Finding the appropriate identity and access management (IAM) solution is important for organisations, including those relying on cloud-based applications and systems. We look at a few essential factors to consider when organisations explore new IAM solutions.
The world is migrating towards the cloud, with usage of cloud-based services increasing by leaps and bounds over the past few years. Cloud-based identity and access management (IAM) services are no exception to this observation. Leveraging on a suitable IAM solution will enable any organisation to cut down on IT security risks, time and cost. So how does one search for the right IAM model? We share what factors to consider when assessing an IAM solution.
The first thing to consider is whether the prospective vendor is offering a solution that comes with control and access across cloud-based as well as on-premises applications. Cloud-based applications / services includes cloud computing services such as Amazon Web Services, Azure Cloud, etc and Software as a Service (SaaS) applications such as SalesForce, Office 365, etc. Identity federation for SaaS-based applications might seem like a good indicator. However, larger companies might want to have solutions of greater complexity and maturity, so they can handle the intricate challenges of a hybrid environment which consists of SaaS-based and legacy on-premises software and applications. Without capabilities that support on-premises systems and SaaS applications together, companies would then have to manage disparate IAM solutions, which will put a strain on IT costs. At the bare minimum, an IAM system should be able to provide a single identity that has access to all applications (be it in the cloud or on-premises)
In addition, one should consider whether the IAM solution is supported on a variety of devices. With the advent of Bring Your Own Device (BYOD) policies at the workplace, a new set of IT security challenges has arisen due to the plethora of devices now being brought into the workplace and connecting to the security networks of BYOD-implemented organisations. If the organisation has committed to their BYOD policies, it is necessary for them to adopt an IAM solution that is supported on handheld devices such as Android, iOS, Windows-based devices, etc. One should seek IAM solutions that have the capabilities to make sure that these end devices are secured and trusted. As secure access requires contextual trust, having a centralised access management system allows IT departments to cut down on processes that are repetitive, highly manual and time consuming. Identity and mobility have since converged in the past few years and are set to remain hand in hand for the years to come.
Another train of thought one should bear in mind when meeting vendors is whether the various authentication methods are supported by the solution. These methods can range from software and hardware tokens, SMS One-Time Passwords (OTPs) to mobile device authentication and biometric support. From there, it is strongly advised to look for multifactor authentication (MFA) revolving around user behaviour. What this means is that the user’s usage behavioural patterns and account usage timings are constantly monitored, to flag out any abnormal and risky behaviour that may indicate an account that has been hacked. By having robust access policies, the modern IAM solution should be able to incorporate multifactor authentication mechanisms, securing applications hosted in the cloud and on-premises.
These are just some of the basics to consider when looking for a solution. Ultimately, one needs to keep the organisation’s end goals for IT security in mind when choosing the right IAM solution.