I was flipping around the 320 channels on TV yesterday and came across an old episode of Seinfeld. It’s the one where Jerry is asked to fill in as a doorman for a high rise. While standing sentry, he lets various people through and finally leaves his post only to find the lobby couch was stolen. It got me thinking about how many companies simply leave the proverbial front door open and practically let anyone access data on their network without secure authentication.
User identities are at the core of your business. Organizations need to manage access to corporate resources and systems to an ever changing flux of employees, consultants, partners, vendors, suppliers, and customers. And each has their own agenda in terms of the information they wish to access. Without an identity management framework, all any of these people need to do is knock on the door and the doorman will let them in. And once they are in the front door, someone might steal a lobby couch.
Most IT professionals are well aware of the benefits of Identity Access Management; the ability to provision and de-provision users, manage passwords, control authentication, automate workflow approval, facilitate federated interoperability, single-sign-on submit online forms and hopefully provide some degree of user-self-service. These are powerful tools to help dissuade network abuse and protect IT assets.
This issue is not to debate whether an organization benefits from a well-positioned IDM/IAM initiative, but rather what is the best way to deploy and manage. In that respect there are three points of comparison of whether the cloud or a more traditional deployment is best suited for an enterprise: functionality, control, and cost.
First is functionality-it is obvious that any initiative successfully achieve the basic promises of IDM-to authorize and authenticate users to access and use various applications, and network resources whether they are sitting on a company’s server or virtually within some cloud-application. On the surface between cloud and on-premise, this is a push; both have very strong features. In most cases, they have identical robust feature sets. The key differences are modular scalability and speed of deployment and automated processes. The cloud is infinitely more flexible in the ability to ramp up and down depending on the number of users, their roles and applications. Because of the inherent processes built into several cloud offerings, companies gain a considerable resource bounce. Just the automations alone (such as real time employee status change, rule-based role apportioning, and password management self-service) remove time-draining burdens while allowing both the IT staff and the users themselves to be more efficient and effective.
Next, consider control. The architecture of the modern IT landscape is changing quickly and dramatically. In many cases traditional IT methods are no longer effective. And when you consider control, it is not about ceding the power to shape your IT environment, but the added ability to centralize things both inside and beyond your office walls. There are just too many variables from cloud-based apps to the unknown security protocols of your vendor/suppliers to evolving business needs. What security-as-a-service offers is administration under your rules and your supervision. It removes your staff from the day-to-day lower level priorities that prevent the completion of higher value tasks while promoting enterprise-wide consistency and risk mitigation including maintaining audits and compliance.
Think about your current system. How long does it take to create the proper access channels if Sally gets a promotion to sales manager. The position requires a whole new set of permissions and access to reports, applications and the like. What if the person Sally is replacing was terminated? How long before he is deprovisioned and alerts set up for when the username is used? How long does it take to set up your latest supplier with access to your SaaS ERP so they can accurately predict inventories and fulfill your orders? In the cloud it is instantaneous. It automatically incorporates your workflow approval. And, let’s not even get started on how many times the phone rings because the account manager overseas forgot a password. If released from these tasks (through strict process authentication), how much more could you accomplish in a day?
And finally, cost. Like its cousin SaaS, there are immediate cost efficiencies and ROIs within the cloud. Traditional in-house enterprise security infrastructure is expensive. Typically the services required to implement in-house Identity Management systems are a ratio of 2:1 or 3:1 (and sometimes higher) of professional services costs to software licenses. And adding to the cost burden is extended implementation cycles. Additionally, corresponding high-availability and high-capacity hardware is usually required. All of these components drive up the cost and deployment times of the overall initiative making the entire package unaffordable for many organizations. That is why only the largest of the enterprises have enjoyed the benefits of enterprise security solutions. The cloud removes the barrier and adds a zero-deployment factor to the bottom line.
There are arguments for and against each factor, but when you weigh them holistically, security-as-a-service makes a great deal of sense.
No one doubts the expense in terms of corporate capital and personnel dedication it takes to create a proactive identity management system. However in this day and age…you need a doorman who will verify credentials, only allow access to particular floors and keep watch over your belongings. But if that doorman has to watch over a dozen buildings, each with its own entry protocols, wouldn’t it be nice to have an automated alternative, that does twice the job at a fraction of the cost?