The times are changing, and many CIOs and CISOs are blowing away the cobwebs on their legacy identity and access management (IAM) programs and considering a move to identity and access management-as-a-service (IDaaS). Whether driven by the growing menace of attacks via identities, increasing compliance mandates or the expanding needs of end users for easy and frictionless access to their data, security leaders realize that a move to IDaaS is key to achieving critical business objectives that are relevant to every high-performing organization.
IDaaS solutions offer great benefits over on-premises deployments. They can breathe new life into legacy IAM systems, building upon these solid foundations to surface as new and improved IAM features. But many CISOs are concerned that their organization may not be ready to deploy an IDaaS solution.
When considering a move to IDaaS, a little preparedness goes a long way.
Come as You Are
No matter what software you use on-premises, what version you have and what platform you use, you can move directly to the cloud now. Technology readiness is not an issue: Many cloud-based IAM solutions are adapted to a come-as-you-are scenario. Any company moving IT to the cloud for any purpose should plan on using IAM in the cloud as well.
That’s not to say there won’t be complications. Planning and preparation are required to ensure a smooth migration. But the end result, moving IAM to the cloud, is well worth the investment and provides a predictable monthly expense with few surprises.
Cloud IAM can be used either to replace an existing on-premises IAM system or to extend an existing on-premises IAM solution. Hybrid scenarios in which cloud IAM is used as an extension are common.
When deciding whether to move specific IAM workloads to the cloud, important considerations include complexity of the applications being integrated, complexity of the business processes around the application integration and the extent of the desired direct control over the identity and access workload.
Another key factor to consider in a cloud IAM move is available assistance. Some cloud IAM suppliers are self-service only, leaving you on your own when integration challenges arise. If your situation has unique integration requirements, look for a team that can guide you through the effort and provide the necessary integration expertise for your on-premises enterprise applications.
Preparing to Move to IDaaS
Organizational culture and governance are always factors when it comes to adopting cloud IAM. A cloud-based IAM with single sign-on (SSO) can provide a way for companies to gracefully fold shadow IT. Providing SSO to all company applications is a powerful incentive for users, and as such it brings all those cloud services that users and departments have implemented without prior permission back under organization control.
A cloud-based IAM solution will also support other cloud initiatives already in place or planned, so it is a natural step for IT leaders as they try to regain some control over the usage of cloud applications.
Another factor is comfort. Companies accustomed to doing things in-house have to give up a small share of control to take advantage of a cloud-based IAM solution. But when you factor in the lowered costs and higher service levels, the business case is far too compelling to ignore.
Without a doubt, planning is key when moving from on-premises to the cloud, and the transition requires skilled and knowledgeable business staff. But the upfront preparation and work that goes in to this data migration is well worth it in the end.
Take an organization of over 15,000 employees, for example, that is considering moving from one on-premises product to another, or even moving from an old version of a product to its current version. Depending on how organized the IT team is and how well the policies are documented and developed, the average rollout can take a considerable amount of time; six months or more is a common figure.
Conversely, migration to a cloud-based IAM product can happen much faster. In our experience with IBM’s own IDaaS solution, Cloud Identity Service, moderately complex migrations can be done 75 percent faster than on-premises deployments, including set up of identity data feeds, protection of websites, initial federations, DNS considerations and testing, with 95 percent of the work done remotely. Preparation is key, but on-site impact is limited.
It must start with a team working with the business to identify all data to be replicated, all IDs to be enabled, all customizations, all sites to be protected, and all sources and targets for federation. The next step is to configure the cloud-based IAM solution in multiple environments (development, test, production) and test function before going live. In our experience, the more the business uses an off-the-shelf process and the less they customize, the faster the process and the easier the future maintenance.
IDaaS for All
IAM in the cloud can be deployed for companies in numerous industries, including automotive, media, education, financial, retail, pharmaceutical, industrial, and oil and gas. These organizations range in size from as few as 1,000 users and a handful of applications to more than 9 million managed identities, hundreds of protected applications and federations, and presence in multiple countries.
Cloud Identity Service builds on IBM’s 20-plus years in the IAM and security market. This IDaaS solution uses IBM software that is time-tested, mature and highly scalable. It provides the deepest set of IAM functions in the IDaaS market as validated by independent industry analysts.
The results speak for themselves. Customers enjoy improved productivity and customer user experiences, more secure and compliant environments and, most of all, the flexibility and scalability they need to meet their business demands.
Calculate Your TCO of IDaaS
Associate Partner, IBM
Charles Carrington has worked in Security, focusing on IAM, for over 20 years. He is a published author (on directories). Mr. Carrington's work is in the fie...