Security and risk (S&R) executives must manage identities and control access to sensitive applications and data because of security and compliance requirements — and they need to do so as effectively as possible. S&R pros can carry out identity and access management (IAM) processes using a combination of the following approaches: 1) a manual IAM process; 2) a “build your own” on-premises IAM system; 3) a commercial off-the-shelf (COTS) on-premises IAM solution; and 4) an IDaaS. This tool helps S&R executives quantify the cost and benefits for each of the above scenarios to determine which one provides the best return on investment (ROI).