Cloud Security Perspectives and Insights

Addressing Perennial IAM Challenges with Managed Security Services

Greg Jensen
Sr Principal Director - Security - Cloud Business Group

Authored By: Christina Richmond, IDC Program VP WW Security Services

In the previous two blogs, we looked at the challenges of securing hybrid IT and how managed cloud security can benefit the organization. In this blog, we’re going to drill down into managed identity and access management, which in today’s digital world is key to security survival.

Let’s face it, the network perimeter has become identity- and data-based, and no longer locked down by firewalls and intrusion-detection appliances. Moreover, the challenges of securing identity are legendary. Add to this that we now have computing environments spanning on-premises, cloud, and multicloud environments. Given this new complexity, existing security controls such as authentication, authorization, and identity management must work in both the private and public cloud.

When handling identity security internally within an enterprise, there are two options for integrating hybrid security protocols: 1) replicate controls in both public and private clouds and keep security data synchronized, or 2) use an identity management service that provides a single service to systems running in either cloud. Be sure to allow time during the planning and implementation phases to address what could be complex integration issues.

But if you don’t want to go solo, managed identity can assist with planning and integration, as well as the operational efficacy of an identity and access management program.

Escalating numbers of internet-facing applications and services expose the business to greater risk. Securing the data at rest and in motion is only one piece of the equation; effective identity management is the other. A key component of identity and access management (IAM) is making sure users are minimally impacted and that solutions are tailored to the organization’s needs. The last – but by no means the least – necessity is visibility into regulatory compliance controls. To bring these requirements into one solution, it must have the following basic components:

  • Single sign-on (SSO) and visibility into authentication
  • Centralized identity management
  • Threat and anomalous behavior alerts
  • Admin-friendly management dashboard
  • User account management
  • Compliance reporting
  • Simplified identity management across the entire lifecycle

Today, 40% of respondents in the IDC Cybersecurity Pulse Survey outsource their IAM to a service provider and another 22% are evaluating their future investment (see chart). And, nearly 40% will increase their spending on IAM and another 50% will keep their budget about the same, but not decrease it.

When we look specifically at managed cloud security services, over 21% of respondents would require IAM to be included in an engagement for cloud security.

But interestingly, one of the very reasons you might consider outsourcing IAM is also an inhibitor—assistance with regulatory controls. Over 22% of respondents in IDC’s Managed CloudView survey are concerned about provider governance and management capabilities, and possible inability to meet SLAs. Sometimes management is opposed to outsourcing (22.8%). Just under 22% of respondents state that regulatory factors are an impediment. However, given the complexities of today’s IT infrastructure, it’s exceedingly difficult to gain compliance visibility across all platforms. This is exactly why outsourcing could help solve the regulatory conundrum.

In our next blog we’ll discuss how to choose the right MSS partner to use. To learn more about Oracle Managed Security Services and how MSS can help you, visit our website.

Monday, October 22nd @1:45pm PST, we will be live from Oracle OpenWorld with IDC's Christina Richmond and Oracle's Rohit Gupta to hear their perspectives about the security challenges Oracle's customers are dealing with as they shift their workloads to the cloud. Follow both Christina, Rohit, @OracleSecurity and Greg below to stay on top of the latest information related to this IDC live Periscope interview. 

Follow Christina Richmond @Xtina_Richmond

Follow Rohit Gupta @Roh1

Follow Greg Jensen @GregJensen10

Oracle Security @OracleSecurity

If you are attending Oracle OpenWorld in person, join us at on Tuesday, Oct 23, @4:45 pm for the session Secure Your IT Services with Oracle Managed Identity Cloud Services.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.