Ease your pain with identity management as a service

As cloud computing becomes mainstream, it's possible to move almost any type of traditional IT service to the cloud. Identropy offers identity and access management as a service in a private cloud. With Identropy's pre-configured, pre-architected solution, it's possible to get a solution up and running very quickly and at a fraction of the cost of a traditional custom-developed IAM solution.

As cloud computing moves from the fringes and into the mainstream, most organizations have become comfortable with the idea of software as a service. It makes so much sense to let someone else host and maintain an application instead of buying or building it for use in-house.

Many companies also are warming to the idea of other major IT components being delivered as a service. Management as a service. Mobility as a service. Even infrastructure as a service. The whole notion is to reduce cost and complexity by letting someone else invest in and be responsible for the hardware, software, operations and maintenance of common IT components.


But have you considered the benefits of acquiring enterprise identity management as a service? Identity and application access management is now ripe for a cloud outsourcing model because of the cost, the complexity and the nature of specialization.

In many cases, an organization will do identity management the old-fashioned way -- it will buy the software, implement it internally with a consultant, get trained on its use and then own it. The whole process easily can take more than a year to implement and cost the company millions of dollars. The bulk of the cost can be attributed to the implementation and training components, which can be three to five times the cost of the software and the ongoing ownership. When the consultants hand over the system and walk out the door, the internal operations team has to manage a complex system that is intimately tied to the organization's business processes and applications.

This approach has several pain points. First, in today's era of cloud computing, it's taking way too long and costing way too much to implement the system. Next, once the consultants walk out the door, the operations team is put into reactive mode, not knowing what to do if something breaks, or spending too much time trying to resolve minor issues. And finally, an identity management system must keep up with the organization's needs. What happens when new business processes or applications -- especially those that are outside the enterprise firewall, such as SaaS applications -- need to be added to the mix?

Not surprisingly, these are the same issues that gave rise to software as a service.

Identropy wants to take away the pain. Identropy's solution is a cloud-based service where companies can deploy their identity and application management infrastructure. Within that private cloud, Identropy already has the IAM software installed, pre-architected and pre-configured based on the most common configurations and architectures that more than 80% of Identropy's 120-plus customers already utilize. This takes away much of the time and cost of getting an identity management system up and running. Customers plug the Identropy solution into their back end systems and tweak the configuration to make sure it works effectively and provides the access governance capabilities they are seeking.

Once the system has gone live, the next step is to utilize a hosted operations platform to monitor the entire infrastructure, including the identity management engine, the connectors and every single component of this relatively complex infrastructure. Identropy calls this operations platform SCUID, or the Secure Co-sourced Unified Identity Platform.

SCUID provides a complete suite of IAM services including Identity Governance and Compliance and Identity Lifecycle Management services -- all managed and monitored by Identropy's services for IAM operations management with its SCUID Operations module. The co-sourced services are built on pre-configured virtual appliances that can be deployed either on-premise or hosted in Identropy's private cloud, a SAS 70 Type II facility that is connected to the client's infrastructure via a secure site-to-site VPN connection.

The identity management functions of the SCUID offering are managed with virtual appliances that provide automated provisioning, de-provisioning and other user life cycle management capabilities. The appliances, as part of the overall solution, are pre-configured with the following workflows and reports: Profile Registration, Password Self-Service Reset, Help Desk Assisted Password Reset, Scheduled User Termination, Emergency User Termination, Scheduled Automated Provisioning, Request and Approval Provisioning, Contractor Account Provisioning, Orphan Account Reporting and Terminated Users Reporting.

These virtual appliances are location independent so they can operate inside the customer's firewall or in Identropy's private cloud. Regardless of where the virtual appliance is located, the Identropy monitoring service will have a holistic view of the health of the organization's overall IAM infrastructure. This holistic view is presented to the subscriber via the SCUID Operations Portal Dashboard, which provides graphs and charts that illustrate the state of the software logs, the health of identity management workflows, OS event logs and the last update date for configuration settings. It also provides authentication audit trails and workflow approvals for remediation activity, as well as update request forms for changes to the IAM system configuration regardless of where the appliance is located. This approach cuts across all of an organization's IAM component silos to provide overall visibility and better identity governance.

As for managing identities in the cloud for applications such as those offered by Salesforce.com, Identropy has an identity connector for the cloud (IC2). IC2 is a hosted or on-premise gateway that allows an organization with an existing identity management provisioning solution to simply plug into Identropy's IC2 gateway, which is an outbound proxy to extend user management to SaaS providers. The IC2 gateway is based on SPML (Service Provisioning Markup Language), which enables organizations to extend their identity management and access governance processes to their cloud-based applications, just as they are managing traditional enterprise applications today.

IT organizations today are expected to do more with less when it comes to all facets of application and data security for both internal and now external cloud-based applications. Many times these organization are resource-constrained and are challenged as to how they are going to be able to go out to the cloud when many times they barely have the resources in place to manage what they have in-house. Identropy enables organizations to be more effective at managing all aspects of identity management so as to free their IT administrators to more efficiently manage their environment.

Brian Musthaler is a principal consultant with Essential Solutions Corporation. You can write to him at Bmusthaler@essential-iws.com.


About Essential Solutions Corp:

Essential Solutions researches the practical value of information technology, and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.

Learn more about this topic

Guide to cloud management software

Six tough questions for your next IaaS vendor

Cloud computing presents new challenges for management software

Copyright © 2011 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022