“By 2019, more than 80% of organizations will use access management software or services, up from 55% today.” – Gartner, 2017
Access Management (AM) is evolving to support digital business requirements. AM increasingly works along with Identity Governance and Administration (IGA) and Data Sources.
Functions of Access Management
The Key functions of AM are listed below.
1. User Authentication – Verifying the identity of a user
2. Single Sign-On (SSO) – Allows a user to access multiple applications with one set of login credentials
3. Session Management – The process of managing the lifecycle of a user session
4. Coarse Grained Authorization – Allowing only members of a certain group or role to perform a privileged operation
5. Fine Grained Authorization – Allowing only a certain individual user to perform a specific action on a specific object within the target application
6. Security Token Services (STS) – The service component that builds, signs, and issues security tokens according to the WS-Trust and WS-Federation protocols
Access Management Solutions
There are various kinds of AM solutions available in the market.
1. Federated Authentication and Authorization Services: These solutions provide Standards-based SSO and coarse-grained authorization. However, they do not provide Session management and fine-grained authorization.
2. Traditional Web Access Manager (WAM) Software: These solutions provide SSO, Session management, STS, Authorization enforcement on fine-grained access targets and Legacy on-premises apps support. However, they do not provide Standards-based SSO, password vault-and-forward style web SSO, MFA, IGA functions
3. Externalized Authorization Manager (EAM) Software: The scope of these solutions is limited to providing Authorization enforcement on fine-grained access targets. However, they do not provide Authentication, SSO or STS. Strong entitlement governance and participation of target application developers are critical to success of implementation of these solutions.
4. IDaaS based Access Management: These solutions provide Standards-based SSO, Password Vaulting-and-Forwarding Style Web SSO, MFA, coarse-grained authorization, some IGA functions and reporting for web apps. However, they do not provide Fine-grained authorization enforcement. These solutions find handing of Legacy on-premises apps to be challenging and very few products offer this feature.
Gartner says that “By 2021, IDaaS will be the majority access management delivery model for new purchases, up from less than 20% today.”
Considerations for Decision Making
In this section we will look at some of the key considerations for decision making on the solution to be adopted for Access Management.
There are several Access Management solutions available in the market which are either:
1. Point Solutions that cater to one or more AM functions mentioned above at a great degree of depth.
2. Multi-function Solutions that cater to most of the AM functions mentioned above at a most commonly required level.
Components of Access Management
The key components to be kept in mind for selection of an Access Management solution are given below.
1. User Audience – Who is going to use the solution? This can be a combination of one or more of the below:
b. External users like contractors, partners
Does the solution cater to all the constituents of the expected user audience?
2. Criticality and longevity of Target Applications in scope – Does the solution cater to all the critical target applications? Often, some of the applications that are currently in use would be replaced by other applications in the immediate, short or long term. Consider if the solution must address the application currently in use, the new application or both?
3. Endpoint Devices – Users are increasingly accessing their applications across several devices. At times these can also be Internet-Connected Things. Does the solution cater to all the devices that users are expecting to access the applications over?
4. Application Architecture – Most of the times, different applications used in an organization follow a different architecture. Is the solution compatible with the architecture of the different target applications?
5. External Authentication and Authorization Options – There are solutions that support the externalization of authentication and authorization to commonly used providers such as Social ID providers. Does the solution support such externalization? Is this a requirement?
6. Location of logical and physical components of target applications – Security, Statutory and Regulatory Compliance requires the locations of the solution, data, physical and logical components to be at certain locations. Does the solution cater to these requirements?
Consider the above components based on the requirements of Target Systems and Applications of your organization. Also consider the current Solution in place and gaps in the solution to cater to the requirements.
• Access Management solutions are delivered as On-Premise, Cloud or Hybrid solutions. Consider the following:
• Organization size
• Compliance needs and risk adversity
• Need for support to legacy apps
• Availability of in-house IAM skills
Higher the level of the above considerations, On-Premise Software based solutions are recommended. If they are lower, Cloud based IDaaS solutions are recommended. Hybrid solutions can be considered where existing investments need to be leveraged.
With Cloud based IDaaS solutions, managing the solution is a shared responsibility and considerable responsibility of the solution is borne by the solution provider.
Risks vs Value
IDaaS based AM comes with its own risks. However, it delivers substantial value. Consider the following while deciding.
IDaaS based Access Management – Risks vs. Value
Rapid time to value
Security and availability
ILANTUS Compact Identity
Compact Identity is a compressed yet complete and agile yet powerful IAM solution for SMBs. It delivers where it matters – on reliability, performance and innovativeness. Build from the ground up for this size segment in specific, it is also one of the only products in the entire IAM landscape that boasts patented thick-client (SAP etc.) Single Sign-On and Provisioning. You can get a full IAM suite with SSO, Password Management, ULM and AG for a subscription fee that is highly competitive across the entire market. Compact Identity is the first and last word in quality SMB Identity and Access Management.
Reach out to us at firstname.lastname@example.org to know more