Identity management problems arose nearly a decade ago when organizations began to increase the number of business processes automated through web applications and integrate more systems into daily operations. This situation provoked a new challenge: How should you keep access control lists up-to-date when users are given multiple usernames and passwords? Even worse, if an employee leaves the company, how do you coordinate with HR departments to have IT teams disable access to their applications?
Today, with the evolution of technologies and the increased use of cloud-based applications, organizations face the same challenges in finding an effective way to perform user identity management. Though the environment has evolved, the nature of the problem persists: Identity management is time-consuming, expensive and difficult.
In addition, new challenges have arisen: ensuring employees receive explicit approval from IT departments when using cloud-based applications, and also integrating Identity Management on-premise solutions for legacy applications with cloud-based applications on IDaaS platforms. Fulfilling regulatory requirements that require evidence for provisioning and de-provisioning users like SoX is also important, as is managing the complexity to provision/de-provision user access in a time-effective way. One must, furthermore, be aware that the diverse authentication and authorization mechanisms within SaaS applications may reduce or increase the organizations’ exposure to risk.
Identity management-as-a-service (IDaaS) solves an organization’s main challenges around Identity Access Management solution’s installation and maintenance, including deployment, customization, system patching and updates, specialized resources, and all of the challenges indirectly associated, i.e., infrastructure procurement and resource attrition. In addition, IDaaS allows organizations to consistently enforce policies and compliance requirements, preserve and extend existing identity management investments, and increase security posture, while minimizing daily administration time, and reducing overall cost.
It is important to avoid confusing IDaaS with cloud-based SSO, however. Cloud-based single sign-on enables the creation of one single username and password that, when authenticated by the identity provider, serves to access other applications without requiring second-time login. In contrast, IDaaS may integrate different functions, including SSO, directory integration, multi-factor authentication, password vaulting, user provisioning, and reporting.
With so many IDaaS solutions out there, organizations struggle to select a provider that will meet their needs without adding risk to operations. To help with this process, try dividing the selection criteria into three phases: business-driven, IDaaS solution-driven, and IDaas provider-driven.
From a business perspective:
From a solutions perspective:
From an IDaaS provider's perspective:
As the market matures and the cloud environment becomes more regulated, keeping the above checklist top of mind will go a long way to ensure your identity management platform runs as smoothly as possible. Good luck!
Leonel Navarro is Practice Manager & Business leader for Softtek Information Security Practice. He is a certified project management professional (PMP) and a certified information systems security professional (CISSP). Navarro’s ten years of experience in IT operations with teams based in Mexico, the United States, and China, combined with critical customer-facing positions he has held, enable him to perform the overall coordination of the Sales, Marketing, Product Management and Strategic Alliances strategy for Softtek’s Information Security Service offering while overseeing the delivery of those services with existing clients. Leo holds a Bachelor in Electrical Engineering & Computer Architecture from ITESM.