By 2022, 40% of global midsize and larger organizations will use identity and access management (IAM) capabilities delivered as software-as-a-service (SaaS) to fulfill most of their needs, cites a 2019 Gartner press release on IAM technology trends.

Today, businesses are aligning themselves with a digital ecosystem by moving toward cloud adoption. On the journey toward cloud adoption, a crucial element of digital readiness is safe identity assurance. This assurance is needed to define and maintain identities requiring access to resources at certain times and in specific ways.

Amid this ongoing push toward cloud adoption, businesses have many questions around requirements, implementation and compliance. Here are considerations for evolving cloud IAM on the path digital transformation.

Cloud IAM and On-Premise IAM

When businesses subscribe to multiple cloud services, managing security concerns is critical; however, on-premise IAM is not enough to secure identities in such a wide arena. Despite the importance of ensuring these services adhere to an organization’s security and compliance requirements, many enterprises are hesitant about the idea of breaking their existing comfort zone with on-premise IAM.

For example, a customer I worked with had a roadmap to transition to cloud, but also had serious concerns about why they should move away from on-premise IAM. Given that they’d been using an on-premise IAM solution for 12 years, their primary concern came from cloud infrastructure being so new. Would cloud IAM prove to be stable enough? And, would it protect their personally identifiable information (PII)?

The customer believed that on-premise solutions are more secure since they are within the premises. This is actually false and a common misconception. The level of security available for cloud IAM solutions is almost the same and sometimes better than on-premise IAM infrastructure. While on-premise security can be subjective, depending largely on the skills of the IT team implementing it, cloud IAM is not prone to such variables.

While using on-premise IAM, this customer was paying license fees, training their information technology (IT) department and managing ongoing server hardware, power consumption, cooling and space costs. Moving to the cloud relieved these pain points. A cloud-based IAM solution provided the customer with 99.99% availability and scalability to support large amounts of end users with no additional infrastructure. Plus, the solution eliminated concerns around continuous patching, upgrades and maintenance lifecycle. Moreover, cloud IAM provided the customer with an outstanding user experience, which led to higher customer satisfaction, loyalty and retention.

We often see customers struggling to choose the right cloud IAM strategy, due to the multiple cloud options available, lack of information, complex business requirements and financial limitations. When selecting the best-suited IAM strategy, there is no single rule. Security leaders should analyze varied IAM designs and zero in on one that aligns best with their business model.

Opt for a Hybrid Approach to IAM

Organizations looking to move from existing, well-established on-premise services to the cloud should look into a hybrid approach to IAM. The hybrid cloud approach offers the best path to unlock key features of cloud security without impacting the existing, mature on-premise functionalities. This allows for gradual shifting of a business from on-premise to cloud.

A federated identity management is the best way to proceed forward with a hybrid approach to IAM. Cloud IAM can use the existing lightweight directory access protocol (LDAP) that have been used by an organization for its on-premise access management. Once all services have been migrated to the cloud, the on-premise service can be closed down with zero impact.

Identification, Authentication, Authorization and Auditing (IAAA) for Cloud IAM

IAAA plays a major role in securing a cloud ecosystem. Various security attacks on cloud services have been prevented by applying stringent identification, authentication and authorization mechanisms. This process validates a user’s identity by asking the five Ws and one H: Who is accessing? Why is a user granted permission? Where is the user’s geolocation? What is he/she trying to access? When is the user accessing the services? And, how is he/she trying to access via mobile, laptop?

Gone are the days when traditional user IDs and passwords were the only medium to verify a user’s identity. Businesses now have advanced authentication mechanisms for evaluating identities within a cloud IAM. This ranges from zero sign-in to passwordless authentication services for enhanced user experience.

Zero sign-in facilitates users to sign in directly through a Windows authentication. Passwordless authentication consists of verifying proof of identity by means other than passwords, which can include biometric authentication, push notifications, U2F-based multifactor authentication, YubiKey OTP and Google’s Titan Security Key.

Biometrics are user friendly and provide strong security against phishing and real-time, man-in-the-middle attacks; however, they contain highly sensitive user data.

Other passwordless authentications, such as U2F-based OTP, FIDO U2F Token and web authentication are strong from deployability, usability and security perspectives. Push notifications are also strong in deployability and usability and provide better protection from man-in-the-middle attacks.

With the growing demand for flexibility in authentication and authorization, there also comes the need for context-aware or adaptive authentication. Adaptive authentication goes hand-in-hand with conventional password-based authentication or advanced passwordless authentications, providing an additional layer of security. Adaptive authentication is an extended multifactor authentication, which leverages users’ behavioral traits to detect fraudulent activity. It uses “smart” information like geolocation, day, time, type of device used or user behavior to improve security authentication. These adaptive access controls ensure high levels of trust along with increased identity assurance for customers.

Cloud IAM and Digital Transformation

As the continuous push for digital transformation is booming worldwide, it is increasingly important to ensure the right users access the right resources at the right time. Cloud IAM fosters safe identities while ensuring safe access. For businesses looking forward to secure, seamless and streamlined cloud adoption, cloud IAM is truly the guardian angel for digitalization.

After all, the end goal is to secure identities, facilitate only authorized accesses, achieving greater levels of regulatory compliance and provide delightful user experience, while keeping the competing return on investment.

Explore IBM Security Verify

More from Cloud Security

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges

View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space ventures expanded the threats that targeted the space system components. These threats could be countered by various cybersecurity measures. However, the New Space has brought about a significant shift in the industry. This wave of innovation is reshaping the future…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

How Posture Management Prevents Catastrophic Cloud Breaches

We've all heard about catastrophic cloud breaches. But for every cyberattack reported in the news, many more may never reach the public eye. Perhaps worst of all, a large number of the offending vulnerabilities might have been avoided entirely through proper cloud configuration. Many big cloud security catastrophes often result from what appear to be tiny lapses. For example, the famous 2019 Capital One breach was traced to a misconfigured application firewall. Could a proper configuration have prevented that breach?…