Top 10 Legacy IAM Challenges, Part 4: Legacy Administration and Hardware Costs

Top 10 Legacy IAM Challenges, Part 4: Legacy Administration and Hardware Costs

March 14, 2018
Andrew Goodman
Sr. Product Marketing Manager

In the previous three posts in this series, we looked at the challenges you face with your legacy IAM system’s capability gaps in the areas of web access management (WAM), directory and multi-factor authentication (MFA). In addition to capability limitations, all of these have steep administrative and hardware costs that negatively impact your bottom line.

Today we finish up the 4-part series on the top 10 legacy IAM challenges by covering the administrative and hardware costs of legacy identity and access management.


Three Steep Costs of Legacy IAM


Click here to see the full infographic

Challenge #1: Infrastructure Costs

Many perceive the costs of IAM modernization to be too high to justify, but the costs of sticking to the status quo can be much, much greater.

Your legacy WAM solution, for instance, requires an excessive number of policy servers to provide application-level access control, and typically requires heavy on-premises databases for storing sessions, policies and encryption keys. On the directory side, adequately addressing scale and availability challenges while deploying more apps and identities relying on these directories is a catch 22.

Legacy multi-factor authentication systems also represent a major cost center within IT organizations. They require significant infrastructure to host authentication processes, user and policy databases, administration and self-service functionality. You are also increasingly likely to need additional hardware to support geographically dispersed deployments and remote users accessing internal resources. Costs balloon when redundant instances are set up for high availability and disaster recovery, not to mention the procurement costs of thousands (or tens of thousands or more) of hardware tokens.

A modern IAM solution slashes infrastructure spending:


  • WAM infrastructure savings Migrating to a modern solution leads to a reduction in on-premises servers and the associated hardware and utilities, equating to notable cost savings. Solutions such as PingAccess are headless and stateless, enabling lightweight deployment on cloud platforms at a significantly lower cost.
  • Directory infrastructure savings Ping customers report experiencing an overall hardware footprint shrinkage by as much as 80% when migrating to a modern directory solution. These lowered expenses stem from disk and memory requirements reductions and the ability to run on virtualized, commodity hardware in any domain. Efficient entry balancing and replication helps support the scale you need, and you can enable cloud deployment for even further cost savings.
  • MFA infrastructure savings The costs of deploying, managing and replacing thousands of tokens disappears when you move to a modern, cloud-delivered MFA solution. And that’s just one piece of the savings you realize. You’ll also eliminate on-premises servers and their associated costs when you switch to a cloud-delivered, subscription-based solution. Gartner clients can read more about these benefits in Cloud-Based MFA is Ready for Primetime.

Challenge #2: Labor Costs

Labor expenses devoted to maintaining legacy systems eat up a consequential chunk of your organization’s IT budget. When you shift from legacy IAM systems to a modern one, you allow your IT organization to focus on more strategic initiatives..

WAM-related expenses related are a big piece of this equation. Simply to keep the system running, multiple full-time administrators often are needed to ensure application security due to the WAM solution’s inability to share policies between API and web application security. Additional IT staffers are required to administer these complex solutions comprised of thousands of agents installed on hundreds of servers. And developers with years of expertise in these proprietary solutions are also needed, thanks to these solutions’ lack of support for open standards. Add in upgrade cycles requiring hundreds of hours of professional services, and your WAM related costs become too visible to ignore..

Also significant are the costs related to the legacy directories. Vendor support is often lacking, and because of this significant administrative effort is needed on your organization’s part to troubleshoot and apply hotfixes and security patches. Enterprises often fall into administrative time sucks of continual rebooting, resetting and fixing errors, while scale-related outages decrease workforce productivity.

But the highest labor costs, in many legacy IAM systems, arise from MFA. In an earlier post we talked about how misplaced or forgotten passwords, PINs, tokens and other authentication devices put a heavy strain on your helpdesk, causing thousands of dollars each year in support costs. In addition, your organization incurs hefty labor costs while maintaining, patching and upgrading servers and ensuring end-user device compatibility.

The identity and access management solutions built for today generate these labor savings:


  • WAM labor savings Modern access security lowers the need for highly specialized and solution-specific talent with built in support of open standards like SAML, OAuth and OpenID Connect. It frees your developers from hours spent writing custom code or mastering the intricacies of proprietary authentication protocols, and you reduce IT hours previously dedicated to administering complex legacy solutions. You also stabilize costs and IT workloads with predictable subscription models and updates, thereby minimizing the need for professional services.
  • Directory labor savings A consolidated directory solution boosts your workforce efficiency by allowing you to deploy your resources on more productive endeavors. Gone are concerns surrounding latency, stability and growth adjustments for relying users and applications, along with time wasted on investigating outages or applying frequent security patches.
  • MFA labor savings Labor savings alone often can make the business case for migrating to a modern multi-factor authentication solution. Entire teams can focus on more strategic initiatives instead of on hardware and software lifecycle management, software distribution, IT-administered client upgrades and configuration, and applying upgrades while ensuring compatibility with every authenticating device. Further, you see a significant reduction in helpdesk calls as a result of an intuitive user experience and simplified access to applications for the mobile workforce.

Challenge #3: Licensing and Support Costs

If your organization finds itself buried under licensing and support costs for your legacy identity and access management solution, you aren’t alone. These costs may be harder to pinpoint than some of the other costs mentioned above, but they are no less real.

Consider your web access management implementation. Many of our customers found that their WAM usage was decreasing over time, yet they were still paying the same amount (or more) in annual maintenance and support—resulting in costs that were proportionately more expensive than originally incurred. These organizations were also paying for system-wide upgrades roughly every three years, so they were experiencing excessive costs to upgrade and scale their solutions.

Directory licensing and maintenance costs may seem a better deal at first glance, as their costs are often included within application licenses, but administrative efforts spent on systems with lapsed vendor support makes these licenses far from free. The perpetual maintenance and support costs of legacy MFA solutions are also often more expensive than what would be incurred via modern subscription licensing.

For transparency in licensing and support costs, look to a modern identity solution:


  • WAM licensing and support savings Unbundling licensing costs to understand exactly what you’re paying for in a legacy solution can be challenging, but a good rule of thumb for calculating annual maintenance and support is around 20-25% of annual licensing fees. A modern IAM solution, based on a subscription model, spells out what you’re paying for and enables you to more accurately budget for ongoing costs.
  • Directory licensing and support savings As I mentioned above, directory licensing often is included in the cost of the relying applications, making it difficult to calculate your exact support and maintenance costs and therefore determine how much you gain by moving to a modern directory solution. But these costs are built into your legacy solution, and you realize savings when you eliminate soft costs such as those spent on maintenance and support.
  • MFA licensing and support savings Subscription licensing for modern MFA, as with a modern access solution, is often more cost-effective than the perpetual licensing with maintenance and support that legacy solutions require. Benefits include the ability to scale up or down as needed with minimal upfront risk, as well as better control and a clearer picture of your expected IT costs.

Making the Move from a Legacy IAM Solution

You can drive great value for your organization by migrating to a modern identity and access management system that lowers admin and hardware costs while improving access security, directory and authentication capabilities—but only when you do so wisely.

Trying to find the right identity and access solution to meet your enterprise’s IAM needs of today and the future can be a daunting challenge. If you’re interested in modernizing your legacy IAM systems and want to hear from others who’ve done it before, listen to the webinar replay with our modernization panel where you’ll hear from:


  • The Aerospace Corporation: Modernized CA Siteminder (SSO) with PingAccess
  • The Boeing Company: Modernized Oracle DSEE with PingDirectory