Akamai Diversity

The Akamai Blog

Customer identity management: build vs. buy (Part 3)

Welcome to the final installment of our investigation into the options of building your own customer IAM solution or purchasing a solution from an enterprise CIAM vendor -- Build vs. Buy. In part two, we detailed many of the inherent challenges of building a customer identity management platform from scratch. In this, the third and final part of this series, we'll look at some of the key factors to consider when buying a CIAM solution.

Download our free paper: Build vs. Buy? A Guide for Customer Identity and Access Management (CIAM)


Can an employee IAM system be repurposed as CIAM?

In their search for a viable CIAM tool, business decision-makers will often consider repurposing existing employee IAM systems to support customers. It's tempting to conflate the capabilities of IAM and CIAM, but some key differences exist.

Traditional IAM tools are designed with employees in mind, limited to a set number of users and permissions. They may need to scale up to a certain degree to meet the demands of an expanding business, but there's a ceiling on that growth. Meanwhile, customer-focused IAM platforms have to account for a theoretically infinite number of identities across various touch points. In an enterprise or worker IAM environment, users and identities are matched at a 1:1 ratio and "identities" are created by a central support team. In the world of customer IAM, users create their own identities, have the ability to login with a social media account (e.g., Facebook, LinkedIn) and can create multiple identities. The difference capacities in terms of scalability and ability to deliver consistent performance through spikes in traffic are core differentiators between CIAM and IAM.

Another key difference between the two models is that every user in an IAM environment is easily recognizable, whereas a CIAM solution must support both known and unknown users. That presents unique security challenges as well -- challenges that a traditional IAM platform would be poorly equipped to manage. Any IAM user is assumed to be trustworthy since each one is a company employee. CIAM users could be anyone without any manner of intentions. Even innocuous behavior like an individual falsifying his or her registration information can be problematic since it inhibits customer engagement efforts.

Employees are largely resigned to use whatever login and authentication solution is used by their organization -- accordingly, employee IAM does not need to provide the same degree of performance and availability as customer-facinging IAM. CIAM needs to always (1) be available and (2) provide a seamless and responsive customer experience.

Because of the demands of scalability, the need to manage known and unknown user access, and the challenge of providing the best possible user experience, purpose-built, cloud-native CIAM platforms -- like the Akamai Identity Cloud -- have the clear advantage over systems that were designed primarily for internal employee use.

Cloud or on-premise customer identity management

Where your CIAM software will live is an important consideration to make when buying a dedicated platform. The three options are on-premise, hosted and cloud-native.


On-premise CIAM platforms run on a company's own hardware in one of its data centers. Going this route provides a degree of control over the customer identity management solution, but it requires significant additional costs to operate data center equipment and maintain the highest levels of performance. Another concern is that, depending on an organization's data center footprint, it may not have adequate redundancy and failover capabilities in the event of a disaster, outage, or disruption.


A more cost-effective approach is to deploy a hosted customer identity and access management solution. The hosted service provider shoulders the operational costs that are associated with on-premises software deployments. When executed well, these Identity-as-a-Service platforms minimize expenses while offering considerable scalability and redundancy capabilities.

Businesses need to be careful to scrutinize hosted platforms as they may be nothing more than retooled IAM systems being hosted in the cloud. As such, these "pseudo-cloud" solutions are unable to maximize the benefits of a cloud-based deployment.


A truly cloud-native customer identity and access management platform opens limitless scaling possibilities as well as resource-sharing options that help minimize operating expenses. These platforms may be deployed in a multi-tenant or single-tenant cloud environment.

It's good practice to ask your CIAM solution provider about their cloud architecture to determine the level of security, scalability and redundancy you can expect from your deployment. Also, if you serve customers across multiple brands or geographies, learn whether your vendor's global data footprint aligns with your needs. Thoroughly review vendors' service-level agreements and check that guarantees related to uptime and availability meet your operational requirements.

Although every situation is unique and different companies have their own set of must-have features they're looking for in CIAM software, the inherent strengths of buying a customer identity management platform far outweigh building one with an in-house team.

Regardless of which path a business ultimately takes, there are numerous considerations that need to be addressed and accounted for to guarantee a seamless, successful implementation. Working with a solution provider that offers a consultative approach can help companies find answers to all of their CIAM questions before signing a contract. That way, businesses can do their due diligence and find the best tool for their needs.

To find out more about the benefits of buying a CIAM platform, read Build vs. Buy - A Guide for Customer Identity and Access Management (CIAM).