BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Enterprise identity management, including user authorization, is an ongoing challenge for IT staff. They need to strike a balance between keeping information secure and making it simple for users to access the resources they need. Cloud computing presents organizations with both new challenges and opportunities to create that balance.
Identity management challenges are evident in the news. In 2017, high-profile breaches -- some of which involved millions of records -- occurred at more than two dozen well-known firms, including Arby's, Dun and Bradstreet, Microsoft and Verizon. For the enterprise, these breaches emphasized the importance of strong security checks to keep the bad guys out.
Keys to the kingdom
Medium and large organizations have hundreds or thousands of users and applications, each with their own set of security checks. And cloud further complicates enterprise identity management; it introduces new and potentially more application types, more integration points between the data center and third-party providers, and more ways to access IT systems.
Dan Blumprincipal consultant at Security Architects LLC
"Hackers focus on getting user and system administrator credentials," said Dan Blum, principal consultant at Security Architects LLC in Silver Spring, Md. "Once they have them, they have the proverbial keys to the information system kingdom."
Unfortunately, that quest is often a simple one for hackers. Traditionally, organizations relied on passwords for authentication. Through the years, as the threat landscape increased, passwords became longer and more complicated. In many cases, employees are required to enter a half dozen or more items, including numbers and special characters. Forcing them to open a new browser tab for each application, and then sign in every time, is tedious and time-consuming. Users need an easier way to access information.
Enterprise identity management takes to the cloud
Cloud-based identity management systems, such as those for single sign-on, are designed to fill that void. They enable employees to enter their credentials once and then access whatever resources they need.
Given the growing number of cloud applications in the enterprise, IT's desire to speed up resource deployment and the increasingly complex security landscape, competition in this market sector is intense. Both old-school and new vendors have entered into the cloud identity management mix.
As for legacy vendors, many enterprises still rely on Microsoft's Active Directory (AD) as the foundation for their user authentication processes. Microsoft also has Azure AD, a cloud service that can integrate with the on-premises version.
"Microsoft has had significant success selling Azure AD Premium, which is usually bundled with other offerings, such as Office 365, and the Enterprise Mobility + Security and Secure Productive Enterprise suites," said Gregg Kreizman, research vice president at Gartner.
CA, IBM and Oracle are other legacy vendors that lead in the cloud access management space, according to Gartner.
In addition, numerous startups have built cloud authentication systems. Okta, for example, offers its Okta Identity Cloud, which integrates with more than 5,000 applications and offers single sign-on and multifactor authentication capabilities.
Ping Identity, which also offers a number of tools for user identity and access management, is geared more toward larger enterprises, according to Gartner's Kreizman. Other startups in this market are Atos, Centrify, Covisint, ForgeRock, i-Sprint Innovations, Micro Focus, OneLogin, Optimal IdM and SecureAuth.
Navigate a complex landscape
Vendors that build enterprise identity management tools for cloud -- and the organizations that use them -- face a number of challenges. Users need access to different types of resources that demand varying levels of security. For example, if a user needs access to company background information on a website, rudimentary checks can be sufficient. With more sensitive data, such as e-commerce transactions or employment payment information, the enterprise requires more robust security checks. In this case, companies often require two forms of identification: a password and a biometric imprint, such as a fingerprint.
Also, the number of cloud applications and standards that these enterprise identity management tools need to support grows rapidly. As users rely on a wide range of applications, social media systems and devices, the authentication systems need to keep pace, Blum said. In some cases, enhancing their products to keep up with these customer demands will tax vendors' development resources.
Businesses continue to expand their cloud applications' footprint and need enterprise identity management tools to ensure that only qualified users access them. While cloud authentication systems help, they still face some challenges in keeping intruders out and letting users seamlessly access corporate applications.
Consider the core requirements for IAM in public cloud
Is a cloud access security broker right for you?
Control your cloud kingdom with Google Key Management