Yet another article hit the news recently about a healthcare
data breach affecting 40,000+ patients. Personal information in the form of
medical histories, treatment information, names, Social Security numbers, dates
of birth and other sensitive information were compromised in this breach.
While some recent breaches involve unauthorized external
access to proprietary applications, others involve employee misuse of elevated
access privileges, stolen documents and security attacks such as phishing or
Many enterprises have reasonably mature and stable deployments
of Identity and Access Management today. However, as Jon Oltsik notes
in his recent blog, many of the existing IAM deployments may never have
been designed or implemented as security systems, so security teams are forced
to work within non-ideal constraints.
Compare and contrast that with newer IDaaS products, which
offer Single-Sign-On and Provisioning predominantly for cloud-based
applications. Arguably, the laser focus of enterprises on security and privacy
concerns while selecting cloud-based services has led to a greater emphasis on
security in cloud-based identity services than even on-premises deployments.
This has resulted in many disparate and disconnected
identity deployments across cloud and on-premises. Again, as Jon Oltsik correctly
concludes in his blog, this needs a major multi-year project to overhaul
entire IAM infrastructures. Hybrid deployments are ideal to meet the
ever-increasing need to consume applications in the cloud, while continuing to
serve and maintain on-premise enterprise applications. This requires conscious
planning, design and implementation of a security-reinforced IAM system that
extends seamlessly from on-premises to the cloud, protecting both user access
and application data.
About the Author: Subbu Iyer is Sr. Director, Product Management for Identity
& Access Management products at Oracle. He recently joined Oracle and has a
diverse background spanning networking, security and mobility. Prior to Oracle,
he led Product Management at Bluebox Security, a mobile app security and
analytics company. Prior to Bluebox, he led senior positions at Zscaler,
Juniper and Cisco.