Cloud Security September 13, 2019
By Adam Case 4 min read

Since the advent of the cloud, the number of -as-a-service solution offerings has exploded. But most businesses continue to operate with a mix of on-premises and cloud applications that need to be accessed by employees, customers and business partners. Keeping identities and permissions secure and up to date in this environment is a top priority — not to mention a constant challenge — for IT teams. That’s why many are seeking a simpler, more cost-effective way to manage access.

Rather than trying to juggle multiple on-premises and cloud-based solutions for identity and access management (IAM), these organizations want to leverage a single solution in the form of cloud-based identity-as-a-service (IDaaS). IDaaS, the cloud-based counterpart to on-premises IAM, has the advantage of continuous upgrading that only comes with the cloud. With IDaaS, companies can protect systems, applications, identities and data wherever they reside — in the cloud, on-premises and, increasingly, on mobile devices. Maintenance and upgrade work is shifted to the provider, and software updates are made as soon as they are available.

Cost and Functionality Drive Identity-as-a-Service Adoption

As identity-as-a-service solutions gain traction in the marketplace, new providers are emerging. How do you choose the right one? Let’s review some key capabilities of IDaaS solutions and discuss what you should look for in a solution and a vendor.

Organizations are turning to IDaaS for a variety of reasons. The primary drivers are cost, scalability and functionality, and vendors are at different levels on these three metrics. Shifting identity and access management functions to the cloud effectively eliminates the cost of building out on-premises infrastructure. This reduces total cost of ownership (TCO) and frees up capital for other business expenses.

Scalability is a major selling point of most cloud offerings, and a truly scalable IDaaS solution should be able to adapt to the needs of small-but-growing organizations and robust enough for large enterprise environments — which brings us to the topic of functionality.

What Capabilities Should You Look For in an IDaaS Vendor?

An identity-as-a-service solution that is suitable for the long term should include a complete set of capabilities. Yet some solutions offer only bits and pieces of IDaaS functionality, leaving the integration process to the customer.

Look for an IDaaS solution with the following functionality. While your organization may not need all of these right now, it likely will eventually.

  • Single sign-on (SSO) — SSO enables end users to access multiple applications without repeating the login process, enhancing convenience and security.
  • Federated identity management — This allows a single identity to access applications both inside and outside the enterprise (e.g., between company and business partner networks).
  • Multifactor authentication (MFA) — MFA requires users to provide two or more forms of authentication when they request access.
  • Directory services — A directory is the authoritative source of user identities. When a user logs in, the IDaaS solution automatically checks the user identity against the directory service to confirm the user’s credentials and ensure that the level of access being requested is authorized for that user.
  • Provisioning and deprovisioning — Provisioning and deprovisioning are the processes of adding and removing access throughout the life cycle of a user’s employment. An efficient IDaaS provisioning process enables new employees to be productive quickly upon joining the organization. Prompt deprovisioning ensures that former employees do not retain access past the end of their employment.
  • Self-service launch pads — Self-service portals with application launch pads allow end users to readily find and access the applications they need without asking for IT assistance.
  • Connectors — These are the integration points between IDaaS and the applications. Most IDaaS vendors create and maintain a library of connectors to facilitate easy access and integration.
  • Monitoring, alerting and reporting — The ability to monitor access attempts, alert IT to threats and anomalies, and report on patterns and trends are vital capabilities of any IDaaS solution. Auditable reports are also essential for proper governance and compliance.

Geographical Reach and Financial Strength of the Vendor

In addition to solution capabilities, it’s important to examine the capabilities of the vendor itself. A vendor may make an appealing presentation, but to ensure adequate support going forward, growing companies and multinational firms should choose a provider with a market presence in different geographical areas where the business operates or may seek to operate in the future. A vendor’s financial strength and longevity are also significant risk factors and should be given equal weight to technical features.

Avoiding Pain Points for a Smooth Deployment

The deployment of any major software system involves challenges and risks. That’s especially true for IDaaS systems that act as gatekeepers to potentially all of an organization’s systems. To avoid pains in the deployment process, pay close attention to these factors.

Finding the Right Fit

While identity-as-a-service solutions are usually standardized to address the majority of use cases, mature cloud service providers can help you configure an IDaaS solution to fit your organization’s unique environment and business needs. They can assist in identifying special needs, setting priorities and implementing the solutions according to a realistic timetable.

Planning for an IDaaS Future

Careful planning is essential to the success of any implementation. The planning process should produce a comprehensive profile of the user population both now and for what is expected in the future, especially if the organization makes frequent acquisitions and divestitures. Alongside the user population profile, planners should compile a list of all the data and applications users need to access, and then map the connections between the two, looking for gaps, obstacles and dead ends. In addition to technical considerations, look at nontechnical issues as well. Have the users been subjected to many other system changes in the recent past? If so, consider that factor in creating a timetable for implementation.

Smooth Integration

An IDaaS solution should be capable of integrating smoothly with the organization’s existing operational systems and services, which may include a variety of legacy solutions. Premade connectors, templates and wizards can help accelerate access to those different applications.

Ask the IDaaS Experts

Safeguarding systems and data while providing quick, convenient access for employees, partners and customers is enormously important to IT professionals. But with the right solution and the right vendor, you can deliver good service to your users and reliable security to your organization.

Above is just a quick overview of some of the main considerations when choosing an IDaaS vendor. To learn more, download the IBM e-book, “Cloud Identity for Dummies.”

 |  |  |  |  |  |  |  |  | 
Adam Case
Technical Offering Manager - Cloud Identity, IBM Security

More from Cloud Security
September 14, 2023

How I got started: Cloud security engineer

3 min read - In today’s increasingly cloud-focused business environment, cloud security engineers are pivotal in protecting an organization’s critical data and infrastructure. As experts in cloud security, they leverage their expertise to ensure that the ever-expanding amount of cloud data is safe from emerging threats and vulnerabilities. Cloud security professionals combine their passion for technology with a deep understanding of security principles to design and implement robust cloud security strategies. What experience do these security experts have, and what led them to the…

September 13, 2023

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

August 24, 2023

Lessons learned from the Microsoft Cloud breach

3 min read - In early July, the news broke that threat actors in China used a Microsoft security flaw to execute highly targeted and sophisticated espionage against dozens of entities. Victims included the U.S. Commerce Secretary, several U.S. State Department officials and other organizations not yet publicly named. Officials and researchers alike are concerned that Microsoft products were again used to pull off an intelligence coup, such as during the SolarWinds incident. In the wake of the breach, the Department of Homeland Security…

August 18, 2023

What you need to know about protecting your data across the hybrid cloud

6 min read - The adoption of hybrid cloud environments driving business operations has become an ever-increasing trend for organizations. The hybrid cloud combines the best of both worlds, offering the flexibility of public cloud services and the security of private on-premises infrastructure. We also see an explosion of SaaS platforms and applications, such as Salesforce or Slack, where users input data, send and download files and access data stored with cloud providers. However, with this fusion of cloud resources, the risk of data…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature