When it comes to identity management strategies, a cloud transformation is underway: More and more companies and software providers are evolving from the traditional on premises Identity and Access Management (IAM) solutions to a hybrid cloud model.  Say hello to Identity as a Service (IDaaS).

The IAM market is evolving. We are clearly seeing an evolution from the traditional on-premises, internally-managed deployment of IAM software to a world where companies find themselves managing identities and access both on-premises and in the cloud – meaning they are running a “hybrid” enterprise (whether they realize it or not). At a time when companies are making significant investments into digital transformation projects such as cloud migration, the market is steering toward IDaaS as the next required step to help these companies reduce their exposure to risk that comes from disjointed, ad hoc identity and access controls that can quickly fall outside of compliance and policy requirements.

Identity as a Service (IDaaS) is defined as “an authentication infrastructure that is built, hosted and managed by a third-party service provider,” according to TechTarget. That is a succinct definition, but in truth the notion of IDaaS includes an identity governance service, an authentication service and a directory service for the cloud.

Momentum toward IDaaS is building as business imperatives steer more IT assets to the cloud. According to Gartner’s latest Magic Quadrant for Identity and Access Management as a Service, Worldwide, “40% of identity and access management (IAM) purchases will use the identity and access management as a service (IDaaS) delivery model by 2020, up from just 20% in 2016.” Nearly seven of ten organizations are increasing their budgets for this evolution, with 28 percent reporting a “strong” increase, according to survey research on IDaaS from Capgemini. With users relying upon an ever-proliferating number of devices and methods – most relying on some degree of cloud-enabled technologies – to access enterprise IT systems, 84 percent of survey respondents consider support of this access as a “high” or “very high” priority. Yet, just one of five says they can manage the various types of authentication mechanisms used and user security levels needed with their current resources.

So how do you know whether your company should be making the transition? For now, it all comes down to your size.

For larger enterprises – let’s say Fortune 1000 companies – a hybrid approach works best. They will need to stick with traditional IAM on-premise “Identity Governance” provisioning and certification for their business solutions. For purely technical SSO, authentication and password management, they can move to the cloud with IDaaS.

Why? Because IDaaS solutions are billed on a monthly or annual “per user” basis. As the organization grows, the cost to deploy IDaaS in the cloud grows, to a point where CIOs can’t justify the expense of migrating a large range of business functions to their CFOs. IDaaS isn’t mature enough to scale for this purpose. On the other hand, pricing is much more affordable for tech functions previously handled on-premise through IAM.

This leaves midsized and small companies as primary candidates for “right now” IDaaS adoption. They’d serve themselves well by hiring a managed services vendor to do this, taking IAM off of the hands of internal staff. Because these businesses are smaller, per-user billing isn’t such an issue.

Before long – as vendor presence and maturity in this market grows and pricing models evolve – large enterprises will be able to buy in. Yes, they will have to make a considerable investment to transition the identity/access management of most or all of their business functions to the cloud. But the reduction of internal expenses for staffing will largely offset this. Frankly, IAM requires a very specific skill set. Talent is scarce and, because it’s scarce, IAM pros can leverage the demand to command higher salaries. When CIOs can demonstrate to CFOs that IDaaS will improve the quality of identity/access management services while eliminating internal IAM staffing costs, a substantial migration will take place.

When it does, CIOs must conduct thorough due diligence in hiring a vendor, who will have “keys to the kingdom” control over mission-critical business data/informational assets. CIOs need to ask many questions about who is managing their data and how it will be managed and where / how is the identity data stored.

The transition will be a “walk,” not a sprint. It wasn’t long ago, after all, that C-Suite leaders weren’t exactly sure what the cloud was. Today, the cloud is as common as any business term. Similarly, the IDaaS market will expand. Vendors will get smarter, learning by their successes and mistakes, and lowering total cost of ownership in the process. That’s when IDaaS will emerge as a viable and appealing option for all organizations – paving the way for the next chapter in the digital revolution.

A version of this article was also published on Cloud IT.