1 Introduction
As an organization’s infrastructure, platforms, software, and its data increasingly spans across the traditional organizational boundaries into the cloud, and so should IAM. Although cloud providers give varying levels of security and monitoring of users, the enterprise needs to have clear visibility on what users have access to and what they are doing with it, while applying consistent security controls regardless of whether it’s in the cloud on or on-premise. The management of user identity, access, and its governance must evolve into services that can meet this need.
Initial cloud IAM offerings included the same IAM capabilities as on-premises IAM while targeting new capabilities required to meet the use case of their time. Where traditional on-premises IAM sought to address the access control to the web-based application of the day, cloud IAM also needed to address the demands of more current access requirements such as mobile uses cases, providing programmatic APIs for integrations and automation, and adaptive or more contextual access controls. Single-Sign-On (SSO), once an add-on or separate on-premises offering, now comes frequently as a baseline cloud IAM capability.
Identity Governance and Administration (IGA) was initially driven by regulations such as SOX, that required organizations to ensure separation of duties (SOD) as a means to prevent accounting fraud, not to mention the other mandates such as ITGC, HIPAA, HITECH, FedRAMP, PCI, FFIEC. Tracking the user Joiners/Movers/Leavers, user account reconciliations and user access to resources became required to keep an organization in compliance. Access Governance (AG) has grown out of not only an organization’s need to comply with existing regulation mandates but also to manage risks more strategically. In the simplest terms, access governance manages who has access to what data, applications, and services. It must monitor and report on potential risky access by users. It must also prevent access to resources that would violate any laws or regulations by applying access permission controls based on an organization’s policies.
Where IAM systems are rooted in existing infrastructure, it can be difficult to replace or extend to meet current or future business requirements. Flexibility in integration options with existing systems and applications, along with deployment options is critical for the speed of replacement or extension of existing IAM solutions. Also, where provisioning of user identities and access is conducted manually outside of legacy IAM solutions, tools to implement automated workflows can be beneficial in reducing the cost and need for manual processes.
Consumer Identity and Access Management (CIAM) is a growing sector of the IAM market targeted to meet evolving organizational requirements to not only support employees but customers and citizen use cases too. To that end, many businesses and public-sector organizations are finding that they must offer a better experience to its users while gathering additional information about those users accessing their services. The ability to collect, store, and analyze user data provides more sales opportunities and increases brand loyalty.
Pirean is a medium sized company founded in 2002 with offices in London and Sydney. Their company provides a Consumer and Workforce IDaaS platform with a focus on simplifying how IAM capabilities are delivered for their customers enterprise web and mobile applications. Pirean's clientele includes the financial, insurance, retail, government and telco sectors, with deployments at the London Stock Exchange, Intellectual Property Office, Prudential, Telefonica, Sainsbury’s, BP, and Compass to name a few.