Identity and access management: What is in store for 2014?
08 January, 2014
category: Corporate, Digital ID
By Dean Wiech, managing director, Tools4ever
Identity and Access Management has become a hot topic as more organizations begin to recognize that a progressive approach is crucial. The market for Identity and Access Management has not yet matured, however the space continues to grow and progress to meet the evolving needs of organizations and their customers.
What, then, does 2014 have in store for Identity and Access Management? The following are the top developments:
Popularity of the Cloud: One of the most common changes organizations have made is moving applications – which were previously installed and managed internally – to the cloud. Using cloud applications enables employees to be more flexible in terms of their physical location, while the organization becomes less dependent on its local servers and applications. Additionally, cloud applications impose far fewer demands on the equipment with which the work is done, granting employees the freedom to work from any given device including laptops, tablets or smartphones.
However, when dealing with Identity and Access Management, the cloud doesn’t make things any easier. Where there used to be tight integration within a local network, collaboration with multiple cloud suppliers – each of which have their own standards – leads to difficulties and issues.
Cloud applications each impose their own password policies, which means traditional LDAP authentication with Active Directory has become considerably more complex. Automatic management of user accounts and rights within the application is also increasingly difficult. In addition, existing on-premises APIs no longer work over the Internet, which requires the functional application manager to operate with a manual user management interface.
SSO for Web Applications: The popularity of cloud has also resulted in employees having difficulty remembering all of their accounts and credentials. To deal with this issue, organizations often offer staff a portal with direct links to the various URLs for their web applications. However, this still leaves the issue of employees needing to remember several usernames and passwords.
This is where the development of Web Single Sign-On comes in. With single sign-on, end users only have to authenticate themselves once by entering their username and password from Active Directory. WebSSO then takes over the login processes, eliminating the need for a user to enter login details again when opening an another application. In addition to being more user friendly, this process is also more secure as it reduces the need for end users to write credentials in insecure locations.
Access Governance: Strict legislation and regulations have lead to many changes and developments in the Identity and Access Management world. To comply with audits, organizations are cleaning up their functional houses and are putting their “rights pollution” under the microscope.
This pollution is often the byproduct of the rights-granting process, as rights are often issued on the basis of “copy-user.” Manually keeping track of the rights granted within an organization is a highly complicated, time-consuming process. In many instances, continually managing the rights structure is simply not feasible.
Identity and access governance enables organizations to easily ensure that employees only have access to the network resources they need to be able to perform their duties.
In the past, access governance was largely the domain of financial institutions and major international concerns. Today, identity and access governance has become more accessible to health care institutions, medium-sized companies – 1,500-5,000 staff – and other commercial organizations.
Broad access to Information Systems: Another recent development is the increasing need to make information widely available to members of an organization. Growing numbers of people want or need access to information, as well as information systems. One example of this can be seen with local authorities, where citizens increasingly need regular access to municipality’s information systems. The same goes for health care, where patients need the ability to view their own medical details.
Organizations are taking the initial steps and, alongside their Active Directory, are building up an LDAP store to enable broader access to information systems. This means that, in addition to staff, external parties must also be provisioned and made known within the network. Simply put, user IDs are necessary, and people must authenticate themselves to gain access to information systems.
Through identity and access management, it is possible to automate the provisioning and authentication process to reduce the overwhelming amount of manual labor that the IT department needs to perform.
Overall, the Identity and Access Management market continues to grow and evolve to help meet the needs of organizations and the changes that they are making within their company.