Executive View

ManageEngine AD360

ManageEngine AD360 is a tool targeted at the in-depth management of Microsoft Active Directory and connected systems such as Microsoft Office 365. It comes with capabilities that go beyond pure entitlement, by adding authentication features, UBA (User Behavior Analytics), and even Single Sign-On to several cloud services. However, the core of the product is supporting an efficient, automated management of Microsoft Active Directory and mitigating risks in these environments by automation and optimization of entitlements.

Martin Kuppinger

mk@kuppingercole.com

1 Introduction

Digital identity is a critical business-enabling technology for Small to Mid-Size Businesses (SMBs). However, as is borne out by cybercrime reports year-after-year, digital identity is also a primary vector through which SMBs are attacked. Many SMBs lack a fully staffed IT department to handle the complexities of deploying, maintaining, and securing complex IAM solutions. This is a factor fueling the need for targeted solutions that support these businesses in managing their environments.

The risks of not having well-maintained and secure IAM solutions within SMBs can be great, ranging from lower productivity associated with password resets and incorrect entitlements; loss of data such as employee and customer PII; loss of trade secrets and other valuable business information; diminished revenue from reputation damage and fraud; to unwittingly becoming a vector of attack to other members in a supply chain. Many managers and owners within SMBs naively assume that they are too small to be attacked by malicious actors, but cybercrime studies show that SMBs are increasingly targeted because of the perception that they are less secure than larger organizations.

SMBs can have a variety of use cases and technical requirements they need to meet with IAM. Regarding use cases, everyone needs B2E IAM, many need B2B, and some need B2C. Consider B2E, where most will have Microsoft Active Directory in place. Many organizations also utilize various cloud-based SaaS applications but do not have the IAM functions centralized or even under control. They are often lacking productivity-enhancing Single Sign-On (SSO) capabilities.

Beyond the focus on SMBs, getting a grip on the environments such as Microsoft Active Directory requires capabilities beyond what enterprise-grade IGA (Identity Governance and Administration) tools commonly deliver. The in-depth management of Active directory and related environments demands specific capabilities, such as the in-depth management e.g. of SAP environment also does. Thus, there is a place for such solutions in combination with full-blown IGA tools.

A sometimes-overlooked capability is that IAM systems can aid in regulatory compliance. Under the General Data Protection Regulation (GDPR) in the EU, collecting clear and unambiguous consent from consumers for the use of their data is necessary for compliance. Well-designed IAM solutions can enforce and help demonstrate compliance with regulations that require segregation of duties, i.e. SOx in the US.

There are three major categories of functions within IAM to look at, particularly from the perspective of SMBs:

Identity Administration: The ability to administer identity lifecycle events including provisioning/de-provisioning of user accounts, maintaining identity repositories, managing access entitlements, and synchronization of user attributes. A self-service user interface allows for requesting access, profile management, password reset, and synchronization. Configurable cloud-native connectors offer automated user provisioning to both on-premises as well as SaaS applications. Other common identity administration capabilities include administrative web interface, batch import interface, delegated administration, SPML, and SCIM support.

Access Management: This category includes authentication, authorization, single sign-on and identity federation for both on-premises and SaaS applications delivered as a cloud service. The underlying support for industry standards such as SAML, OAuth, and OpenID Connect can vary.

Access Governance: This group of capabilities that are frequently absent from the portfolio of entry-level IAM tools centered around AD, given that most SMBs only look for an easy-to-use, administrator-centric approach on maintaining Access Governance and enforcing least privilege principles.

ManageEngine, a part of Zoho Corporation, offers a comprehensive tool for managing identities and access in the environments that are common for SMBs, centered around Microsoft Active Directory. Their AD360 offering delivers a broad range of capabilities for in-depth IAM.

Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.