Historically, Identity and Access Management (IAM) solutions were developed to address the business needs of IT environments running within the walls of their perimeter. IAM solutions were conventionally monolithic containing a single suite of IAM functionality and integration within the enterprise was limited, using traditional identity store, authentication, and authorization protocols.
As business needs extend beyond business-to-employee (B2E) to use cases external to the enterprise, federation extended the reach of where identity and access controls reside and Single sign-on (SSO) systems gave users the ability to authenticate not only across multiple IT systems but organizations too. The need for standard Applications Programming Interfaces (APIs) between organizations systems became necessary to integrate these entities together.
As cloud services (IaaS, PaaS, SaaS) became available, organizations motivated by the need to increase IT elasticity, flexibility, and scalability while reducing cost, began to adopt these new services for their IT infrastructure, platforms, and software. Identity as a Service (IDaaS) exposed their services through stateless protocols and APIs that support HTTP/S and REST as well as identity protocols like OData, SCIM, OpenID Connect for authentication and OAuth2 for authorization.
Initial cloud IAM offerings included the same IAM capabilities as on-premises IAM while targeting new capabilities required to meet the use case of their time. Where traditional on-premises IAM sought to address the access control to the web-based application of the day, cloud IAM also needed to address the demands of more current access requirements such as mobile uses cases, providing programmatic APIs for integrations and automation, as well as adaptive or more contextual access controls.
There are differences between cloud and on-premises environmental requirements. Cloud environments need to be accessible beyond an organizations firewall and must be scalable to support millions of user accounts and even more transactions per day. Cloud environment communication and transactions needed to travel through a mire of IT infrastructure including firewalls and load balancers. Where on-premises solutions are typically single tenant or sometimes limited tenancy across a finite number of organizational units, cloud environments require multi-tenancy to support multiple customers or organizations.
The reality of today is that most organization’s IT data, applications and services are spread across both on-premises and cloud environments. The need to integrate security systems across on-premises and cloud environments is only increasing, as is the drive to automate these systems within DevOps.
The changing IT economic models are driving a change to expose and consume APIs. There is a new market emerging where IAM, motivated by the need to integrate and automate, will increasingly expose their functionality through APIs. APIs will enable organizations to create new business models, connect with partners and customers while providing a seamless experience by linking systems and services together. The expansion of APIs within IAM will help meet this need.
Whether the Identity and Access Management solution is on-premises or in the cloud, certain capabilities are expected. The core IAM building blocks include:
ViewDS is a privately held identity management company headquartered in Melbourne, Australia with partners in USA, Europe and Asia. ViewDS customers are located throughout Australasia, Asia, Europe, the Middle East and North America which include the government, defense, aviation and health sectors.