September 13, 2019 By Adam Case 4 min read

Since the advent of the cloud, the number of -as-a-service solution offerings has exploded. But most businesses continue to operate with a mix of on-premises and cloud applications that need to be accessed by employees, customers and business partners. Keeping identities and permissions secure and up to date in this environment is a top priority — not to mention a constant challenge — for IT teams. That’s why many are seeking a simpler, more cost-effective way to manage access.

Rather than trying to juggle multiple on-premises and cloud-based solutions for identity and access management (IAM), these organizations want to leverage a single solution in the form of cloud-based identity-as-a-service (IDaaS). IDaaS, the cloud-based counterpart to on-premises IAM, has the advantage of continuous upgrading that only comes with the cloud. With IDaaS, companies can protect systems, applications, identities and data wherever they reside — in the cloud, on-premises and, increasingly, on mobile devices. Maintenance and upgrade work is shifted to the provider, and software updates are made as soon as they are available.

Cost and Functionality Drive Identity-as-a-Service Adoption

As identity-as-a-service solutions gain traction in the marketplace, new providers are emerging. How do you choose the right one? Let’s review some key capabilities of IDaaS solutions and discuss what you should look for in a solution and a vendor.

Organizations are turning to IDaaS for a variety of reasons. The primary drivers are cost, scalability and functionality, and vendors are at different levels on these three metrics. Shifting identity and access management functions to the cloud effectively eliminates the cost of building out on-premises infrastructure. This reduces total cost of ownership (TCO) and frees up capital for other business expenses.

Scalability is a major selling point of most cloud offerings, and a truly scalable IDaaS solution should be able to adapt to the needs of small-but-growing organizations and robust enough for large enterprise environments — which brings us to the topic of functionality.

What Capabilities Should You Look For in an IDaaS Vendor?

An identity-as-a-service solution that is suitable for the long term should include a complete set of capabilities. Yet some solutions offer only bits and pieces of IDaaS functionality, leaving the integration process to the customer.

Look for an IDaaS solution with the following functionality. While your organization may not need all of these right now, it likely will eventually.

  • Single sign-on (SSO) — SSO enables end users to access multiple applications without repeating the login process, enhancing convenience and security.
  • Federated identity management — This allows a single identity to access applications both inside and outside the enterprise (e.g., between company and business partner networks).
  • Multifactor authentication (MFA) — MFA requires users to provide two or more forms of authentication when they request access.
  • Directory services — A directory is the authoritative source of user identities. When a user logs in, the IDaaS solution automatically checks the user identity against the directory service to confirm the user’s credentials and ensure that the level of access being requested is authorized for that user.
  • Provisioning and deprovisioning — Provisioning and deprovisioning are the processes of adding and removing access throughout the life cycle of a user’s employment. An efficient IDaaS provisioning process enables new employees to be productive quickly upon joining the organization. Prompt deprovisioning ensures that former employees do not retain access past the end of their employment.
  • Self-service launch pads — Self-service portals with application launch pads allow end users to readily find and access the applications they need without asking for IT assistance.
  • Connectors — These are the integration points between IDaaS and the applications. Most IDaaS vendors create and maintain a library of connectors to facilitate easy access and integration.
  • Monitoring, alerting and reporting — The ability to monitor access attempts, alert IT to threats and anomalies, and report on patterns and trends are vital capabilities of any IDaaS solution. Auditable reports are also essential for proper governance and compliance.

Geographical Reach and Financial Strength of the Vendor

In addition to solution capabilities, it’s important to examine the capabilities of the vendor itself. A vendor may make an appealing presentation, but to ensure adequate support going forward, growing companies and multinational firms should choose a provider with a market presence in different geographical areas where the business operates or may seek to operate in the future. A vendor’s financial strength and longevity are also significant risk factors and should be given equal weight to technical features.

Avoiding Pain Points for a Smooth Deployment

The deployment of any major software system involves challenges and risks. That’s especially true for IDaaS systems that act as gatekeepers to potentially all of an organization’s systems. To avoid pains in the deployment process, pay close attention to these factors.

Finding the Right Fit

While identity-as-a-service solutions are usually standardized to address the majority of use cases, mature cloud service providers can help you configure an IDaaS solution to fit your organization’s unique environment and business needs. They can assist in identifying special needs, setting priorities and implementing the solutions according to a realistic timetable.

Planning for an IDaaS Future

Careful planning is essential to the success of any implementation. The planning process should produce a comprehensive profile of the user population both now and for what is expected in the future, especially if the organization makes frequent acquisitions and divestitures. Alongside the user population profile, planners should compile a list of all the data and applications users need to access, and then map the connections between the two, looking for gaps, obstacles and dead ends. In addition to technical considerations, look at nontechnical issues as well. Have the users been subjected to many other system changes in the recent past? If so, consider that factor in creating a timetable for implementation.

Smooth Integration

An IDaaS solution should be capable of integrating smoothly with the organization’s existing operational systems and services, which may include a variety of legacy solutions. Premade connectors, templates and wizards can help accelerate access to those different applications.

Ask the IDaaS Experts

Safeguarding systems and data while providing quick, convenient access for employees, partners and customers is enormously important to IT professionals. But with the right solution and the right vendor, you can deliver good service to your users and reliable security to your organization.

Above is just a quick overview of some of the main considerations when choosing an IDaaS vendor. To learn more, download the IBM e-book, “Cloud Identity for Dummies.”

More from Cloud Security

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today