KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Trying to “do identity” as a conventional IAM or Security workload with in-house resources and vendor platform deployments may not satisfy identity and access today’s requirements for IaaS, PaaS, databases and other cloud infrastructures. There are now a growing number of third party ID service providers (MSPs) that can deliver crucial elements of modern IAM workflows to lighten the load. This talk will look at the service options available and the pros and cons of using MSPs for identity management.
Trying to “do identity” as a conventional IAM or Security workload with in-house resources and vendor platform deployments may not satisfy identity and access today’s requirements for IaaS, PaaS, databases and other cloud infrastructures. There are now a growing number of third party ID service providers (MSPs) that can deliver crucial elements of modern IAM workflows to lighten the load. This talk will look at the service options available and the pros and cons of using MSPs for identity management.
So here we go. Thank you again. And thanks all of you for watching, listening with us today.
As I said, gonna be focusing on some managed services in future identity, access management landscapes, quick agenda for you. So I'll just have a quick, we through some ideas around identity and infrastructure, then why outsourcing makes sense and why perhaps it doesn't. And then finally some tips on choosing identity as a service or managed service provider for identity. So let's have a look at infrastructure and how infrastructure or typical infrastructure works these days. So I I've taken here what you might call a, an SMB. So it's probably say about 150 people working, but mostly in SaaS.
So using software as a service. So office 365 parts of SharePoint, et cetera, and Salesforce.
So this, this, this organization, or this infrastructure behind it will use, will collaborate. Most of the work they do is through collaboration through those tools. And you'll also find that they may be in different locations and they're mostly human identities that are being managed because at this particular organization, that's what drives it. And the organization I'm actually talking about here is coming Cole. And I think that's a fair representation. Please allow me to tell you that the cartoons are not a fair representation of the staff members.
So please we do look different from that, but that is quite simple. But then we start getting into other things that occur within this infrastructure. That of course is remote working. Many of us work from home, many of us work from locations outside of Germany. And even in, within Germany, we have, you know, different offices and people working from different places. There.
We, I, we use quite often our own devices. So we may use a laptop, which we also use for personal use. We also increasingly interface with customers through our website and through web management processes. We don't yet have full comp what you might call a full digital conversation with these customers, but they certainly have access to the output of, of our organization. So we need to manage within NOLA. So you can see that what is a fairly simple infrastructure can become quite complicated quite quickly.
And I haven't, the, the infrastructure is quite often tend to expand a bit, bit like universe, but let's focus now on what we're talking about today and which is how to manage identity in complex environments. So this I'm not gonna go through this entire slide, but it, the important things to look at here are what I've just been talking about. So what makes up your infrastructure? So you have a number of servers.
You may have virtual machines, you have possibly using cloud private, private clouds, private clouds, or software as a service, but then within that, we're using lots of different things. So PCs, notebooks, smartphones, et cetera, each one of those may have a different operating system and different applications on it. But they all, at some point properly want to connect to the network. And then below that we have all the applications that we use, storage data, et cetera, and services that either we use as an organization or we provide. So this is not going to get any less complicated.
In fact, it's only gonna get more complicated because when the infrastructure expands, when the business expands, we tend to use more cloud applications. We use more things as a service, and of course, stuff that on premises may also, let's not forget that while we're talking about cloud.
A lot, people are still doing stuff on premise for various reasons. So we're talking about a complicated picture, but behind this complex picture, we're not doing this for nothing. We're doing this because we're a business. And that business has a demand to be, for example, profitable. It needs to be able to scale. It needs to expand. So we need to be agile enough to become, to have it that can deliver on those business demands. But at the same time, we can't just let everything we do be good, sorry, everything we do purely for our business purpose.
We know, and which is why we're here today, but we need to make it secure and we need to manage how people have access to resources, et cetera. And we need to think about things like compliance. So we need to think about how we manage people's private data and personal information. So what's the common denominator amongst all of this effectively you can simplify every infrastructure down to two common entities and the relationship between them. So that is identities and resources. We put identities in front of resources or allow them access to resources to get things done.
That is quite simply what a modern business is. And those identities increasingly are varied. So they could be traditional employees, but they can also be a supply chain partner. They could be a machine increasingly they are actually our customers, a service or even something that we don't yet know about, which may come along in the future. We're gonna have somehow manage the identity of all of that in these complex environments. And of course, what they're trying to get to is a resources on the right hand side, which is applications, databases, services, et cetera. So that's the challenge.
That's the challenge of managing identity in these environments. And recently at co coal, we've been starting to think about new ways of managing identities. And it's increasingly obvious that the cloud infrastructures that I've been talking about are dynamic. People need access to resources or identities need access to resources on a rapid scale. They need it on just in time, perhaps. So they need to be able to get access to something that is considered to be high value or sensitive and use it and then have that access switched off.
So we are, we have started to talk about dynamic resource entitlement and access management compliant environments. And within that, we have, as I said, all our identities from the left here, the admin developers and users, etcetera, using traditional tools, such as privilege, access management, the newer cloud infrastructure in typing management, and of course, identity access management as a whole. And within that, we are now seeing the emergence of dynamic patterns or dynamic access capabilities, which are improving Pam and cm and identity access management.
And they're giving the dynamic access and entitlement. And then most importantly are able to record this, this entitlement to things such as platform as a service SAS, as we already mentioned, three, five etcetera infrastructure service and of course, private cloud. And then they get access to all the resources that we've been talking about. So we put around that what we call an identity fabric.
So in, we increasingly seeing identity management becoming decentralized, but when you start looking at it like this, it start the magnitude of what we need to do to manage identity and access in these environments is actually getting to be quite tricky. So let's think a bit about how we can perhaps make the task easier.
And the point of this talk is to talk about outsourcing, which is a word that seems to have gone out of favor, but I, I think it still makes sense because what we're talking about here is outsourcing a particular set of skills or a set of technologies to experts that manage the service for you. So here's a to illustrate how this can enable you to play to your strength. Here's a story of how IBM and McDonald's got together a few years ago, McDonald's acquired an AI startup from Israel with a view to creating its own AI labs within the corporation.
And it did that recently successfully, and it created one or two projects and they also acquired, I think, another startup to add to their, their more materials. But after a while, they started to think, well, hang on a minute. Our core business is fast food burgers. You like not producing AI. So they actually sold what they created onto IBM, which as we know is a leader in artificial intelligence and the two have signed a deal to work together, to provide software solutions.
That'll help them improve the customer experience for McDonald's customers and help reduce waste, and reduce impact on the environment, et cetera, all those things which are important right now. So McDonald's is not a software business. We hear a lot about people saying everything is a software business.
Well, that's not necessarily true. Some businesses obviously need software and it, but they don't necessarily want to do some of the specialist stuff. So where that brings us up to identity as a service or using a managed service provider, what are, what is identity as a service? So basically we have vendors managed service providers that will supply quite usually a cloud-based authentication or identity management application or platform who then offer it to their customers on a subscription basis.
So it's like any subscription, you have a service level agreement and the customer has to provide, sorry, the, the MSP must provide a certain level of performance and commitment, et cetera, et cetera. In exchange for that subscription, there is on top a, a sort of a third tier of what you might call what we call managed security service providers that will also do things such as web filtering or firewalls, et cetera, the more traditional parts of cybersecurity or the, so things like that, but often will add in identity as a service as well.
And this is where the market becomes quite complicated because those MSPs will probably then subcontract to an identity provider or an I guess, service to provide the service to customers. That doesn't mean it's a bad thing. That's just how the market works. And then we, as I said earlier, are now seeing there is a demand for dream and Pam advanced Pam and cm to be provided as part of ID as a service, particularly Pam for specialist areas like DevOps and dream and cloud entitlement management. So that's kind of the choices that you have. What are the advantages?
Well, the advantage are that quite often, if you choose gladly that the MSP or MSSP will have superior skills and identity management, then your own organization, there is zero deployment in terms of what is push sitting on, on premise or on your own infrastructure. Generally speaking is a lower total cost of ownership when organizations use a MSP, but especially now, because these services are cloud-based cloud native, etcetera, then they tend to be much more scalable and flexible than perhaps if you install something on premise, they, as I said, are cloud native.
Also you'll find that probably they're up to speed with things like zero trust. And of course they can add extra services on top, depending on the type of organization. So they could add in threat detection, instant response, vulnerability management, all that kind of thing. So there is an awful lot, the key message here is that they can do the difficult stuff and leave you to get on with your core business. So how do you choose an identity provider or an IDs service?
The thing is to obviously like anything, start looking at the market, looking at which vendors offer the kind of services that you might want, think about things like Azure, and maybe that you are like obviously millions of organizations, a user of active directory. And you may very good reasons want to stay with that with that framework, the active directory, but like everything else, the active directory is now shifting to the cloud.
So it would means that if you choose KEF wisely, you'll find a provider that can make that jump from active directory to a Azure active directory, where with as little pain to you as possible, so that you don't have to then rebuild the entire directories such that can connect to systems and cloud resources simultaneously, which is hugely important for dynamic environments, particularly for things like we say, DevOps. And of course you may find an MSP or an iDesk and manage specialties such as DevOps.
And increasingly we are seeing in the Pam, well that Pam vendors are offering their own privilege access management as a service or IGA as a service, or even CEM as a service. So there is a wide range options to choose from, and it's only gonna get wider, but it means that some researchers needs to be done exactly what kind of requirements you need, because there are, as I said, a wide choice of providers, the market's very competitive.
If you go back to well McDonald's example, they needed a service that can provide very advanced AI control so that they can fine tune product development, customer service, et cetera. Some MSPs will offer a range of IM options converted to whole market. So the whole market of IM vendors themselves, some will offer a multi-tenant option with a common platform. Some people like that, some people don't multi-tenant tends to be cheaper simply because you are sharing a platform, but the MSP model also can be totally end to end totally inclusive.
So they take care of deployment, upgrades, patching, and the operation and changes. Finally, you, it services giants, but also offering identities as a service. And even some of the consulting companies may be able to offer identity as a service as part of a project. So just to, to, to wrap up this quick whizz through ID, as a service, some things that you probably should just think about. So identities, access management is getting harder.
When I say it's getting harder, it's actually getting harder to manage on your own, especially if you're perhaps a, a smaller operation that doesn't have technical skills in house, doesn't have identity management skills that can be found with those that do it as a service. So identity managing identity will get harder. Probably if you try and do everything yourself, you have to think about is your business identity and access management, or is it burgers? So think about what your priorities are play to your strengths.
So if you're in the business of selling cars or selling watches, for example, then concentrate on that. Don't put two resources that you don't, you can't afford to let go into. I am like any project on standard requirements that you might have in the future and do due diligence on selecting an MSP partner, visualize the outcome. What do you wanna get out of the in identity and access management? How much control do you want to put on it? How much freedom do you want to give your employees?
Perhaps all that stuff would, would probably take at least a four hour workshop, but we haven't got time for that right now. And then think about new requirements as you go forward and how that might impact on any agreements that you have with your chosen provider. So thanks for that. Thanks for listening.
Obviously, KuppingerCole, we're always available on an advisory basis to give, as I said, a much more in depth outline of how to do identity and access management. So with that, I'll hand back to your.
