As enterprises expand the use of cloud and mobile devices, they need identity access management tools that can handle both SaaS and on-premises applications.
Many enterprises already have identity access management (IAM) tools, but the IAM tools of yore haven't evolved to support Web apps and mobile devices, according to Gregg Kreizman, analyst at Gartner Inc. in Stamford, Conn.
New cloud-based IAM products make it possible for organizations to spin up new devices quickly and cost effectively, said Wendy Nather, a security analyst at London-based 451 Research.
In her previous place of employment, Nather was responsible for implementing an IAM project that, four years later, is still under construction. Her team wrote a new user interface for the project because the IT department couldn't expose it to non-technical people. In addition, the infrastructure couldn't support external users in Active Directory.
The organization could have saved a whole lot of time and money if an IAM tool existed when the project began, she said.
"We were dealing with a Professor Plum in the kitchen with the lead pipe in terms of requirements, and that's not uncommon for most enterprise IAM projects," Nather added.
IAM tools evolve
While cloud-based IAM tools are great for companies that rely on Software as a Service (SaaS) apps, IT pros still need a way to manage identity and access for on-premises applications.
"Those two markets are converging," Kreizmann said. "However, [if] a company starts to attack the problem, they typically realize they have to offer both pieces of that puzzle to customers."
More on identity access management
Readers' Choice: Best of Identity and Access Management
Identity and access management trends
Companies such as CrossIdeas and SailPoint bring the traditional IAM stack of provisioning, access and intelligent authentication that is built on top of Active Directory into the cloud. For instance, Aveska, a Waltham, Mass.-based IAM vendor, recently updated its product to offer single sign-on (SSO) capabilities along with governance and provisioning for both cloud and on-premises applications.
Identropy, based in Austin, Texas, just released its first cloud-based Identity as a Service (IDaaS) product, called Secure Cloud-based Unified Identity (SCUID) Lifecycle, to provide a cloud-based alternative to traditional on-premises IAM software. It offers provisioning and de-provisioning, IT-service access requests with automated approval workflows, and compliance auditing, among other features.
IAM in action
Identropy's tool is useful for IT departments that need to provision and de-provision employees' use of cloud apps and corporate legacy apps in cases where Active Directory isn't sufficient.
One such IT department, a utility company based in the mid-Atlantic, allowed employees to use various cloud applications as the organization slowly migrated towards a predominantly SaaS environment. It became apparent, however, that many of those SaaS apps required access compliance for regulatory purposes, and its existing IAM product from Novell wasn't sufficient.
"I need to use the same discipline with legacy apps as with the newer cloud applications," said the utility company's director of information, who requested anonymity. "SCUID is much more effective for doing that than building [compliance] ourselves to every cloud application we use."
The IT department installed a small, virtual appliance that connected Identropy's SCUID Lifecycle to its existing installation of Novell's Identity Manager, which connects back to Active Directory. In the future, the company intends to use both IAM products side by side, but will conduct an evaluation to see which product is more future-proof.
Pricing for Identropy's SCUID Lifecycle starts at $7 per user per month with discounts beginning at 500 users. A 5000 user installation costs $1 per user per month, the company said. There is also an initial assessment fee to set up a one month trial program.