Nick Edwards, a Senior Enterprise Architect with Identity Solutions, was recently interviewed by Polly Schneider Traylor on behalf of UnboundID on changes in Identity Management Space.
Based on this interview, Caroline Castrillon of UnboundID has posted an article below which can also be viewed on UnboundID web site.
What are your clients’ greatest challenges right now in identity management from both a technological and strategic viewpoint?
In the past, clients were primarily working with just a few large packaged software applications in a Windows server environment. It was common to use the Windows Active Directory platform to store identity information. Now, many companies are adopting cloud applications and infrastructure. This means you’ve got multiple applications residing on premise, multiple applications in the cloud, and suddenly users are having to login to applications and services using a dozen different credentials. At the same time, companies are now storing a lot of data on consumers and partners and other outsiders. So the main challenge is to provide the right access to the right people. The key pain points are usability, productivity and not slowing people down at work. These challenges and goals haven’t changed too much over the years but the complexity of the IT environment with more infrastructure environments and applications has made all this very challenging. Finally of course there is security, which is much more difficult today with BYOD and mobility.
Are large companies looking to consolidate and integrate identity management and security platforms? How viable is this?
First, I think that access management tools should be split from identity management tools. Access management is a commodity and it is not business specific. Identity management, on the other hand, is business specific because it involves on-boarding new people - establishing and assigning entitlements for access to certain information. It’s going to take longer for identity management to consolidate in the enterprise, because there are many legacy systems which just can’t be discarded easily. If you’re moving applications to the cloud, you can’t just port that internal identity management system to the new environment. Most likely you’ll need a different system. We’re also in a period when the old-school identity management and the new-school identity management viewpoints are clashing. New school is about providing access to resources based on your knowledge of that individual, whereas old school is more about provisioning of resources based on their roles as its focus is on more internal users at an organisation level. For instance, in digital marketing, I can provide more assets and resources to an individual based on the information they will share with me. So I can build a profile of them, and then we can start to exchange more information and establish mutual trust. That is the new identity-driven security and where the industry is heading.
What about scale, especially for consumer-based companies. How do you accomplish consistent scalability with identity management? Consumers expect speed.
A cloud-based identity management system is ideal for managing scale on-demand. You need an architecture with loosely-coupled flexible tiers that can scale vertically and horizontally so that the application can expand and contract as needed. Sustaining high level of systemic qualities such as reliability, availability and serviceability for identity management, regardless of the level of concurrent demand, can be a very complex and expensive success factor for consumer-based companies. A cloud-based identity management system on the other hand can simply utilise a well-established IT infrastructure with extreme availability, elasticity and resiliency and with optimum cost efficiency due to multi-tenancy.
Finally, how commonly are companies putting identity management systems in the cloud and what are the challenges there?
Per above, I think this is becoming the model. At the enterprise level, the challenges are threefold. First the internal challenges are convincing stakeholders within IT that the cloud is the best choice. Even if you hire cloud enterprise architects and have the technical audience on your side you’ve still got to convince the other key stakeholders and decision makers such as security or executive team. An external challenge is of course around security and compliance, as some companies have strict policies as to where the data can be stored. This may prohibit, for instance, customer data being stored in a different region or country where the cloud provider might have data centers. Finally there are vendor challenges. Companies need to make sure that they can trust the longevity of the identity management software vendor. Will they be acquired and will I have to then upgrade or change systems again.