The Cloud-based IAM Revolution by Paul Dhanjal (Simeio Blog Series - Ch1)
By Greg Jensen on Jun 05, 2013
One of the most significant advancements in IT in the last few years has been the shift to cloud-based Identity and Access Management (IAM). While the word “revolution” is all-too-often used in IT, arguably it’s the right word to describe the transformation that the cloud brings to identity.
Over the next four weeks, we’ll delve into the details of this revolution, including a look at its impact on how you’ll do business, why change is needed, and what you’ll need to know to make the transition. Let’s get started by looking at the business drivers.
In just a few short years, cloud-based IAM has matured from simple portals offering single sign-on for a handful of Software-as-a-Service (SaaS) applications to sophisticated, comprehensive solutions that integrate seamlessly with virtually any directory service and application – on-premise, legacy or SaaS. They provide automated workflows for user access request submission and review, provisioning and attestation. They enable federation. And they simplify compliance with regulatory mandates.
The cloud model itself comes in a variety of flavors that provide enough flexibility to meet almost any organization’s needs, from public clouds that dramatically lower TCO through multi-tenancy to private clouds that can meet even the most stringent security and control requirements.
The drivers behind this revolution will be familiar to any CXO.
First, CXOs are facing increased pressure to reduce cost and complexity. They’re expected to follow the popular business school advice to “stick to the knitting”: focus exclusively on the core business and jettison everything else. IAM is squarely in the cross hairs, a tempting target for organizations looking to outsource services that don’t offer a clear and direct competitive advantage.
At the same time, IT is now expected to be a business enabler – to help grow the business, not just support it. This requires IT to be more flexible and nimble to meet ever-changing business demands, including the ability to quickly and easily provide employees, partners and customers with secure and role-appropriate access to a rapidly growing and evolving set of information, applications and other online resources.
User expectations, too, are rising rapidly. As users become accustomed to using more and more services online from filing their taxes to sharing their photos, they now expect the convenience of moving seamlessly between multiple services using a single set of credentials – their Facebook or Google accounts, for example.
Add to the mix the growing security, compliance and regulatory mandates tied to identity, and the challenge can seem insurmountable.
Thankfully, the cloud has offered us a clear path forward. The benefits are just as clear.
First, the cloud delivers on the promise of outsourcing: reducing capital strain and freeing the business to focus on its core competencies. It eliminates the large investment required to stand up an IAM infrastructure: the hardware costs, in many cases the software licenses, and all the configurations and integrations in between. It eliminates ongoing maintenance and upgrade costs, too.
Many cloud-based IAM solutions offer on-demand services with pay-as-you-go pricing – you get and pay for the capability when and only when you need it. They also significantly reduce operational costs so that companies have the benefit of automated IAM without the costs of implementing and maintaining an in-house IAM infrastructure.
In addition to the rise of secure and reliable ISO 27001 compliant data centers and complete, enterprise-ready solutions such as Oracle Cloud Computing, standards-based protocols have dramatically reduced the risk of making the leap to cloud-based IAM. As the saying goes, “the nice thing about standards is that there are so many to choose from.” While many of the first cloud-based IAM solutions seemed to add more to the list, today we’re seeing a real convergence toward a small set of widely adopted standards that have made implementation and integration remarkably easy, including REST-based APIs, OAuth, SAML and OpenID Connect.
While some dive in headlong, many dip their toe in the water with quick-win implementations – to address rising costs for password management by offering self-service, for example – and then progress through provisioning into a handful of core identity systems, synchronization of passwords between authoritative system, etc. This approach often allows the organization time to see that identity can be leveraged as a service for other business needs.
A large financial institution, for example, mandated that all its lines of business use a centralized in-house identity governance solution, then charged each LOB to use the service. This could be done only with a service approach to identity, which became possible once the beachhead of self-service password management had been established.
In our next post, we’ll explore the reasons why organizations must make the transition to new, cloud-based IAM models if they hope to compete in a world where business has moved online. For more information on the services and offerings at Simeio Solutions, you can learn more by going to www.simeiosolutions.com