Cloud services have become a reality for most of the businesses over the course of the past years. For most businesses, “cloud first” has become the norm, not the exception anymore. In consequence, more and more of the business workloads are shifting to the cloud, into as-a-service deployment models. The reality of business systems today is hybrid for most organizations.
This evolution requires other IT services such as IAM (Identity and Access Management) to follow that trend. This critical IT capability should run where the critical services run that need to be supported and protected. There is no way to split identity services into disparate services for the “old” and “new” IT. There is a need for a hybrid IAM. While this tended to be an on-premises IAM with some support for cloud services, it is about to shift to cloud IAM with strong support for existing on premises business services with more and more business workloads shifting to the cloud.
Over the past years, a growing number of IDaaS (Identity as a Service) solution has appeared on the market. However, many if not most of these are focused on some part of IAM, which is supporting Single Sign-On (SSO) of users and adaptive authentication schemes. Unfortunately, IAM is not done with authenticating a user. It is about managing the identities and their entitlements, it is about authenticating, and it is about authorizing access. IDaaS services that are just SSO and authentication services lack the depth that is required for successfully securing and governing business applications. A comprehensive approach on IDaaS requires a broader coverage.
However, as the shift of business workloads is a long-term journey for most businesses, moving from on-premises IAM to IDaaS while delivering comprehensive support for IAM capabilities across all target systems, independent of their deployment model, is a multi-step journey as well. Running comprehensive IAM capabilities as a managed service is one of the options organizations have on that journey.
Many of today’s investments into IDaaS don’t follow a well-thought-out strategy, but are tactical: There appear some new cloud services, thus connectors or SSO are added. However, when looking at the mid-term IT strategy (commonly a “cloud first” or “cloud preferred” approach) and the mid-term IT reality, which is hybrid for most organizations, a well-planned approach must be taken.
Part of this approach is to start with a clear focus on and acceptance of the hybrid reality of IT. While “cloud first” might be the strategy, the reality is different. Moving to an “IDaaS first” approach is a consequent in the shift to as-a-service models. Thus, businesses need to decide when to best make this step and how. Here, managed IAM comes into play, which allows having a high degree of individuality for the specifics of an enterprise, while being run as a service.
While there is not the single one approach to modernize IAM the right way, managed services are a viable option that balance the challenges of fulfilling organization-specific requirements, supporting complex hybrid environments, and allowing for a gradual step towards an easy-to-manage IAM, without the trade-off in depth and breadth of capabilities most IDaaS solutions still have.
One of the emerging players in this market is iC Consult with their subsidiary Service Layers, that builds custom, managed IAM services based on leading-edge IAM products.