How to mitigate risk when your auth vendor gets acquired
Authentication is an integral part of your application, and as such the acquisition of your auth vendor isn’t like other acquisitions. It could mean many things for your business, and you’ll have to decide how to respond accordingly.
This blog post is an excerpt from What to Do When Your Auth System Vendor Gets Acquired.
Will your new provider give you the same support? Pricing? Integration options? All of these might change for better or for worse.
While clearly an acquisition is cause for concern, it might not be all bad. In this article, we’ll examine how to mitigate some of the issues that arise when your auth system vendor is acquired.
Review your contract
Not the most exciting first action, but it’s important to know what changes your auth provider can make. Find the contract you signed with your vendor and review it.
It’s also important to think about how this contract might be expected to change. Get clarity and get yourself ready.
Review your usage
Take a close look at how your business solutions integrate with and use your auth vendor’s services right now. Figure out the features you use that are absolutely crucial and which of them are proprietary features.
Are they following standard auth protocols? How many of your apps are using this vendor? At a minimum, answering these questions will keep you well informed should you need to migrate to another vendor.
Talk to your account manager
It’s time to talk to your account manager about your business relationship. Give them a call or an email and try to negotiate a long-term contract that will protect your business interests and guarantee a level of stability. The research into the contract you did previously? Now it the time to reference it.
Don’t forget to ask about migration timelines while you’re at it, so you know how soon you need to be prepared and for what changes.
If you don’t have an account manager, send an email to the sales or support team. They may send you elsewhere, but are a good starting point.
Evaluate What It Would Take to Switch Vendors
Budget dev team time to look into other options in case it becomes necessary to move. Discuss the possibility with your partners or stakeholders, touching base with everyone you discussed the issue with during the initial decision process, so that everyone understands what it would take to make the switch.
Even if you stick with your vendor through the acquisition, at least now you know more, and you’re prepared for whatever comes afterward.
Consider Impact to Current or Planned Projects
There’s never a perfect time for a huge change to your auth system. What current projects will be impacted, for better or worse? Do you have projects in the planning stage that will have to be reimagined due to new standards or a different set of features?
It’s best to discuss this with your stakeholders, again so that everyone is on the same page and has consensus about priorities.
Consider Other Options
If the changes are disruptive enough, you may decide you don’t want to use third-party solutions anymore. You have a few other options:
- Use a non SaaS solution: SaaS solutions are great, but if you use a non-SaaS solution, where you host it yourself, you have far more control over any changes to functionality. You may have to upgrade for security or contractual reasons, but you’ll be able to do it on your timeline, not the acquirer’s. FusionAuth can be self-hosted and has a community version that is free for unlimited users.
- An open-source solution: You’ll still have to manage your own source code. You’ll just be using a free and community-driven solution like Gluu, Keycloak, or OpenIAM. Your team will have to explore these projects and choose the one that works best for your system.
- In-house custom build solution: In some rare cases, none of the available solutions will be a good fit for your organization, and you’ll decide to build a custom auth system for your product. This will require more resources to achieve but of course, when completed, you’ll have a solution that works best for you. Further, such a choice can be fine-tuned with more features in the future at your will (and expense)–something you won’t get anywhere else.
To learn about more about vendor acquisitions, such as short-term and long-term benefits and risks, read What to Do When Your Auth System Vendor Gets Acquired.
*** This is a Security Bloggers Network syndicated blog from The FusionAuth Blog authored by The FusionAuth Blog. Read the original post at: https://fusionauth.io/2021/06/22/mitigate-acquisition-risks-auth-vendor-excerpt/