IDaaS and the Cloud Aim to Infuse Identity Everywhere
Whether a deployment is on-premises, in the cloud or focused on mobile, identity management is an almost universally required function. Businesses need to authenticate the customers, employees and third parties who want to access their networks, but they also want to avoid the accountability of hosting account and password information on-premises.
In an effort to infuse identity everywhere and deliver solutions regardless of where applications are hosted, IBM has extended identity-as-a-service (IDaaS) to hybrid cloud environments by expanding its Cloud Identity platform to include Cloud Identity Connect, adding it to its MaaS360 universal end-point offerings for mobile, according to eWeek.
IDaaS Benefits Organizations
As cloud identity and access management (IAM) has matured, security professionals have relied on IDaaS as a way of managing scarce resources. Joseph Burkard, CISO at Sidney Austin LLP, told Security Intelligence that IDaaS delivers a wealth of IAM capabilities without requiring enterprises to hire an army of security professionals.
“Our organization, like most, is resource-constrained, especially in IT security,” he said, “so increasing responsibility for both internal and external identities would be challenging.”
With IDaaS, organizations can increase single sign-on (SSO) capabilities, cutting down on the number of account usernames and passwords and decreasing call volume to the service desk. Cloud Identity Connect delivers SSO capabilities through two main protocols, Open ID Connect and SAML 2.0.
Also, because most organizations own a number of legacy applications and newer cloud-hosted applications, they need IAM services that can work in hybrid environments. Cloud Identity Connect works in these such environments and complements the capabilities of cloud brokerage providers. With third-party providers hosting IDaaS platforms and delivering integration and operational support, both costs and logistical challenges are transferred from the enterprise to the provider.
Identity and the Cloud
Most new applications are adopted without much input from security teams. Therefore, IAM isn’t just about access; it’s about governance and visibility. Enterprises need universal visibility into any identity, across all enterprise users and applications, to see the data to which an identity has access. They also need to govern who has access, who should have access and what those with access can do.
Although organizations want control over identities and what those identities can do with data, they also want to minimize their infrastructure investments. When someone else hosts the IAM platform, IT teams can focus on integrating IDaaS into a range of cloud and on-premises applications while also delivering consistent operational support. With IDaaS cloud hosting, employees can access any application from anywhere, no matter where it’s hosted or what type of device they’re using. Whether applications are client-server, on the web or in the cloud as software-as-a-service, businesses get a unified IAM solution across hybrid environments.
According to Ravi Srinivasan, IBM’s vice president of strategy and offering management, IAM policies can live behind an organization’s firewall, but today’s organizations need a more federated approach. Cloud Identity Connect is built on the IBM Cloud, but it skips OpenStack to utilize cloud-platform-agnostic and native IBM technologies, he told eWeek.
IBM continues to contribute to Keystone within the OpenStack project even as it develops its own IDaaS tools.
“IBM, as part of its contributions to OpenStack, has also contributed code to Keystone,” Jason Keenaghan, director of offering management at IBM Security, told eWeek. “However, that is separate and distinct from the Cloud Identity Connect offering.”