Cloud identity and access management (IAM) is quickly becoming a cost-effective and flexible model for modern IAM programs. According to the “2018 Gartner Magic Quadrant for Access Management,” by 2022, identity-as-a-service (IDaaS), also known as cloud IAM, will be the chosen delivery model for more than 80 percent of new access management purchases globally, up from 50 percent today.

Reducing the complexity and cost of managing and operating legacy, on-premises IAM programs often drives the need to move to a modern, cloud-based IAM architecture. Many organizations have quite a bit of technical debt: Their investment in IAM infrastructure is too low to keep their solutions up to date over time, and the cost of upgrading these on-premises deployments becomes prohibitive. As a result, cloud-delivered functionality becomes an attractive way to complement, augment and even replace legacy IAM functionality that is weighed down by this technical debt. Not to mention the many benefits to migrating IAM functionality to the cloud, including cost-efficiency, flexibility, faster deployments and simplified operations.

However, there are some significant challenges associated with moving to a cloud IAM solution, especially for larger organizations with complex operations, IT landscapes or organizational structures. Adapting to a technology platform with less room for customization requires trade-offs to make it the right solution for your organization, and your organization and IAM resources have to execute things differently than how they’re used to.

Your organization will need to plan, design, deploy and operate a cloud-based solution, often alongside existing architecture, in a hybrid manner, so the IAM processes and security policies will be completely different. These new challenges can depend on the requirements of your core IAM team, stakeholders and end users.

With all that in mind, let’s explore some steps you can take to make your transition to cloud IAM easier.

Find the Right Cloud IAM Strategy

To identify the right cloud IAM strategy for your organization, you will need to balance the requirements of many different stakeholders. First, many security and IT executives across industries are defining cloud initiatives for their organizations — these are the directives that govern how IT should navigate the evolution of its ecosystem, and they can look different for every organization. These initiatives are often shaped by compliance requirements, the privacy requests of strategic partners and other third parties, and the organization’s overall business strategy.

Next, understand the needs and expectations of your various user populations. Any major technology change in your organization will likely impact the way your end users access their resources, how IAM administrators perform identity management workflows and how auditors receive reports, just to name a few. That’s why you need to make sure any solution you design addresses these users’ most important requirements if you want to see successful adoption. This focus on user outcomes and how they relate to business goals is what drives Enterprise Design Thinking.

Lastly, these requirements must be balanced against the realities of your current business processes and IT architecture. Many organizations have requirements for IAM workflows, including approval, provisioning and onboarding, that drive heavy customization of the legacy on-premises architecture. Often, these customizations are no longer available in cloud-delivered services and teams must decide whether to keep these capabilities on-premises or adapt their business processes to the realities of the cloud-delivered tools. Many cloud-delivered solutions also have limited support for custom legacy deployments, which may make it difficult to integrate things like on-premises custom apps. In these situations, it’s important to assess the current IT landscape and build a technical solution to meet requirements.

Learn how to build and deploy a cloud IAM solution

After you know the answers to these questions, you can identify which IAM capabilities will stay on-premises and what will be delivered in the cloud and create a future-state, programwide architecture. For example, access management functions such as federated single sign-on (SSO) and multifactor authentication (MFA) may be delivered from the cloud, and functions like role management and provisioning might remain on-premises. It all depends on the requirements and feasibility of what can be migrated to the cloud.

Design and Deploy a New Cloud IAM Solution

There may be pressure from business leaders to migrate to the cloud as soon as possible to lower infrastructure costs and overall technical debt. But to do so without disrupting business operations and risking the success of the project requires a thoughtful approach to designing and deploying the right cloud IAM infrastructure.

First, stay closely aligned with users to make sure their requirements are captured at each phase of the project to help the technical teams design a phased project approach that is minimally disruptive to these users. Like in the previous step, Enterprise Design Thinking can help uncover these user needs and ensure they stay top of mind.

Second, leverage prebuilt use cases following industry best practices to help speed up deployment efforts and deliver a secure and usable solution. Combined with an agile approach, this can speed up the delivery of functionality.

Lastly, prioritize a rollout schedule to deliver success early. A good practice is to start with the easy integrations, such as SSO for Security Assertion Markup Language (SAML)-enabled software-as-a-service (SaaS) apps, to build trust in the project and keep stakeholders engaged and invested in its success.

Continuously Improve and Optimize Your Cloud IAM Solution

A successful transition to cloud IAM requires ongoing, day-to-day management of your new solution. These efforts should focus on driving continuous improvement in the new environment. An organization cannot simply adopt a set-it-and-forget-it mindset. As it expands its footprint, the IAM team should focus on prioritizing integrations and onboarding new assets in the new cloud-based IAM environment.

It’s important to consider how the organization will retrain and redeploy its IAM talent. Resources with traditional on-premises experience will need training and development on new cloud-based IAM architecture and processes. Especially during periods of dramatic technology transition, there is always a risk that employees will leave.

Therefore, it’s important to set up clear roles and responsibilities tailored to the skill sets of your current IAM talent. In doing so, you may help mitigate the loss of these important and limited resources for your organization.

Services such as IBM Cloud Identity and Access Management Services can facilitate a smooth IAM program transformation by helping security teams find, deploy and operate the right cloud IAM strategy and tools regardless of their deployment model. This insight enables IAM and security managers to focus on user outcomes, accelerate cloud IAM deployments and their integration with existing IAM processes, and optimize and continuously improve overall IAM operations.

Learn how cloud IAM can be the key to your digital transformation

More from CISO

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…

Laid Off by Big Tech? Cybersecurity is a Smart Career Move

Big technology companies are laying off staff as market conditions change. The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years. As noted by Stanford…