What operating system are you using?”) Customer service then commenced another user lookup process and proudly spit out my new “customer ID” (which I didn’t know I had) and said “use this whenever referencing your account.” “Ok,” I said, “can we place the order?” (And yes Mr. Smarty-man customer service representative - I tried the transaction with two different very well-known browsers…so there!)

“Would you like the 7-10 day CD delivery, or the 10-20 day delivery Mr. Links?”
“Well….—-er….no, I want immediate electronic download just like I was trying to do with your web-based form.”
“Oh! Well, sorry Mr. Links, we cannot do that here. You need to talk to sales.”
Well I really needed the software, so I begrudgingly agreed to be transferred to “sales.” You guessed it…I was transferred to someone else in “customer service,” which was supposed to be sales. He couldn’t help me either .
“You want web sales, Mr. Links.”

That was it. After wasting a total of 67 minutes attempting to order a 4 minute electronic download (actually, most e-commerce sites would have had the download processing in my browser within 3 minutes of starting the sales cycle), I (perhaps a bit impolitely), told the gentleman that I was no longer interested in their software. There is actually more to this story, such as the charge authorization that came through anyway, and subsequent call back to the vendor to resolve. (Think I or any of my clients will be buying from that vendor again if I can help it?) But, I’ll spare everyone the rest of the details of that portion of the transaction, and talk about the positive outcome.

Still needing the software, I looked for alternatives. A couple of quick Internet searches found just the small vendor replacement needed and the software was in my hands with 99% of the features, 3 times the quality of customer service, at 1/3 the price. Overall, it worked out much better than had the original transaction been processed as scheduled.

So what does all this have to do with Identity Access Management? Many things actually, because the transaction details above could just as easily apply to big IAM vendors (and often does.) We’ve covered the big guys before (and yes - there are many reasons to consider them too) and will do so again. However, from here on out, the focus will remain on the case for considering small vendors. First, let us examine some of the common reasons organizations elect not to consider smaller IAM vendors.

Case against small vendors

• They are not established long enough
• Nobody one we know is using them
• They will go out of business, leaving us holding the bag of useless software that is no longer supported
• The will be acquired, leaving us holding the bag of useless or future “integrated” software that is no longer supported or usable
• They do not have the depth of support we required
• They are not on our preferred vendor list
• They are not publicly traded companies
• They did not present enough pages in the contracts/SOW documents to feel “weighty” enough
• Their prices are too high
• Their prices are too low
• They didn’t bring enough people to the meeting
• The industry analyst firms have not covered them, or placed them somewhere in a grid
• An industry analyst firm didn’t like like them
• They do not provide enough documentation
• They do not have enough resources to assist our project (the “bench depth” concern)
• They do not have the training programs to produce quality, well-trained people
• It will take too long to get an unapproved/new/untested vendor through internal channels and approval committees
• As the small vendors grow, they may no longer provide the same level of customer service as the larger ones

Case for small vendors

• They often have more to prove, and will work much, much harder
• They can provide personalized attention, and focus more direct energy on your business challenges/opportunities
• They can generate software patches, fixes, and support resolutions (in general…) many times faster than their larger counterparts
• They often cost the same, or much less
• They can and will often offer license models that fit your business model - not theirs
• Fewer levels of “abstraction” between your problem and the people that can actually solve it.
• They can often start projects sooner, end projects faster
• They can provide software tools that are lighter weight, and easier to integrate and customize
• They can provide software tools that are highly specialized to the problem/opportunity at hand
• They can take ownership of a problem, often placing it squarely on the shoulders of one or two people rather than whole departments
• They are often interested in quick, effective solutions
• They are less likely to share all their dirty laundry and excuses as to why something could not be done. There is no massive internal bureaucracy to to encounter every time something is needed from the vendor

Suggestions for comfortably evaluating a smaller IAM vendor or point solution provider

1. Source Escrow. This oft-underused, but highly valuable contractual obligation can provide a strong measure of assurance. Many organizations are leery of smaller firms “going under” and have reluctance to implement smaller-company software. The reality of today’s IAM solutions is that they all (large and small) are increasingly becoming more standards aware, and some have even achieved high degrees of standards compliance. When talking to the small vendors, ask if they are willing to either provide full source outright, or at least put their base retail software and all modifications made for you in an escrow. That way, if something ever does happen to them, you will still have full access to the source and stay up and running.
2. Look to alternative media sources. Some of the newer firms may not have been thoroughly vetted by the industry analyst “conference circuit.” Search the company out through well-known Internet search engines, or through the blogosphere.. Touch base with your other contacts in the industry. Get copious input from your technical people.
3. Ask for references. Query references about supportability, responsiveness, cost-to-benefit ratios, functionality, degree of integration. Don’t spend a lot of time asking about the feature sets. Ensure that a product at least has a strong potential need to meet your need before making reference calls. Remember that reference calls are time consuming and expensive for all concerned, so consider keeping them short and tightly focused.
4. Query the vendor about interoperability. Many of the smaller vendors leverage solutions from bigger vendors and/or open standards. Generally (yes, there are many exceptions,) smaller companies are more oriented to open standards than the larger ones. Interoperability and standards support are your two biggest insurance measures for both big and small vendor software packages. Always be looking 3 - 5 years forward in your IAM Program, and consider the forward pain of ripping out and replacing today’s IAM solution, and ensure that “future proofing” is at least 50% of your buying decision.
5. Ask for a proof of concept on your own equipment. Keep in mind, that *all* industry players either directly or indirectly related to IAM are resource constrained right now. Any that say that they aren’t, are either not being truthful, or no one is interested in their offerings. Proof of concept engagements can be risky for some companies, as they pull resources away from larger, or paid projects. Expect to pay for the Proof of Concept (POC), but request a chargeback from the vendor if their solution is selected. General software demos and web conferences should never be offered for a fee, and we would not recommend talking to any vendor that would have that requirement.
6. Get extensive feedback from your technical teams. This may seem counter to some of our advice about “people and process” rather than “tools and technology,” but remember that at the point of vendor selection, we’re now talking about tools. Your technical teams can be an invaluable source of input and analysis for all things hardware and software related. They can build support, and also will ultimately be in charge of implementing (or not) the software into complex production environments. Ignore their feedback at the peril of your IAM Program.
7. Review and understand their partner list and “channel.” Many small vendors have strong partnerships with larger ones. While this can lead to some challenges such as conflict of interest between partners, it can also provide assurances by adding support depth. If their partners are already vendors in your organization, it can even in some cases provide predatory protection in the event that the company is required. Small companies are often acquired by much larger partners. When this happens, the likelihood of a long, uninterrupted support cycle is greatly improved.
8. Responsiveness and how well the vendor can integrate with your business model, rather than dictate their own.

Conclusion

Today we have examined some of the case points for and against small vendors, and provided criteria for consideration and selection. Selecting a vendor is a multi-dimensional process, and can vary substantially between organizations. Links Business Group LLC can help with your vendor vetting and selection process. Call us today at +1 877 769 8938 or send email to request a complimentary initial consultation. Thanks for reading our blog, and we look forward to working with you in the future.

Until next time, all the best, of Identity Management Success.

Corbin H. Links, President
Links Business Group LLC

©2003-2007 Links Business Group LLC. All Rights Reserved.