Since the advent of the cloud, the number of -as-a-service solution offerings has exploded. But most businesses continue to operate with a mix of on-premises and cloud applications that need to be accessed by employees, customers and business partners. Keeping identities and permissions secure and up to date in this environment is a top priority — not to mention a constant challenge — for IT teams. That’s why many are seeking a simpler, more cost-effective way to manage access.
Rather than trying to juggle multiple on-premises and cloud-based solutions for identity and access management (IAM), these organizations want to leverage a single solution in the form of cloud-based identity-as-a-service (IDaaS). IDaaS, the cloud-based counterpart to on-premises IAM, has the advantage of continuous upgrading that only comes with the cloud. With IDaaS, companies can protect systems, applications, identities and data wherever they reside — in the cloud, on-premises and, increasingly, on mobile devices. Maintenance and upgrade work is shifted to the provider, and software updates are made as soon as they are available.
Cost and Functionality Drive Identity-as-a-Service Adoption
As identity-as-a-service solutions gain traction in the marketplace, new providers are emerging. How do you choose the right one? Let’s review some key capabilities of IDaaS solutions and discuss what you should look for in a solution and a vendor.
Organizations are turning to IDaaS for a variety of reasons. The primary drivers are cost, scalability and functionality, and vendors are at different levels on these three metrics. Shifting identity and access management functions to the cloud effectively eliminates the cost of building out on-premises infrastructure. This reduces total cost of ownership (TCO) and frees up capital for other business expenses.
Scalability is a major selling point of most cloud offerings, and a truly scalable IDaaS solution should be able to adapt to the needs of small-but-growing organizations and robust enough for large enterprise environments — which brings us to the topic of functionality.
What Capabilities Should You Look For in an IDaaS Vendor?
An identity-as-a-service solution that is suitable for the long term should include a complete set of capabilities. Yet some solutions offer only bits and pieces of IDaaS functionality, leaving the integration process to the customer.
Look for an IDaaS solution with the following functionality. While your organization may not need all of these right now, it likely will eventually.
- Single sign-on (SSO) — SSO enables end users to access multiple applications without repeating the login process, enhancing convenience and security.
- Federated identity management — This allows a single identity to access applications both inside and outside the enterprise (e.g., between company and business partner networks).
- Multifactor authentication (MFA) — MFA requires users to provide two or more forms of authentication when they request access.
- Directory services — A directory is the authoritative source of user identities. When a user logs in, the IDaaS solution automatically checks the user identity against the directory service to confirm the user’s credentials and ensure that the level of access being requested is authorized for that user.
- Provisioning and deprovisioning — Provisioning and deprovisioning are the processes of adding and removing access throughout the life cycle of a user’s employment. An efficient IDaaS provisioning process enables new employees to be productive quickly upon joining the organization. Prompt deprovisioning ensures that former employees do not retain access past the end of their employment.
- Self-service launch pads — Self-service portals with application launch pads allow end users to readily find and access the applications they need without asking for IT assistance.
- Connectors — These are the integration points between IDaaS and the applications. Most IDaaS vendors create and maintain a library of connectors to facilitate easy access and integration.
- Monitoring, alerting and reporting — The ability to monitor access attempts, alert IT to threats and anomalies, and report on patterns and trends are vital capabilities of any IDaaS solution. Auditable reports are also essential for proper governance and compliance.
Geographical Reach and Financial Strength of the Vendor
In addition to solution capabilities, it’s important to examine the capabilities of the vendor itself. A vendor may make an appealing presentation, but to ensure adequate support going forward, growing companies and multinational firms should choose a provider with a market presence in different geographical areas where the business operates or may seek to operate in the future. A vendor’s financial strength and longevity are also significant risk factors and should be given equal weight to technical features.
Avoiding Pain Points for a Smooth Deployment
The deployment of any major software system involves challenges and risks. That’s especially true for IDaaS systems that act as gatekeepers to potentially all of an organization’s systems. To avoid pains in the deployment process, pay close attention to these factors.
Finding the Right Fit
While identity-as-a-service solutions are usually standardized to address the majority of use cases, mature cloud service providers can help you configure an IDaaS solution to fit your organization’s unique environment and business needs. They can assist in identifying special needs, setting priorities and implementing the solutions according to a realistic timetable.
Planning for an IDaaS Future
Careful planning is essential to the success of any implementation. The planning process should produce a comprehensive profile of the user population both now and for what is expected in the future, especially if the organization makes frequent acquisitions and divestitures. Alongside the user population profile, planners should compile a list of all the data and applications users need to access, and then map the connections between the two, looking for gaps, obstacles and dead ends. In addition to technical considerations, look at nontechnical issues as well. Have the users been subjected to many other system changes in the recent past? If so, consider that factor in creating a timetable for implementation.
An IDaaS solution should be capable of integrating smoothly with the organization’s existing operational systems and services, which may include a variety of legacy solutions. Premade connectors, templates and wizards can help accelerate access to those different applications.
Ask the IDaaS Experts
Safeguarding systems and data while providing quick, convenient access for employees, partners and customers is enormously important to IT professionals. But with the right solution and the right vendor, you can deliver good service to your users and reliable security to your organization.
Above is just a quick overview of some of the main considerations when choosing an IDaaS vendor. To learn more, download the IBM e-book, “Cloud Identity for Dummies.”
Technical Offering Manager - Cloud Identity, IBM Security
Adam is an Enterprise Security Professional with experience implementing end user security software for Fortune 1000 customers in the Identity and Access and...