Tuesday, March 12, 2013

Why Identity Management in the Cloud?

By Dan Dagnall, Chief Technology Strategist

Even before it had a name, identity management (IdM) existed in all organizations.  It started with a face-to-face process, filling out some forms and walking the forms to IT to request that “Johnny-new-hire” be added to the systems related to “XYZ department.”  A common IT response would be, “What level of access does Johnny need, because I won’t be on the hook when something goes wrong?”  Business units typically told IT, “Just give him what you think he needs.”  Not wanting repeated requests, IT provided access to everything related to XYZ department. Believe it or not, that used to be identity management, and this type of situation provided the motivation to develop IdM into what it is today.

Over time, IdM evolved into a strategy to solve numerous organizational, IT and technical challenges: onboarding new users; providing all users with timely access to needed resources while adhering to business policies; complex approval hierarchies; etc. In short, IdM became a panacea for many issues. Unfortunately, many conventional, on-premise deployments neglected two things: ongoing support and change management.

While on-premise IdM is still more prevalent than cloud-based deployments, cloud benefits can no longer be ignored. Specifically, the cloud can further IdM initiatives while drastically reducing management and support costs.  It’s a BIG WIN for the business unit and it’s a BIG WIN for IT (including help desk).  So why aren’t more IdM solutions implemented in the cloud? Perceived security risks. Many organizations are moving to the cloud, but have been cautious about including sensitive user information; however, it has become clear that cloud-based IdM isn’t just a concept, it’s a game changer.

Cloud based identity management can be more secure than conventional, on-premise deployments.  Storing sensitive user data is the single biggest point of contention when we discuss cloud-based IdM, followed closely by questions about identity-related data (in the cloud model) being sent over the public internet to get from the consumer’s network to the cloud provider.  For starters, data sent across the web is protected by web-services security, including PKI, so it’s secure. Second, we must consider the unpopular truth that in many cases a local datacenter is less secure than those of service providers.  Also, most data breaches are caused by internal, often disgruntled, users. Externalizing the data center from the local premise helps address the issue of employees conspiring to remove sensitive information from the datacenter, while introducing a third-party into the process directly correlates to a greater level of data storage security.

So why cloud-based identity?  Because it’s more secure, more efficient and cost-effective.  Imagine an organization that exists solely to ensure the integrity of your identity management solution, and with the expertise required to properly support your existing and future IdM initiatives.  Imagine not being forced to staff or contract a niche programmer simply to expand your IdM solution to meet your business changes.  Keep in mind that at its core, identity must maintain focus on security regardless of the deployment model.  When you discuss the security focus within the context of the identity management problem, it makes perfect sense to externalize this solution to a third party.

Fischer pioneered cloud-based IAM, Fischer Identity as a Service®, and we continue to be the cloud leader. We have been a Rackspace partner since 2009 for our cloud and hosted offerings.