1 Introduction
IBM Cloud Identity competes in the IDaaS market. This has become one of the fastest-growing markets of IAM (Identity and Access Management), characterized by cloud-based delivery of traditional IAM services. The market, driven largely by web-centric use-cases in its early days, has matured to offer fully-fledged delivery of IAM capabilities, irrespective of application delivery models.
The IDaaS market has registered significant growth over the last few years primarily driven by the need of organizations to:
- Achieve a better time-to-value proposition with on-premises IAM deployments
- Extend IAM capabilities to meet the security requirements of a growing SaaS portfolio
- Reduce internal IAM costs and efforts to keep up with the market trends
- Limit internal IAM failures in project delivery and ongoing operations
Another driver for IDaaS adoption is stringent data governance laws such as GDPR (General Data Protection Regulation) which punish organizations financially for loss of consumer data – a fine up to 4% of a company’s global turnover. With more data and applications in the cloud, the potential for data loss is increased if organizations rely on traditional IAM solutions only.
Organizations are also increasingly creating Hybrid IT environments, a mixture of private/public cloud and in-house resources for more agile and faster ways of working. For example, individuals and groups have greater freedom to choose their own software applications and access to cloud services as they need (which can include downloading unsanctioned applications if not policed). This poses a risk of data loss through negligence or criminal attack. To reduce this risk, the organization needs to ensure IAM controls remain robust and updated regularly.
The responsibility for security hybrid IT environments is often shared between the customer and the cloud service provider. Where an organization has a hybrid IT environment with IT services from multiple cloud vendors as well as on premises, security ownership obligations can become complex – especially so when GDPR puts the responsibility for data security on the data controller.
Most cloud service providers do implement strong security controls and consequently many security breaches originate from failures by the customer. Many involve a failure to properly set or protect access controls or credentials. Since cloud services are inherently open to the internet, incorrect or missing access controls and poorly protected credentials are a major risk. Managing these risks effectively is essential.
When IT was delivered on premises alone, IAM could be centralized and controlled in one place. This supported standard workflows for on-boarding and employees as well as job changes and for the auditing and governance of activities and access rights.
However, the tools providing these capabilities for on premises IT services do not usually cover the cloud. Employees can decide to use cloud services without any controls - creating the problems of unsanctioned access. Cloud Access Security Brokers (CASB) provide a partial solution to this but are not enough. To manage access to sanctioned cloud services the organization must set controls within each service and how this is done should be integrated with the existing on premises processes, workflows and tools.
Supporting hybrid IT environments is among the main challenges for IDaaS, across all areas. Connecting back to legacy web applications is more challenging than with most on-premises solutions, and Identity Provisioning as well. This needs to be kept in mind and carefully considered when choosing an an IDaaS solution.
As well as being compatible with complex operating environments, IDaaS must be accessible to regular employees and not just IT security professionals. When basic daily operational identity and access management tools can be safely set by line managers – in effect at the front end of the enterprise IAM funnel - it frees up expensive IT security personnel to maintain and improve the core IAM technologies and policies.
Access to single applications is just a small part of the complex data interactions that comprise the modern workplace. New workflow operations mean that users may touch many applications briefly but on a regular basis, or just once in a project lifecycle. The digitalization of manufacturing processes is putting swathes of employees in touch with software applications they once may not have needed. User workflow cycles are now more complex, often short and harder to track.
All the more reason to make IAM esay to use and reconfigure to new business demands. The right IDaaS tool configured and deployed correctly to run the widest number of enterprise applications, on premises or cloud, can make a significant difference to workplace productivity. It is within this environment that IBM Cloud Identity now competes.