IAM for the Hybrid Reality. Efficiently Managing On-Premise IT and the Cloud.
Most organizations today run in a hybrid IT environment. However, their IAM solutions have repeatedly been built for the traditional on-premises IT. IAM needs to become a service that supports the hybrid IT infrastructure organizations run today. This whitepaper describes the paradigm shift, the customer needs, and a solution to help businesses move forward in this hybrid IT environment.
Commissioned by Saviynt
1 Executive Summary
Traditionally, the IT environment has run within the walls of their perimeter. The Identity and Access Management (IAM) solutions were developed to address the business needs of this closed environment. Identities were managed and stored on-premises and made available only to local access control systems to ensure individuals just have access to resources they need.
As business needs extend beyond business-to-employee (B2E) to include business-to-business (B2B) and business-to-consumer (B2C), and more recently business-to-IoT (B2IoT) use cases, federation extended the reach of where identity and access controls reside. And Single sign-on (SSO) systems gave users the ability to authenticate not only across multiple IT systems but organizations too.
With the advent of cloud services (IaaS, PaaS, SaaS), organizations were given new options for their IT infrastructure, platforms, and software. Motivated by the business need to increase IT elasticity, flexibility, and scalability while reducing cost, businesses took to the cloud giving IT a new challenge to protect both identities and access to resources in a cloud environment.
Adding to the sphere of what modern IT IAM systems need to protect is enterprise controlled mobile devices, and BYOD also needs to be addressed, as well as the bow wave IoT devices coming their way. And as organizations start to move from a perimeter-based security model to a perimeter-less one, greater emphasis will be placed on what you know about the user and the devices they use.
The hybrid IT environment is the new reality that is here to stay for the foreseeable future
Identity Governance and Administration (IGA), was initially driven by regulations such as SOX that required organizations to ensure separation of duties (SOD) as a means to prevent accounting fraud, not to mention the other mandates such as ITGC, HIPAA, HITECH, FedRAMP, PCI, FFIEC. Tracking the user Joiners/Movers/Leavers, user account reconciliations and user access to resources became required to keep an organization in compliance.
As an organization’s infrastructure, platforms, software, and its data increasingly spans across the traditional enterprise boundaries into the cloud to create this hybrid IT environment, so should IAM and IGA. Although cloud providers give varying levels of security and monitoring of users, the enterprise needs to have clear visibility on what users have access to and what they are doing with it, while applying consistent security controls regardless of whether it’s in the cloud on or on-premise. The management of user identity, access, and its governance must evolve into a service that can address this new hybrid IT reality.
Saviynt provides a fully featured platform that can meet the demands of this hybrid IT environment by adding governance to many types of cloud services. It presents capabilities that allow IT to manage access rights across the enterprise and the cloud, as well as adding a risk-aware, threat-aware, intelligent and analytics-driven functionality to the platform.