Light Dark
September 13, 2019 By Adam Case 4 min read
Cloud Security
Identity & Access

Since the advent of the cloud, the number of -as-a-service solution offerings has exploded. But most businesses continue to operate with a mix of on-premises and cloud applications that need to be accessed by employees, customers and business partners. Keeping identities and permissions secure and up to date in this environment is a top priority — not to mention a constant challenge — for IT teams. That’s why many are seeking a simpler, more cost-effective way to manage access.

Rather than trying to juggle multiple on-premises and cloud-based solutions for identity and access management (IAM), these organizations want to leverage a single solution in the form of cloud-based identity-as-a-service (IDaaS). IDaaS, the cloud-based counterpart to on-premises IAM, has the advantage of continuous upgrading that only comes with the cloud. With IDaaS, companies can protect systems, applications, identities and data wherever they reside — in the cloud, on-premises and, increasingly, on mobile devices. Maintenance and upgrade work is shifted to the provider, and software updates are made as soon as they are available.

Cost and Functionality Drive Identity-as-a-Service Adoption

As identity-as-a-service solutions gain traction in the marketplace, new providers are emerging. How do you choose the right one? Let’s review some key capabilities of IDaaS solutions and discuss what you should look for in a solution and a vendor.

Organizations are turning to IDaaS for a variety of reasons. The primary drivers are cost, scalability and functionality, and vendors are at different levels on these three metrics. Shifting identity and access management functions to the cloud effectively eliminates the cost of building out on-premises infrastructure. This reduces total cost of ownership (TCO) and frees up capital for other business expenses.

Scalability is a major selling point of most cloud offerings, and a truly scalable IDaaS solution should be able to adapt to the needs of small-but-growing organizations and robust enough for large enterprise environments — which brings us to the topic of functionality.

What Capabilities Should You Look For in an IDaaS Vendor?

An identity-as-a-service solution that is suitable for the long term should include a complete set of capabilities. Yet some solutions offer only bits and pieces of IDaaS functionality, leaving the integration process to the customer.

Look for an IDaaS solution with the following functionality. While your organization may not need all of these right now, it likely will eventually.

  • Single sign-on (SSO) — SSO enables end users to access multiple applications without repeating the login process, enhancing convenience and security.
  • Federated identity management — This allows a single identity to access applications both inside and outside the enterprise (e.g., between company and business partner networks).
  • Multifactor authentication (MFA) — MFA requires users to provide two or more forms of authentication when they request access.
  • Directory services — A directory is the authoritative source of user identities. When a user logs in, the IDaaS solution automatically checks the user identity against the directory service to confirm the user’s credentials and ensure that the level of access being requested is authorized for that user.
  • Provisioning and deprovisioning — Provisioning and deprovisioning are the processes of adding and removing access throughout the life cycle of a user’s employment. An efficient IDaaS provisioning process enables new employees to be productive quickly upon joining the organization. Prompt deprovisioning ensures that former employees do not retain access past the end of their employment.
  • Self-service launch pads — Self-service portals with application launch pads allow end users to readily find and access the applications they need without asking for IT assistance.
  • Connectors — These are the integration points between IDaaS and the applications. Most IDaaS vendors create and maintain a library of connectors to facilitate easy access and integration.
  • Monitoring, alerting and reporting — The ability to monitor access attempts, alert IT to threats and anomalies, and report on patterns and trends are vital capabilities of any IDaaS solution. Auditable reports are also essential for proper governance and compliance.

Geographical Reach and Financial Strength of the Vendor

In addition to solution capabilities, it’s important to examine the capabilities of the vendor itself. A vendor may make an appealing presentation, but to ensure adequate support going forward, growing companies and multinational firms should choose a provider with a market presence in different geographical areas where the business operates or may seek to operate in the future. A vendor’s financial strength and longevity are also significant risk factors and should be given equal weight to technical features.

Avoiding Pain Points for a Smooth Deployment

The deployment of any major software system involves challenges and risks. That’s especially true for IDaaS systems that act as gatekeepers to potentially all of an organization’s systems. To avoid pains in the deployment process, pay close attention to these factors.

Finding the Right Fit

While identity-as-a-service solutions are usually standardized to address the majority of use cases, mature cloud service providers can help you configure an IDaaS solution to fit your organization’s unique environment and business needs. They can assist in identifying special needs, setting priorities and implementing the solutions according to a realistic timetable.

Planning for an IDaaS Future

Careful planning is essential to the success of any implementation. The planning process should produce a comprehensive profile of the user population both now and for what is expected in the future, especially if the organization makes frequent acquisitions and divestitures. Alongside the user population profile, planners should compile a list of all the data and applications users need to access, and then map the connections between the two, looking for gaps, obstacles and dead ends. In addition to technical considerations, look at nontechnical issues as well. Have the users been subjected to many other system changes in the recent past? If so, consider that factor in creating a timetable for implementation.

Smooth Integration

An IDaaS solution should be capable of integrating smoothly with the organization’s existing operational systems and services, which may include a variety of legacy solutions. Premade connectors, templates and wizards can help accelerate access to those different applications.

Ask the IDaaS Experts

Safeguarding systems and data while providing quick, convenient access for employees, partners and customers is enormously important to IT professionals. But with the right solution and the right vendor, you can deliver good service to your users and reliable security to your organization.

Above is just a quick overview of some of the main considerations when choosing an IDaaS vendor. To learn more, download the IBM e-book, “Cloud Identity for Dummies.”

 |  |  |  |  |  |  |  |  | 
Adam Case
Technical Offering Manager - Cloud Identity, IBM Security

More from Cloud Security
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 4, 2024

Cloud security uncertainty: Do you know where your data is?

3 min read - How well are security leaders sleeping at night? According to a recent Gigamon report, it appears that many cyber professionals are restless and worried.In the report, 50% of IT and security leaders surveyed lack confidence in knowing where their most sensitive data is stored and how it’s secured. Meanwhile, another 56% of respondents say undiscovered blind spots being exploited is the leading concern making them restless.The report reveals the ongoing need for improved cloud and hybrid cloud security. Solutions to…

March 14, 2024

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature