RSS

Why Outsource Your Auth System and How to Sell the Decision to Your Company

mooreds1 pts0 comments

Why Outsource Your Auth System And How To Sell The Decision To Your Company | FusionAuth Docs

/ Articles

Light<br>Dark<br>System

Log In

Get a demo

Open main menu

Why Outsource Your Auth System And How To Sell The Decision To Your Company<br>By Joe Stech

You're a software engineering leader, and you're great at your job. You know that the optimal path for software development lies in figuring out which components of your design to implement from scratch and which have already been implemented by specialists and can be reused.

You also know that these aren't decisions that you can only make once -- you have to keep reevaluating based on environment changes and the needs of new products.

Authentication is one of those components that you deal with all the time. Auth is a necessary part of any software product, but how you implement auth is not necessarily always the same. Careful consideration is needed, because your decision to outsource will not only impact speed of development, but also long-term product maintenance -- you don't want to slow down time to market because you re-implemented an entire auth system unnecessarily, but you also don't want to use an auth system that is going to cause problems down the road.

Auth outsourcing considerations#

What are the primary considerations when making an outsourcing decision, especially around a component as critical as your identity management system? This document is a blueprint for both what you should consider as well as who to get on board if you decide using a third party auth provider makes sense.

Speed to market#

This is the most obvious consideration. Depending on the features you need, it could literally take months to implement auth in-house, whereas it could take less than a day to incorporate an outsourced solution.

You could say "but what if we only need a bare-bones implementation? Some salted hashes in a database and we're good to go!" That's a totally valid point, and if you don't anticipate needing sophisticated auth features then your best bet might be to do a quick in-house implementation and move on.

However, time and time again I've seen product developers underestimate the sophistication of features that will be required when their userbases grow. Most of the time development organizations then fall prey to the sunk costs fallacy and double down on augmenting their in-house solution, even when it may be more efficient to abandon the home-grown effort and replace it with an outsourced solution. This will cause huge issues for maintainability, which I'll talk about further below.

Consequences of an auth breach#

Planning for the worst possible case can prevent total financial ruin for your company or division. If a breach of security happens and PII (Personally Identifiable Information) is leaked from your in-house auth system, it can not only cause your company reputational damage but also significant financial penalties (not to mention potential jail time if you try to cover up the breach).

If you outsource your auth system you can limit your liability, and also protect your reputation -- if there is a breach on your auth provider's side, it's likely that the breach will extend beyond your company. A breach in an outsourced auth provider that is used by many different companies will be big news, and customers will be more likely to forgive you for making a mistake in your choice of auth provider than for implementing a poor auth system yourself.

A not-insignificant addendum is that I believe your in-house system is much more likely to suffer a breach than an outsourced provider who is an expert in security. I have no studies to support this claim, but I have never seen a major auth provider compromised, and I've definitely seen companies suffer breaches due to their own in-house auth implementations -- this article discusses a compilation of 21 million plaintext passwords collected from various breaches wherein passwords were not hashed and salted by auth systems.

Properly storing passwords is an incredibly low bar, and yet companies that manage their own auth still do it incorrectly all the time.

Consequences of an auth outage#

While less damaging than breaches, outages can still cause reputational damage and liability issues if your SLAs make uptime guarantees. Similarly to breaches, if you outsource your auth system it's likely that any auth outage will extend beyond your company.

As an example, when Microsoft's Azure Active Directory (AAD) went down for a good portion of the afternoon late last year, logins for applications across the internet stopped working.

When your competitors' authorization systems are down at the same time yours are, nobody blames you for it, but when you're the only company having issues, you suffer reputationally. No matter what your outsourced auth system is (FusionAuth, Cognito, Azure AD/Microsoft Entra ID, etc), you can be almost certain that you won't be alone in the event of an...

auth system company time breach outsource

Related Articles

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times

PopuLoRA: Co-Evolving LLM Populations for Reasoning Self- Play

AMavorParker8 ptstasks model training self populora play

Old Reddit Is Down

Crunsher7 ptsdata autoplay videoplayerelement comments function false

The ultimate female fantasy – A feminist critique of Beauty and the Beast

muge6 ptsbeast story paglia beauty older butler
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.