Commissioned by Ubisecure
1 Executive Summary
Identity and Access Management (IAM) solutions have continually evolved to meet the changing IT requirements. At first, IAM took root in business-to-employee (B2E) scenarios to address the business needs of an IT closed environment that ran within the walls of their perimeter. Identities were managed and stored on-premises and made available only to local access control systems to ensure individuals have access to resources they need through authentication & authorization, with the ability to audit user access.
As business needs extend beyond business-to-employee (B2E) to include business-to-business (B2B) and business-to-consumer (B2C), and more recently business-to-IoT (B2IoT) use cases, federation extended the reach of where identity and access controls reside. And Single sign-on (SSO) systems gave users the ability to authenticate not only across multiple IT systems but organizations too.
With the advent of cloud services (IaaS, PaaS, SaaS), organizations were given new options for their IT infrastructure, platforms, and software. Motivated by the business need to increase IT elasticity, flexibility, and scalability while reducing cost, businesses took to the cloud giving IT a new challenge to protect both identities and access to resources in a cloud environment.
IAM encompasses standard features that can be used in B2E or B2C use cases as well, but IAM in the B2B context has specific requirements that need to be addressed. B2B IAM services need to support customers, suppliers, and other partner organizations by providing capabilities such as support for multiple identity types, user delegation at different levels, strong authentication, self-service, and automation, to name a few.
Not all IAM solutions provide the capabilities needed to successfully meet all of the B2B requirements
Administrating user access within a single organization can be difficult enough without also trying to maintain customer or partner organization’s user access as well. Managing access this way can often incur increased overhead costs and gaps in user access security. Through the use of automation and tiered delegated administration roles, this process can be improved by allowing the external organization to manage access to applications or other digital services they use at their partner organization.
Application Programming Interfaces (APIs) enable organizations to connect with partners and customers while providing a seamless experience by linking systems and services together. In order to accomplish this and to allow for better interoperability, common formats, protocols and standards should be used.
As an organization’s infrastructure, platforms, software, and its data increasingly spans across the traditional enterprise boundaries into the cloud creating hybrid IT environment, so should IAM. Although cloud providers give varying levels of security and monitoring of users, the enterprise needs to have clear visibility on what users have access to and what they are doing with it, while applying consistent security controls regardless of whether it’s in the cloud on or on-premise. The management of user identity, access, and its governance must evolve into a service that provides an “Identity Fabric” in order to provide all services in a standardized manner.