Cloud changes how identity management services will be consumed

Andrew Kellett, Principal Analyst, Software – IT Solutions

In a recent report on the impact of cloud computing and identity-as-a-service (IaaS) on the identity and access management (IAM) sector (Cloud: Transforming the IAM Industry,July 2013), Ovum highlights the issues that traditional IAM vendors are being forced to address. The report demonstrates why the cloud will be a game changer for IAM over the next two years.

The report also shows that traditional platform vendors are coming under pressure from a new generation of cloud-based specialists that are changing the way that IAM services are and will be consumed in the future. They are also being pressured to extend their own offerings into the cloud to stay competitive. The report helps organizations to understand the changing dynamics of the IAM market and addresses the challenges of selecting an IAM solution that can deal with current and future identity management requirements.

The use of cloud-based systems is driving the need for interactive identity management services and controls

The increasing use of cloud-based services is driving the need for better and more interactive single sign-on (SSO) and federated identity management (FIM) facilities. For the foreseeable future, business organizations will continue to make use of a mixed range of on-premise, hosted, and cloud-based systems and services.

Almost 80% of businesses already make some use of cloud services. Strategic as well as ad hoc adoption of cloud facilities is on the rise. The report highlights these issues, and focuses on the inherent dangers of allowing a shadow approach (locally chosen and deployed) to technology selection and deployment to take hold.

Simplifying user access to cloud systems using standards-based approaches that overcome legacy complexity issues is an attractive message, and one that is being promoted by the new generation of cloud-based identity management providers. Their approach continues to rely on existing directory infrastructures and the provision of acceptable pass-through tokens, but also offers single-source identity administration and authentication that is not restricted at the point of delivery.

Their message is attractive to business because more than half of all enterprise users do not have the basic IAM facilities required to sign on to cloud applications, let alone a credential-based SSO approach. Nor do they have the flexibility to collaborate or share resources with internal or external partners.

Lack of visibility and control are key issues

Almost three-quarters of organizations have the requirement to provide external users such as consultants and contractors with temporary access to on-premise and cloud applications, or need to share their resources with business and supply chain partners. All of this is happening while there are serious worries about governance, risk, and compliance (GRC) as it relates to the management of users and data. There are also usage and control issues that are causing concern when the subject of cloud computing is on the agenda.

This is especially the case in companies where shadow IT has become an issue. In organizations where technology-buying decisions have been delegated down to local and departmental decision-makers, users are far more likely to make use of unauthorized cloud applications, including storage facilities such and Box and Dropbox and unapproved communications channels.

Cloud is a source of problems and opportunities

For the established platform vendors, IAM for the cloud adds a new range of usage and security problems that need to be addressed. These are compounded by limitations on existing legacy provisioning systems that were not designed to deal with third-party services or cloud-based applications, and require both extensions and changes to traditional approaches.

Maintaining access to cloud-based applications and services extends the need for IAM controls and the requirement for seamless SSO and FIM approaches beyond corporate boundaries. Areas of traditional identity management that need to be addressed to support cloud-based services include the extended role of identity management, GRC requirements, audit demands, and complexity-of-use issues.

Cloud computing in its many forms provides opportunities and problems for the IAM sector. Maintaining secure access across traditional mainframe and server-based systems and the growing range of cloud-based applications that organizations choose to deploy is challenging. Organizations want to provide users with the opportunity to move seamlessly between traditional systems and cloud applications/services, while retaining existing authentication and identity management controls, but often lack the facilities required to achieve their objectives.

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.