Blog posts by Richard Hill
The days in which having just an Identity and Access Management (IAM) system on-premises are long gone. With organizations moving to hybrid on-premises, cloud, and even multi-cloud environments, the number of cyber-attacks is growing. The types and sophistication of these attacks are continually changing to get around any new security controls put in place. In fact, it is much easier for the cyber attacker to change tactics than it is for organizations to bring in new solutions to mitigate current attack vulnerabilities.
Organizations must realize that they will never be 100% secure, and there will always be attacks on their systems. Don't get me wrong. I'm not saying to give up on continually assessing and updating an organization's security controls to block the latest and most significant attack vectors. But instead, take the next step and plan for the worst. Organizations should integrate their Business Continuity Management (BCM) with their cybersecurity initiatives. This means being able to detect, respond recover, and improve from any attack that potentially brings down their business.
Recently, Microsoft Azure announced its global availability of the Windows Virtual Desktop (WVD). WVD not only provides the ability to deploy and scale Azure-based virtualization of Windows 10 multi-session, Windows Server, and Windows 7 desktops, but it also provides something that is sometimes overlooked. WVD gives the enterprise the ability to recover from being compromised when attacked, at least from the desktop endpoint perspective. Through Microsoft's acquisition of FSLogix and its solutions, WVD takes advantage of virtualization & containerization technologies. Using these technologies, Microsoft ensures that its Windows desktops and servers can be powered up or restarted in a consistent and safe state with respect to user profiles and applications, adding to the BCM and “recover from an attack” capabilities business must implement today. FSLogix does this by bringing both profile and office containers to the table.
So, when reviewing cybersecurity and BCM strategies, organizations shouldn’t take the view of “if”, but “when” their systems will be compromised, and their data breached. Then ask themselves how they will recover.
KuppingerCole Principal Analyst Martin Kuppinger emphasized the changing role of the CISO recently in a blog and also covered that topic in a webinar on cybersecurity budgeting which you can watch below. To get a more hands-on approach, see below for our Incident Response Boot Camp at Cybersecurity Leadership Summit 2019.
An organization’s need to support communication and collaboration with external parties such as business partners and customers is just as an essential technical foundation today as it has been in the past. Web Access Management and Identity Federation are two vital and inseparable technologies that organizations can use to manage access to and from external systems, including cloud services, consistently. While the core Web Access Management and Identity Federation technologies have been well established for years, organizations will still need a strategic approach to address the growing requirement list that can support a Connected and Intelligent Enterprise.
New IT challenges are driving the shift in IT from a traditional, internal-facing approach towards an open IT infrastructure supporting this Connected and Intelligent Enterprise. At the core of these changes is the need to become more agile in an increasingly complex and competitive business environment. Because of this, business models have to adapt more rapidly, and organizations need to react more quickly to new attack vectors that are continually changing. Having a Connected Enterprise means that organizations have to deal with more and larger user populations than ever before. Given these new challenges, the technologies that help to support this complex and changing landscape include Cloud, Mobile, Social and Intelligent Computing.
As the changing workforce looks to work from anywhere from any device, the need to manage mobile devices are being leveraged onto organizations. Amongst these other technologies are new types of cloud-based directory services as well as various other kinds of Cloud services that include Cloud Identity Services that give flexibility and control for both internal and external identities. Support for social logins such as Facebook, Google+, etc., are also needed and is now considered standard support for established Cloud Service Providers today. In addition to the foundational Access Management and Identity Federation capabilities, improvements to authentication and authorization technologies such as risk- and context-based Access Management, sometimes called “adaptive” authentication and authorization, are needed too.
Figure: Overall Leadership rating for the Access Management and Federation market segment
In the market segment of Web Access Management and Identity Federation, KuppingerCole is seeing an evolutionary shift in vendor solutions towards the support of the Connected and Intelligent Enterprise in various degrees. In the latest Web Access Management and Identity Federation Leadership Compass, we evaluated 15 vendors in this market segment as depicted here in this overall leadership chart. So, when considering your organizational requirements for Web Access Management and Identity Federation, you should also think about how your IT infrastructure is connecting and intelligently adapting on-premise IT to the outer world in its many different and changing ways.
To get the latest information on the market, that includes detailed technical descriptions of the leading solutions, see our most recent Web Access Management and Identity Federation Leadership Compass.
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
How can we help you