These days, enterprise software is generally operated either on in-house servers or outsourced to the cloud – this also applies to the highly sensitive area of user authentication and the management of their profiles using IAM (Identity and Access Management). But which special features must be considered in this context and which solution is the perfect fit for which application?
The advantages and disadvantages of on-premise
If an in-house data centre is already available, the added costs of implementing Multi-Factor Authentication (MFA) and the IAM system are manageable. This approach can pay dividends for larger companies that have already invested in suitable hardware – especially since the internal IT team can take over the administration and maintenance of the new software components after a brief period of familiarisation.
Data that never leaves the company is as safe as it would be in a bunker. Companies that bundle the hardware and software infrastructure in their own data centre have complete control over all security measures at all times. This means, for example, that a server used for multi-factor authentication does not require an Internet connection and can be set up in an isolated network. In addition, firewalls and other security measures can be tailored to suit the company’s circumstances. However, it is important to remember that no bunker is impenetrable: With the right tools, hackers can penetrate even the most heavily defended networks and company servers.
In rare cases, the existing software infrastructure may make it necessary to modify the software used for authentication and IAM to suit specific requirements. However, the costs and benefits of this type of additional programming work should be weighed up carefully in advance. Both on-premise, as well as cloud solutions, now offer numerous customisation options and broad support for standardised interfaces, eliminating the need for manual adjustments to the program code in most cases.
However, the high degree of customisation of an on-premise solution is also its greatest disadvantage: the costs of maintenance and updates as well as personnel costs – be it for internal IT teams or external specialists – can be significant. The company must also create its own data backups to protect against losses, for instance, due to defective hardware components. This means that the on-premise model is only economical in scenarios where an in-house server infrastructure is already available.
The advantages and disadvantages of cloud solutions
A cloud solution is thus ideal for smaller companies. The expenditure required to set up a dedicated server – including the cost of hiring internal IT employees or those of a service provider – is eliminated.
At the same time, companies profit from the high degree of scalability. As user numbers rise, requiring more frequent access to authentication and IAM, they do not need to initiate time-consuming measures but can simply purchase additional bandwidth and storage capacity from the cloud provider.
Despite all their advantages, cloud solutions also have certain limitations. This applies in particular if a company works with state contract awarders and must abide by their security requirements – which may forbid the use of cloud providers that store customer data on servers located outside the European Union. Company executives must also always remember that they can neither influence the technical equipment nor any problems and downtimes that occur. In extreme cases, even mirrored and supposedly failsafe servers do not guarantee one hundred percent security. This was demonstrated most recently in March 2021 by a catastrophic fire at a data centre operated by cloud provider OVH, which took 3.6 million websites offline at a stroke.
This is where companies need to play it safe and choose cloud providers that store data simultaneously in two geographically separate data centres located at least 200 kilometres from one another. In the event of fires or natural catastrophes, this multi-cloud model ensures continuous availability of backup copies and a fallback architecture so that authentication and IAM continue to operate without interruption.