Light Dark
August 31, 2016 By Charles Carrington 4 min read
Cloud Security
Identity & Access

The times are changing, and many CIOs and CISOs are blowing away the cobwebs on their legacy identity and access management (IAM) programs and considering a move to identity and access management-as-a-service (IDaaS). Whether driven by the growing menace of attacks via identities, increasing compliance mandates or the expanding needs of end users for easy and frictionless access to their data, security leaders realize that a move to IDaaS is key to achieving critical business objectives that are relevant to every high-performing organization.

IDaaS solutions offer great benefits over on-premises deployments. They can breathe new life into legacy IAM systems, building upon these solid foundations to surface as new and improved IAM features. But many CISOs are concerned that their organization may not be ready to deploy an IDaaS solution.

When considering a move to IDaaS, a little preparedness goes a long way.

Come as You Are

No matter what software you use on-premises, what version you have and what platform you use, you can move directly to the cloud now. Technology readiness is not an issue: Many cloud-based IAM solutions are adapted to a come-as-you-are scenario. Any company moving IT to the cloud for any purpose should plan on using IAM in the cloud as well.

That’s not to say there won’t be complications. Planning and preparation are required to ensure a smooth migration. But the end result, moving IAM to the cloud, is well worth the investment and provides a predictable monthly expense with few surprises.

Cloud IAM can be used either to replace an existing on-premises IAM system or to extend an existing on-premises IAM solution. Hybrid scenarios in which cloud IAM is used as an extension are common.

When deciding whether to move specific IAM workloads to the cloud, important considerations include complexity of the applications being integrated, complexity of the business processes around the application integration and the extent of the desired direct control over the identity and access workload.

Another key factor to consider in a cloud IAM move is available assistance. Some cloud IAM suppliers are self-service only, leaving you on your own when integration challenges arise. If your situation has unique integration requirements, look for a team that can guide you through the effort and provide the necessary integration expertise for your on-premises enterprise applications.

Preparing to Move to IDaaS

Organizational culture and governance are always factors when it comes to adopting cloud IAM. A cloud-based IAM with single sign-on (SSO) can provide a way for companies to gracefully fold shadow IT. Providing SSO to all company applications is a powerful incentive for users, and as such it brings all those cloud services that users and departments have implemented without prior permission back under organization control.

A cloud-based IAM solution will also support other cloud initiatives already in place or planned, so it is a natural step for IT leaders as they try to regain some control over the usage of cloud applications.

Another factor is comfort. Companies accustomed to doing things in-house have to give up a small share of control to take advantage of a cloud-based IAM solution. But when you factor in the lowered costs and higher service levels, the business case is far too compelling to ignore.

Without a doubt, planning is key when moving from on-premises to the cloud, and the transition requires skilled and knowledgeable business staff. But the upfront preparation and work that goes in to this data migration is well worth it in the end.

Speedy Setup

Take an organization of over 15,000 employees, for example, that is considering moving from one on-premises product to another, or even moving from an old version of a product to its current version. Depending on how organized the IT team is and how well the policies are documented and developed, the average rollout can take a considerable amount of time; six months or more is a common figure.

Conversely, migration to a cloud-based IAM product can happen much faster. In our experience with IBM’s own IDaaS solution, Cloud Identity Service, moderately complex migrations can be done 75 percent faster than on-premises deployments, including set up of identity data feeds, protection of websites, initial federations, DNS considerations and testing, with 95 percent of the work done remotely. Preparation is key, but on-site impact is limited.

It must start with a team working with the business to identify all data to be replicated, all IDs to be enabled, all customizations, all sites to be protected, and all sources and targets for federation. The next step is to configure the cloud-based IAM solution in multiple environments (development, test, production) and test function before going live. In our experience, the more the business uses an off-the-shelf process and the less they customize, the faster the process and the easier the future maintenance.

IDaaS for All

IAM in the cloud can be deployed for companies in numerous industries, including automotive, media, education, financial, retail, pharmaceutical, industrial, and oil and gas. These organizations range in size from as few as 1,000 users and a handful of applications to more than 9 million managed identities, hundreds of protected applications and federations, and presence in multiple countries.

Cloud Identity Service builds on IBM’s 20-plus years in the IAM and security market. This IDaaS solution uses IBM software that is time-tested, mature and highly scalable. It provides the deepest set of IAM functions in the IDaaS market as validated by independent industry analysts.

The results speak for themselves. Customers enjoy improved productivity and customer user experiences, more secure and compliant environments and, most of all, the flexibility and scalability they need to meet their business demands.

Calculate Your TCO of IDaaS

 |  |  |  | 
Charles Carrington
Associate Partner, IBM

More from Cloud Security
November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

October 3, 2023

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature