CISSP · Question #1142
A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the f
The correct answer is B. In-house team lacks resources to support an on-premise solution.. IDaaS is typically adopted when an organization lacks the internal resources, expertise, or budget to build and maintain an on-premise identity management solution. It offloads the operational burden to a cloud-based provider.
Question
Options
- AIn-house development provides more control.
- BIn-house team lacks resources to support an on-premise solution.
- CThird-party solutions are inherently more secure.
- DThird-party solutions are known for transferring the risk to the vendor.
How the community answered
(55 responses)- A4% (2)
- B71% (39)
- C9% (5)
- D16% (9)
Why each option
IDaaS is typically adopted when an organization lacks the internal resources, expertise, or budget to build and maintain an on-premise identity management solution. It offloads the operational burden to a cloud-based provider.
In-house development providing more control is an argument for NOT choosing IDaaS, as building a solution internally gives the organization direct ownership but requires significant resources and expertise.
A primary driver for adopting IDaaS is that the in-house team lacks the resources, expertise, or budget to deploy and maintain an on-premise identity and access management (IAM) solution. IDaaS shifts the infrastructure, maintenance, and operational responsibilities to a specialized third-party provider, making it ideal for organizations with limited internal capacity. This allows the company to still implement robust authentication controls without requiring dedicated IAM staff or infrastructure.
Third-party solutions are not inherently more secure; security depends on the specific implementation, configuration, and the vendor's practices, and on-premise solutions can be equally or more secure when properly managed.
IDaaS does not transfer risk to the vendor in a comprehensive legal or liability sense; the organization retains responsibility for its own data and compliance obligations even when using a third-party identity service.
Concept tested: Rationale for adopting Identity as a Service (IDaaS)
Source: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/identity-fundamental-concepts
Topics
Community Discussion
No community discussion yet for this question.