As organisations increasingly seek to digitally transform themselves, their identity management and access control infrastructure is increasingly under pressure. Collection, managment, and eventually deletion of identity information tasks must focus on ensuring the right person has the right access to corporate resources at the right time.
While access control in the past was limited to staff who needed access to on-premise corporate resources – typically managed via AD groups – access control tasks nowadays are to manage access of employees, contractors, business partners and various classes of customers, to resources that are increasingly cloud-based. As business unit demands become more complex, the IAM environment and access controls have become more sophisticated. There are several drivers for these changes:
- Increased Interconnection of Partners: Industry is becoming increasingly vertically integrated. Suppliers require access to inventory records to ensure continuation of supply and clients require access to the order entry system to customize their purchases This means a federated authentication environment is needed based on a shared trust model between the organisations. It is no longer acceptable to enter identity records from a business partner into the corporate directory, nor should generic accounts for access by business partners be tolerated.
- Different Relationships Require Different Levels of Assurance: Increasingly, a multi-factor authentication environment is required. For instance, service personnel supporting the plant automation equipment, suppliers accessing the inventory management system, and customers placing an order all require different levels of assurance. It makes no sense to impose a high-level of assurance on a customer as it will not be tolerated. Equally, a service agent accessing plant equipment should not be able to do so with a social media login. Access control has become far more sophisticated and organisations must be agile in order to accommodate modern business requirements.
- Password-less Logins are Required: Organizations are no longer tolerating the vulnerability and support requirements associated with passwords. As software tokens for session control and SSO are increasingly embraced, legacy login technology is being replaced.
- Hybrid Environment is the New Normal: Hybrid environments encompassing on-premise and multiple cloud platforms are now normal. Organizations now expect their access control infrastructure to work across all their environments and provide a unified access control policy to protected resources.
- Microservices Approach is Required: Access control deployments in hybrid environments increasingly employ APIs to access relying applications for authentication and to communicate identity data. A microservices architecture also assists in software deployment with software modules packaged for the release process. This significantly shortens the test and release process and increases program development agility.
- Information Protection on Mobile: As the mobileobile device gains importance in the enterprise, capabilities to protect information in motion, at rest, and in use continue to advance and can provide equally or more secure access to protected resources than traditional corporate network PCs.
- Expectations of AI Efficiencies: Advances in AI provide significant opportunity for organizations, and they expect to utilize behavioral analytics, anomaly detection, and other AI-enhanced tasks to tighten security and reduce the workload of Security Operations Centers.
With the Access Manager product, Micro Focus is migrating its solution to adopt new technology and to remain responsive to the digital transformation initiatives of its clients.