The hard candy shell of the traditional corporate firewall and network has dissolved into a gooey center from the proliferation of SaaS apps and personal mobile devices.
The process of controlling identity, access and delivery of services was relatively simple when employees only had one desktop computer to log in to every morning. Unfortunately, that is no longer the case for most organizations -- whether they know it or not.
For most of the past decade, enterprise identity and access management (IAM) was a mostly solved problem. Microsoft's Active Directory or Lightweight Directory Access Protocol (LDAP) were sufficient tools for managing everything from group security policies to access to a Windows domain.
Now, organizations need tools to extend user access and identity to everything, like Software as a Service (SaaS) apps and mobile devices, while still integrating with existing investments in Active Directory and traditional Windows applications, said Gregg Kreizman, an identity access management analyst at Gartner, Inc., a Stamford, Conn.-based research firm.
Without a plan for a consumerization-era approach to IAM, factors, such as shadow IT, unfettered use of Dropbox, unsafe password management and even provisioning external temporary users, challenge IT.
Say goodbye to the old identity management ways
Legacy approaches to IAM, such as Active Directory or Oracle's Identity Manager, are failing organizations because those products can't manage access from consumer endpoints, don't support rapid adoption of cloud services and can't provide secure data exchange across user populations, said Wendy Nather, an analyst with the 451 Research Group.
A Forrester Research report on bring your own technology found that personal mobile phones and tablets are being used at approximately 65% of organizations. At the same time, nearly 30% of those surveyed said employees were also provisioning their own software on those devices to use at work -- with Dropbox, Box, SugarSync and Evernote as the most popular examples -- without IT's approval.
"There are more and more applications that are hosted beyond our perimeter," said David Miller, IT manager for Front Porch Inc., a provider of advertising tools for Internet service providers based in Sonora, Calif. "We try to vet those apps, but there are a lot of people just signing up for whatever."
Miller believes it's not the IT department's role to tell the business what applications they can or can't use. Rather, it's his job to securely deliver the best tool on whatever devices they prefer.
Most of Front Porch's employees -- Miller estimates 75% -- are content with using a Windows endpoint paired with Windows applications. However, there are a multitude of SaaS apps and personal Apple laptops infiltrating the corporate environment. While Active Directory has been good enough for the majority of IAM use cases, it wasn't up to par for seamlessly extending the corporate directory to those laptops and apps. Miller turned to a few products from Centrify to fill that void.
Most companies already have an investment in Active Directory, so it doesn't make sense to rip and replace that for the sake of better identity management. "It's still logical to build off of AD and leverage this tool that everyone has and is familiar with," said Gartner's Kreizman.
When it comes to IAM systems, there isn't a one-size-fits-all approach, and organizations need to evaluate which applications are being used today, which ones can be replaced or retired, how important mobile and remote access will be to employees down the road, and a host of other factors, Kreizman said.
Once the full scope of an organization's application and device use cases have been inventoried, it's much easier for IT departments to evaluate the correct IAM tool to purchase that will integrate into the current environment and be future-proof, he said.