Identity and Access Management solutions providers are increasingly in the cyber security spotlight as today’s IT environments consist of many heterogeneous systems and dispersed users which present access and security challenges. User needs to quickly access many systems on various platforms and instances with different technologies such as operating systems, databases, and servers make identity and access management tasks very challenging. In modern IT environments, some systems rely on social media platforms to authenticate users on their systems, yet this presents another set of security challenges. In addition, identity and access management is evolving to automate various workflows in the IAM lifecycle and improve security with advanced authentication or Artificial Intelligence (AI) as the majority of system intrusions are blamed on stolen identity information and weak identity and access management practices. Advanced automation and authentication along with AI will be key factors for best-in-class IAM workflow and security management in the coming years.
Why Companies Deploy Identity and Access Management Tools
Identity and access management tools are designed to streamline and secure the identity and access management processes by integrating various IAM components in the business model to make identity and access management efficient, seamless, and secure. The concepts of “one identity” and “device neutrality” are introduced and supported by identity and access management solutions vendors to allow users access all systems seamlessly from any device and help organizations manage the entire IAM lifecycle with increased security, process efficiency, reduced errors, and improved user satisfaction. In other words, no matter which authorized devices the users are using, they will be authenticated with the same identity to access multiple assigned systems. As BYOD (Bring Your Own Device) becomes a generally accepted concept, supporting user’s devices reliably and securely will become a necessity. Policies can be enforced on the devices that connect to the network and the identities that are authenticated through them.
Benefits of Identity and Access Management Technology Solutions
- Federated Identity – Many companies require resources outside their immediate organization to have access to their internal systems including suppliers, customers, and consultants. With arrangements between organizations and sharing of subscriber access data, IAM solutions can increase productivity and reduce cost with identity federation.
- Automation – IAM tools also allow the automation of many trivial and time-consuming tasks that drain administrators’ time. Many identity and access management vendors provide automated access provisioning and de-provisining workflow or auditing capabilities, and self-service features that allow users to reset their own passwords. Password resets can tie up helpdesk resources, not to mention be very frustrating for end users and cost conscious organizations. Just as the provisioning of resources across systems needs to be automated, so does the removal of those resources, when contractors finish their projects or employees leave or are terminated. This eliminates manual provisioning and de-provisioning by administrators, which can be very time-consuming and error-prone.
- Regulatory compliance – Since all users are often authenticated with one system in Single-Sign-On (SSO) environments, that system becomes the system of record for all user activity. This makes it very easy to implement comprehensive policies with regard to auditing, security, and access. These policies ensure that the environment is kept in compliance with the requirements of the company. Compliance with regulatory and security standards such as Sarbanes-Oxley (SOX), PCI DSS, and HIPAA would be much more difficult to accomplish in a piecemeal fashion.
- Remote Access – Many multi-national companies have globally dispersed employees and others allow their employees to work from home or remotely from other countries when work is outsourced. IAM solutions can facilitate remote access capabilities of an organization while maintaining an overall secure posture as they change their business processes.
- Enhanced security – Using an IAM tools is more secure in several ways. Some identity and access management solution providers do not limit user authentication with just a password, but also integrate biometrics, multi-factor, and device authentication. Also, instead of using a password for authentication to websites and web services, access to these sites can be integrated into the IAM processes to authenticate users with access credentials on other systems with protocols such as OAuth (Open Authorization) which is an open standard for token-based authentication and authorization on the Internet. OAuth, which is pronounced “oh-auth,” allows an end user’s account information to be used by third-party services, such as Facebook, without exposing the user’s password.
Overview of Identity and Access Management Solutions Providers
The big players Like Microsoft, Oracle, and IBM offer comprehensive suites that can deliver IAM services including directory services, SSO, automated workflow, tracking, and auditing to name a few. Smaller IAM vendors are proving to be innovative and leading the way in introducing newer technologies such as biometric authentication. Crossmatch, for instance, claims to be the market leader in biometrics, and boasts multi-factor authentication as well as advanced biometric hardware capabilities.
Evolution of the Identity and Access Management Market Landscape
Response to Societal Change
Outsourcing and the increasing utilization of consultants can spread an enterprise across the entire world. Providing people on the outside the same access as people inside the organization is now a critical business requirement. Manual access provisioning while possible would be very cumbersome, time consuming, and expensive on a server by server, resource by resource basis. The simplification of creating identities, attaching them to resources, and giving them the appropriate access is a must.
BYOD initiatives represent a change in society’s view of technology. Companies are slowly adopting the use of their employee devices for business purpose while they apply the required security measures to maintain their overall security posture. This is a shift in the control mechanism from the device itself to the network, but is also a concession to the fact that our devices are personal and part of our lives. “By offering and accepting BOYD agreements, organizations want to reduce their operating costs without compromising their security posture, and employees also want reduced smartphone cost without compromising their privacy” says Henry Bagdasarian, Founder of Identity Management Institute.
Social media is becoming a bigger part, not only of our personal lives, but also of our businesses as well. Some enterprises require that certain employees have a social media presence. The proliferation of the cloud has also created a need to support this type of access for Internet sites and services. IAM tools now commonly support the integration of social media accounts into their IAM services. “It seems to be a win-win scenario but employees need to understand their privacy rights and company’s practices of device confiscation during investigations or remote data wipe when their device is lost or stolen before they embrace BYOD as the business has the upper hand”, Mr. Bagdasarian continues.
Response to Technological Change
In the early days of personal computing, many operating systems didn’t even have a concept of separate identities. Personal computers would gradually go from being toys for hobbyists to serious tools for work. As these systems became more critical and the exploits of hacking became more widely known, security became a much more recognizable issue. Similarly, as technology increases the scope of what systems can do, the risks of failing to secure them and the data they store and manage also increase. Identity and access management solutions providers continue to respond to these challenges with new features and more robust management capabilities.
Future Trends and Direction
As Artificial Intelligence (AI) becomes more sophisticated, so will the tasks which can be automated by computers. Identity and access management technology solutions will be part of this trend. In the future, IAM tools will be able to absorb and analyze huge amounts of data and be able to cluster similar strands of data that would be relevant to the users and what they want to accomplish with the data. IAM tools will also be able to recognize problems in the environment, and resolve these problems by reacting. IAM will be able to recognize access permissions that it believes makes no sense. The tools will then remove these anomalies of access, or request that a human attest that the defined access is legitimate.
Biometric authentication will become more common in the future. This technology uses metrics of some part of the body, which vary from person to person in such a way that they can be used as a form of identification. Currently, the error rate for biometrics is unacceptably high, leading to many false positives and negatives to be a reliable form of authentication. Biometrics come in two forms: physiological and behavioral. Facial recognition, fingerprint and iris/retina recognition are some of the more common forms of physiological biometric identification. Behavioral biometrics might measure your voice patterns or patterns in the way you make certain gestures with your hands. That said, biometric authentication may be proceeded by multi-factor authentication with the use of smartphones.