• Cloud IAM and How to Choose Your Solution

Cloud IAM and How to Choose Your Solution

The shift to the cloud continues to be one of the biggest trends in Identity and Access Management (IAM).

Indeed, industry leaders have long pointed to the strengths of cloud-based options for managing digital identifies, often not available with on-premises options.

But for managers seeking to develop a data security strategy for their organizations, trying to navigate through the slew of IAM options can be a real challenge.

CISO’s need to constantly weigh a spectrum of important issues: harnessing tools that address the unique needs of their companies’ business models, keeping a high-security standard, all the while maintaining ease of use for employees.

Understanding the factors that play a role in implementing a cloud-based identity solution will help security officers make the best decisions when considering the move to the cloud.

Dealing with IT Costs

Exploding IT infrastructure costs are one of the things fueling the marketplace for all cloud services today. Identity management is no exception. On-premises IAM means acquiring the hardware necessary for running those programs in house, often meaning the installation of additional servers and supporting equipment. Cloud service providers maintain their own cloud-native architecture. For companies low on digital infrastructure, or otherwise looking to keep their expenditures low in that area, cloud solutions will almost definitely be preferable.

Additionally, the overall investment risk of cloud platforms is less than on-site IAM solutions. Unlike purchased programs and the hardware they require, a subscription can be canceled if expectations are not met.

Integration with Services

One of the big considerations when choosing an IAM system is the ability for any given platform to integrate with apps and tools the enterprise already uses. An important feature of cloud identity services is their ability to more easily manage authentication of other cloud-based programs. Accessing SaaS tools and cloud servers is more streamlined when utilizing cloud identity platforms. This is a particularly important issue for companies that are already transferring most of their tools to the cloud sphere.

Smooth integration of SaaS apps is not all the cloud is good for. It also helps for ensuring that access to those tools can be spread across the full network of enterprise users. Which brings us to the next point:

Networking Identities

Cloud solutions deliver identity essentially in the form of a network service. This means that all the identity integrations to a cloud IAM platform are made available to all the network participants. Using the network to distribute new features or third-party capabilities is unique to the cloud identity service model.

Up to Scale

Traditional on-premises solutions are designed to handle user activities in a centralized location–hence the “on-premises” part. These tools best deal with proprietary applications, and known endpoints. This can be a real obstacle for today’s companies looking to integrate a wide variety of devices and programs to the network and allow employees to operate remotely. Over the past five years, business has substantially broadened their management of identities, with most enterprises managing identities for at least one type of external user, and over three-quarters manage mobile identities. Cloud identity management tools are optimized for integration across devices, and even different operating systems.

The Compliance Factor

The advent of major cyber regulation and the intricacies of compliance have added a whole new dimension to the tasks identity management.

In this regard, cloud solutions can be a real asset. These tools can help company IT manage the real challenges of decentralized user accounts, a major liability for abiding by big data legislation such as GDPR. With cloud IAM, access to cloud databases and other SaaS tools can be more easily monitored. Furthermore, this means the onboarding and off-boarding processes of employees can be verified and checked as the solution can track which users are accessing what and when an essential protocol for regulatory compliance.

 

On-premise and Hybrid

For some organizations, the option of integrating cloud with on-premises resources is the most appealing. Some business may already be utilizing on-site platforms for identity management and just need additional support for a system that already works pretty well. Incorporating a cloud element gives the organizations more storage, networking, security, options without having to completely shift to a new IAM model. Adding on a cloud layer can also help when an enterprise wants start using more SaaS tools for its operations. To achieve this, cloud solutions with identity synchronization–a service that automatically replicates user identities from on-premises identity stores to SaaS programs–would be ideal. Conversely, the ability to extend the existing on-premises infrastructure to work within the cloud is an important prerequisite for any hybrid approach.

 

The Cloud Future

While trends in the IAM industry are certainly heading toward the cloud sphere, the factors that go into choosing a platform, still give managers a lot to consider.

The key take away:

Determine if current operations warrant and allow for a shift to a cloud option in identity management.

The tools that an enterprise uses and their digital infrastructure capacity will be the most important in establishing which direction to take.

By Shimrit Tzur-David|July 4th, 2018|Categories: Articles|Tags: , , |

About the Author: Shimrit Tzur-David

mm
Shimrit holds an MSc and Ph.D. from the Hebrew University in Computer Science. Her research areas primarily focused on PKI, cryptography, anomaly detection, web attacks, DDoS and intrusion detection and prevention systems. During her Ph.D., Shimrit was a consultant for Check Point and Marvell Semiconductor and designed an intrusion detection system product there.