Skip to main content
IAM vs. CIAM CIAM Buyer's Guide Contact Us
Janrain respects your privacy and will treat the personal data you choose to share with us in accordance with our privacy policy.

Customer identity management: build vs. buy (Part 3)

By Greg Griffiths | Posted on July 09, 2018

How to build IAM or CIAM

Welcome to the final installment of our investigation into the options your own customer IAM solution or purchasing a solution from an enterprise CIAM vendor. Build or Buy? In part two, we detailed many of the inherent challenges of building a customer identity management platform from scratch. In this, the third and final part of this series, we'll look at some of the key factors to consider when buying a CIAM solution.

Download our free eBook - Build vs. Buy? A Guide for Customer Identity and Access Management (CIAM)

Can an employee IAM system be repurposed as CIAM?

In their search for a viable CIAM tool, business decision-makers will often consider repurposing employee IAM systems to support customers. It's tempting to conflate the capabilities of IAM and CIAM, but some key differences exist.

Traditional IAM tools are designed with employees in mind, limited to a set number of users and permissions. They may need to scale up to a certain degree to meet the demands of an expanding business, but there's a ceiling on that growth. Meanwhile, customer-focused IAM platforms have to account for a theoretically infinite number of identities across various touch points. In an enterprise or worker IAM environment, users and identities are matched at a 1:1 ratio and “identities” are created by a central support team. In the world of customer IAM, users create their own identities, have the ability to login with a social media account (e.g. Facebook, LinkedIn) and can create multiple identities. The difference capacities in terms of scalability and ability to deliver consistent performance through spikes in traffic are core differentiators between CIAM and IAM.

Another key difference between the two models is that every user in an IAM environment is easily recognizable, whereas a CIAM solution must support both known and unknown users. That presents unique security challenges as well - challenges that a traditional IAM platform would be poorly equipped to manage. Any IAM user is assumed to be trustworthy since each one is a company employee. CIAM users could be anyone without any manner of intentions. Even innocuous behavior like an individual falsifying his or her registration information can be problematic since it inhibits customer engagement efforts.

Employees are largely resigned to use whatever login and authentication solution is used by their organization - accordingly, employee IAM does not need to provide the same degree of performance and availability as customer-facinging IAM. CIAM needs to always (1) be available and (2) provide a seamless and responsive customer experience.

Because of the demands of scalability, the need to manage known and unknown user access, and the challenge of providing the best possible user experience, purpose-built, cloud-native CIAM platforms - like the Janrain Identity Cloud - have the clear advantage over systems that were designed primarily for employee use.

Cloud or on-premise customer identity management

Where your CIAM software will live is an important consideration to make when buying a dedicated platform. The three options are on-premise, hosted and cloud-native.


On-premise CIAM platforms run on a company's own hardware in one of its data centers. Going this route provides a degree of control over the customer identity management solution, but it requires significant additional costs to operate data center equipment and maintain the highest levels of performance. Another concern is that, depending on an organization's data center footprint, it may not have adequate redundancy and failover capabilities in the event of a disaster, outage or disruption.


A more cost-effective approach is to deploy a hosted customer identity and access management solution. The hosted service provider shoulders the operational costs that are associated with on-premises software deployments. When executed well, these Identity-as-a-Service platforms minimize expenses while offering considerable scalability and redundancy capabilities.

Businesses need to be careful to scrutinize hosted platforms as they may be nothing more than retooled IAM systems being hosted in the cloud. As such, these "pseudo-cloud" solutions are unable to maximize the benefits of a cloud-based deployment.


A truly cloud-native customer identity and access management platform opens limitless scaling possibilities as well as resource-sharing options that help minimize operating expenses. These platforms may be deployed in a multi-tenant or single-tenant cloud environment.

It's good practice to ask your CIAM solution provider about their cloud architecture to determine the level of security, scalability and redundancy you can expect from your deployment. Also, if you serve customers across multiple brands or geographies, learn whether your vendor’s global data footprint aligns with your needs. Thoroughly review vendors' service-level agreements and check that guarantees related to uptime and availability meet your operational requirements.

Although every situation is unique and different companies have their own set of must-have features they're looking for in CIAM software, the inherent strengths of buying a customer identity management platform far outweigh building one with an in-house team.

Regardless of which path a business ultimately takes, there are numerous considerations that need to be addressed and accounted for to guarantee a seamless, successful implementation. Working with a solution provider that offers a consultative approach can help companies find answers to all of their CIAM questions before signing a contract. That way, businesses can do their due diligence and find the best tool for their needs.

To find out more about the benefits of buying a CIAM platform, download our eBook Build vs. Buy - A Guide for Customer Identity and Access Management (CIAM).

Popular Posts

About the author

Greg Griffiths

Greg Griffiths

Sr. Product Marketing Manager

Greg Griffiths brings more than 15 years' experience marketing SaaS solutions in the enterprise IT, publishing and education arenas to Janrain as our Senior Product Marketing Manager. Greg drives much of Janrain's content and works across groups to ensure cohesive and articulate presentation of how our products and services align with the needs of our clients and the larger market. An analytics geek, Greg also steers much of Janrain's internal SEO and conversion initiatives, as well as new product launches. 

When Greg is away from our Portland office, he's likely enjoying time with his kids, near a trout stream, in a hammock, with a Faulkner novel close by ... probably all four at the same time.

View all posts by Greg Griffiths