Skip Links

Identity and access management as a cloud-based service eliminates time, pain and cost

IT Best Practices Alert By Linda Musthaler, Network World
January 18, 2013 12:00 PM ET
Linda Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

Network World - Venture capitalist Marc Andreessen may have proclaimed 2012 as "the year of SaaS," but experts believe the market for applications in the cloud is just getting ramped up. More and more companies are realizing that SaaS apps can make their lives easier by helping them address their business needs in a timely fashion while also reducing their IT overhead burden.

Despite the fact that the SaaS model means the application and associated infrastructure are under the control of the service provider, there's still a big IT challenge. The company using the application is still responsible for the core functions of identity and access management (IAM). That is, the company must handle its own provisioning and de-provisioning of user access rights and be able to automate the administration of user accounts and demonstrate ongoing compliance with regulatory and internal policies. According to Gartner, this can be a real challenge because SaaS supplier support for standard IAM interfaces is minimal.

BACKGROUND: The cloud services explosion

Traditional on-premises IAM solutions aren't a good fit with SaaS applications. In today's era of cloud computing, it takes way too long and costs far too much to implement an old-school IAM system. Such systems aren't flexible enough to handle new business processes or applications -- especially those outside the enterprise firewall, such as SaaS applications -- when they are added to the computing mix.

Now there is a small but growing market for IAM offered as a service, or IDaaS. Interest in IDaaS comes from midsize to large enterprises that need to manage access to applications in the cloud as well as to legacy on-premises applications. These organizations want a single IAM solution that can provide secure account provisioning across both environments. They also want a solution that doesn't require a big investment in outside expertise to develop or customize all the application connectors.

One company targeting this market niche is Identropy. The company just released a revamped version of its operations platform called SCUID (pronounced "squid"), which stands for Secure Cloud-based Unified Identity Platform. This version, called SCUID Lifecycle, is hosted in a private cloud so the software can be updated as needed to accommodate frequent changes in business requirements.

SCUID Lifecycle works across a hybrid enterprise to manage both on-premise applications and cloud applications. It provides several identity lifecycle management services, including:

  • Self-service for access requests and password management
  • Workflow-based administration and provisioning
  • Automated provisioning and de-provisioning
  • Governance via identity recertification and reporting

SCUID Lifecycle connects to SaaS applications directly using the providers' own native APIs. This enables Lifecycle to execute actions such as reconciliation, provisioning and de-provisioning, and recertification. There is an emerging standard called SCIM (pronounced "skim"), which stands for System for Cross-domain Identity Management. Once the standard is ratified, it will be a means for SaaS applications to support the IAM transactions. Until then, Identropy works with the various application providers using their own APIs.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News