Five identity management assumptions of a cloud transformation

Enterprises know that transforming to the cloud requires rock-solid identity and access management (IAM). What they don’t realize is their original notions of IAM for the cloud are not entirely accurate.

Identity and Access Management plays a key role in enabling cloud transformation initiatives. But in order to get there, enterprises need to get past five assumptions before realizing the opportunities of IAM as a key cloud enabler.

Assumption 1: If we move to the cloud, our cloud service providers will be responsible for all security.

Reality: Cloud providers are not responsible for Identity and Access Management.

Many enterprises choose to leverage cloud services to offload the maintenance of their infrastructure, applications, and the security responsibilities around them. With the shortage of InfoSec skills in the market, the motive is understandable.

However, they soon realize that most public cloud services place IAM responsibilities squarely on the cloud service customer.

Assumption 2: We can use our existing IAM solutions for cloud services.

Reality: We need to explore identity-as-a-service.

As enterprises move beyond a couple of cloud services, they experience challenges with extending their on-premises IAM to cloud services, and keeping up with the volume and speed of cloud adoption by business users. This leaves access to cloud services largely unmanaged or ad hoc.

As concerns around the sprawl of user identities and data in the cloud increase, enterprises see identity-as-a-service (IDaaS) solutions as a viable option. IDaaS solutions are specifically designed to address cloud IAM requirements, with built-in integrations, that speed up rolling out and securing access to cloud apps.

Assumption 3: Federation takes care of most cloud IAM challenges.

Reality: Federation is a great start, but we need comprehensive IAM.

As we experienced with on-premises IAM implementations, enterprises often adopt IDaaS to address single sign-on (SSO). SSO delivers tangible ROI by improving user experience, and reducing the cost and risk of managing credentials.

Once SSO is in place, increasing operational efficiency and improving security and compliance requires comprehensive IAM capabilities, including provisioning and de-provisioning, identity governance and privileged identity management.

One of the misconceptions around managing identities in the cloud assumes that by leveraging federation standards, which many cloud services support, the identity management burden is reduced. The reality is that most cloud services require their own copies of user identities and entitlements that need to be equally managed and protected. Security controls such as de-provisioning access for a terminated employee, or discovering rogue and orphan accounts, are still as important — if not more important — in the cloud.

Assumption 4: As we transition more apps to the cloud, we expect to retire our on-premises IAM.

Reality: Hybrid environments are here to stay, we need to bridge IDaaS with on-premises IAM.

Many enterprises adopt IDaaS assuming that as they transition more applications and workloads to the cloud, they will no longer need on-premises IAM. The reality is, most large enterprises have mission critical on-premises infrastructure integrated with on-premises IAM. That foundation isn’t going anywhere in the foreseeable future.

Understanding that their hybrid environment is here to stay, enterprises are looking for tighter integration between IDaaS and on-prem IAM to improve agility and the user experience.

Assumption 5: With the right policies and tools, we can fight shadow IT.

Reality: Shadow IT will creep up no matter what you do; IAM can help us stay ahead of it.

The rise of shadow IT has increased security risks, user expectations, and pressure on IT to deliver better services faster. To reduce their risks, many enterprises took the initial approach of trying to prevent it.

Realizing that shadow IT is here to stay, enterprises are seeing IAM as an opportunity to help them get ahead of it. With agile IAM solutions, they can quickly roll out the latest apps, empower business owners, and maintain overall visibility and control. Delivering modern SaaS apps quickly, through an experience users love, provides a much more effective approach at controlling shadow IT than attempts to prevent it.

Did you experience any of these preconceptions on your cloud transformation journey?