September 29, 2016 By Anna Seacat 3 min read

Identity and access management-as-a-service, also known as IDaaS or cloud IAM, is becoming the go-to solution for CIOs, CISOs and CTOs struggling to keep up with the rapid advancements and changes in cloud, mobile and social. But because identity and access management (IAM) touches every corner of an organization, adopting cloud IAM is not a decision that these C-level professionals take lightly. Choosing the right IDaaS provider is paramount.

IBM Executive Dishes on IDaaS

The office of the IBM CIO recently made critical decisions around cloud IAM and IDaaS vendors. In the interview below, William Tworek, an executive architect in the office of the IBM CIO, described his team’s decision to adopt cloud IAM and how his team evaluated the various IDaaS providers.

Question: Bill, thank you for being willing to share your experiences in adopting cloud for your IAM environment. Before we jump into that, can you please share with us a bit about your role at IBM?

Tworek: At the time of this effort, my role was essentially as the CTO for IBM’s corporate identity and access services. My job was to update IBM’s approach in the identity arena to help accelerate IBM’s embrace of the cloud, both internally for its employees and externally for its customers and partners.

Can you please share more details about the challenge your team was facing and why it led you to consider cloud-based identity and access management?

As with most companies, our legacy identity services were behind the corporate firewall and based on older authentication techniques and protocols. Such services were also beginning to frustrate both our users and developers. They had become aged in terms of their end user experience, and a bit bureaucratic and process-driven in ways that slowed their adoption.

We quickly realized that to support the cloud, we needed our identity services themselves to move to the cloud. This was the only way we would be able to keep up with the velocity of change that occurs with a shift to the cloud, as well as the typical agile and DevOps practices that come with it.

Once you realized cloud IAM was a good fit for your needs, what selection criteria did you use to judge the various IDaaS vendors?

Once we decided to move to the cloud, our requirements really became those typical for any cloud effort. Speed of delivery and execution, a truly modern and mobile-friendly user experience, self-service adoption for our project teams and state-of-the-art security options were all key focus areas.

Which IDaaS providers were you formally considering? Why did IBM’s very own enterprise-level cloud IAM stand out as the best solution?

We considered all the leading players in the IDaaS industry and performed proof-of-concept efforts/pilots with many of them. Ultimately, what made IBM’s own IDaaS [Cloud Identity Service] stand out was the flexibility that the solution provides around authentication and security policies. Many cloud IAM products could deliver on our general cloud agility requirements, but finding the needed security options was much tougher.

We knew that externalizing our corporate authentication services would only be feasible if we could do much more than just authenticate the user. As identity becomes one of the sole security control points in the cloud, we needed to perform many other analytical and policy-based security checks at the time of auth. We found that only IBM’s Cloud Identity Service provided us with the needed flexibility and extensibility in this area.

Can you please share some immediate results you experienced after deploying Cloud Identity Service?

We went from onboarding less than 100 projects a year with our legacy corporate authentication services to onboarding literally thousands of projects virtually overnight with Cloud Identity Service. Even more, we did this while dramatically improving end user satisfaction and improving the security of our enterprise.

By using Cloud Identity Service, my team could focus purely on automating adoption, implementing the security policies desired and innovating on design-led user experiences — versus needing to worrying about the details of running an identity service.

Next Steps

Congratulations to the office of the IBM CIO for their successful adoption of IDaaS. If you are wondering how cloud-based IAM can reduce your costs and accelerate your business initiatives, visit the Cloud Identity Service website.

Get the IDaaS Buyer’s Guide

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today