Identity and access management-as-a-service, also known as IDaaS or cloud IAM, is becoming the go-to solution for CIOs, CISOs and CTOs struggling to keep up with the rapid advancements and changes in cloud, mobile and social. But because identity and access management (IAM) touches every corner of an organization, adopting cloud IAM is not a decision that these C-level professionals take lightly. Choosing the right IDaaS provider is paramount.
IBM Executive Dishes on IDaaS
The office of the IBM CIO recently made critical decisions around cloud IAM and IDaaS vendors. In the interview below, William Tworek, an executive architect in the office of the IBM CIO, described his team’s decision to adopt cloud IAM and how his team evaluated the various IDaaS providers.
Question: Bill, thank you for being willing to share your experiences in adopting cloud for your IAM environment. Before we jump into that, can you please share with us a bit about your role at IBM?
Tworek: At the time of this effort, my role was essentially as the CTO for IBM’s corporate identity and access services. My job was to update IBM’s approach in the identity arena to help accelerate IBM’s embrace of the cloud, both internally for its employees and externally for its customers and partners.
Can you please share more details about the challenge your team was facing and why it led you to consider cloud-based identity and access management?
As with most companies, our legacy identity services were behind the corporate firewall and based on older authentication techniques and protocols. Such services were also beginning to frustrate both our users and developers. They had become aged in terms of their end user experience, and a bit bureaucratic and process-driven in ways that slowed their adoption.
We quickly realized that to support the cloud, we needed our identity services themselves to move to the cloud. This was the only way we would be able to keep up with the velocity of change that occurs with a shift to the cloud, as well as the typical agile and DevOps practices that come with it.
Once you realized cloud IAM was a good fit for your needs, what selection criteria did you use to judge the various IDaaS vendors?
Once we decided to move to the cloud, our requirements really became those typical for any cloud effort. Speed of delivery and execution, a truly modern and mobile-friendly user experience, self-service adoption for our project teams and state-of-the-art security options were all key focus areas.
Which IDaaS providers were you formally considering? Why did IBM’s very own enterprise-level cloud IAM stand out as the best solution?
We considered all the leading players in the IDaaS industry and performed proof-of-concept efforts/pilots with many of them. Ultimately, what made IBM’s own IDaaS [Cloud Identity Service] stand out was the flexibility that the solution provides around authentication and security policies. Many cloud IAM products could deliver on our general cloud agility requirements, but finding the needed security options was much tougher.
We knew that externalizing our corporate authentication services would only be feasible if we could do much more than just authenticate the user. As identity becomes one of the sole security control points in the cloud, we needed to perform many other analytical and policy-based security checks at the time of auth. We found that only IBM’s Cloud Identity Service provided us with the needed flexibility and extensibility in this area.
Can you please share some immediate results you experienced after deploying Cloud Identity Service?
We went from onboarding less than 100 projects a year with our legacy corporate authentication services to onboarding literally thousands of projects virtually overnight with Cloud Identity Service. Even more, we did this while dramatically improving end user satisfaction and improving the security of our enterprise.
By using Cloud Identity Service, my team could focus purely on automating adoption, implementing the security policies desired and innovating on design-led user experiences — versus needing to worrying about the details of running an identity service.
Next Steps
Congratulations to the office of the IBM CIO for their successful adoption of IDaaS. If you are wondering how cloud-based IAM can reduce your costs and accelerate your business initiatives, visit the Cloud Identity Service website.
Get the IDaaS Buyer’s Guide
Senior Business Analyst - Enterprise IoT IBM Security