To Build or Not to Build: IGA on ServiceNow

written by
John Milburn
Identity Governance
October 12, 2022

ServiceNow has significantly evolved over the past decade. One only needs to look at the numbers. According to Forrester, ServiceNow allowed for rapidly built cloud solutions to automate high volumes of complex compliance workflows in half the time and at a third of the cost of the next-best alternative. Research from Acorio found that customers experienced a 195% ROI over 3 years using ITSM, ITOM, and Performance Analytics on ServiceNow, enabling $9.7M savings in IT productivity improvements.

What was once seen as a standalone ITSM solution, many organizations now rely on the Now Platform to fuel their digital transformation initiatives. For many, it’s the first place to look for any business workflow that combines large amounts of data with a large network of experienced ServiceNow developers to make that data actionable. Identity governance workloads are no exception, and it's clear why many organizations have migrated to ServiceNow to manage this function.

It’s hard to argue the merits of housing your identity program on ServiceNow, but that’s only half the battle. Organizations will still need to decide whether to build or buy their identity solution within the platform. Thanks to strong workflows and familiar user experiences, the build option is attractive to many. However, when one looks under the hood there are many reasons buying an off-the-shelf solution could be the answer. Here are 4 reasons why we vote to buy over build every time.

The Resources Required

Many traditional software build vs. buy notions remain true in the case of ServiceNow. Two classic flaws of this approach include underestimating the time it will take and overestimating the expertise needed to execute the project. That’s not even the worst of it—the real hidden cost is maintaining and improving the solution over time. What starts off as a three-month project, can easily become a full-time team and technical expertise focused on an initiative that may not be aligned with the company’s mission-critical scope of work. Does IGA on ServiceNow make sense? Absolutely. Does the platform alone provide everything you need for a seamless IGA rollout? No.

Data and Policy

No one will dispute that the Now platform is powerful, but it does not have the native ability to store appropriate data about users’ accounts and entitlements necessary for strong identity security. More importantly, even when data is stored effectively, the platform does not provide the policy objects required to make identity consistent for all. While factors like birthright access and approval policies are powerful weapons against permission sprawl, the platform does not make it easy to create these objects in a way that is repeatable and complementary to existing workflows. This typically results in duplication of effort and exposes risk of variances in policy for different instances.

Connectivity to Managed Systems

Connectivity to up- and downstream systems is crucial for identity governance, and at first blush, ServiceNow’s Integration Hub (IH) can handle this for identity use cases. But at the end of the day, IH spokes are effectively APIs—meaning using them requires significant development work. If an organization needs to govern 20+ applications, this development effort can significantly delay a project. Commercially available solutions provide purpose-built connectors for key managed systems, each requiring configuration, as opposed to development. This equates to less headaches and quicker time to value.

Automation Shortcomings

Automation is a business accelerant, but not all automation is created equal—something especially important to keep in mind regarding identity governance and security. While ServiceNow enables automation, custom solutions are needed for many use cases. For example, prioritizing activities such as offboarding over the long list of onboarding events in the queue can become difficult. This is where OOB solutions shine. At Clear Skye, we spent over a year creating our own automation engine to ensure that the platform can handle any heavy lifting needed for enterprise identity so you don’t have to. Just another feather in the cap on team buy vs. build.

There’s no one-size-fits-all when it comes to building vs. buying an identity solution on ServiceNow, and much care should be given during the decision-making process. However, one thing is pretty cut and dry: if you’re already executing or planning on executing your identity program on ServiceNow, you’re on the right path. In our humble opinion, the value platform-delivered identity can bring is more easily achieved by taking advantage of the great commercial software offerings on the Now Platform. Clear Skye happens to be one of them, so learn more about how we can help with your build vs. buy discovery process here.

share on

Related Posts

Take a Self-Guided Tour

Personalize your own on-demand demo to see how identity security built on ServiceNow works.