Search Google for “Identity Access Management” and you will find a broad array of definitions, solutions, and ideas around the topic. The surprise is not in the variety of information but rather the lack of modern conversations and techniques in the solutions offered and presented. Today’s solutions for IAM, must not only incorporate modern demands of IT organizations but also foresee the impact of the shift from on-premises enterprise applications to SaaS, IaaS, and PaaS as the provider of applications and information to today’s enterprise IT users. The purpose of this short article is to share with the IT community key considerations for your IAM strategy and tactics.
The distribution of application workloads and data now extends beyond the datacenter into other environments – whether they be in SaaS, IaaS, PaaS, or vendor provided “private clouds”. As more workloads are distributed, an IAM strategy must assume that user identities will require access to any resource, in any environment, through any service, at any time. Hence, (Consideration #1) expect corporate identities to no longer be contained only within the corporation’s controlled network.
The acceptance of shared environments and adoption of common services also will open the door for more open information sharing. Such requests from the business may start with the obvious, such as information sharing with vendors involved in a supply chain, but will not end there. Surely, the VP of Manufacturing will ask for warehouse data to be shared with the logistics companies since the data is already “in the cloud” and may even ask that the logistics companies share their data. You should expect also (Consideration #2) that even the end users will demand more immediate access to resources and people outside the organization. Imagine Sally asking, “Why can’t I share the agreement for real-time editing with John who works for our client?”
These two considerations alone creates the need for modern techniques in developing IAM solutions. Legacy practices (e.g. simplify and consolidate, monitor and manage, authenticate and authorize, etc.) are still relevant but these solutions must also incorporate new techniques such as identity federation, cloud service concierge, portable identities, and proxy assignments to name just a few.
Comment on this article or send me a message if you’d like to hear more details of these techniques.