Top Five IAM Challenges
From small and mid-sized businesses to Fortune 500 companies, IT organizations everywhere are abandoning on-premises software in favor of on-demand, cloud-based services. As more companies transition to hybrid configurations, maintaining tight control over resource access becomes increasingly important. In addition, users must keep track of the countless URLs, usernames, and passwords they use to access their applications and data. The following are the top five identity and access management (IAM) challenges associated with adopting a hybrid environment, along with some best practices for addressing each of them.
- Challenge #1: Protecting Resources in the Cloud
Enterprises eager to leverage the benefits of the cloud (e.g. scalability, customization, mobility, and more) are transitioning away from traditional environments at an astonishing rate. Specifically, we are seeing enterprises migrating IT workloads to a hybrid infrastructure, with cloud environments seeing the greatest growth in adoption. The hitch is that common, on-premises legacy identify management deployments can be difficult to replicate in a cloud environment.
Therefore, protecting cloud resources will require a shift in IT—whether that means expanding an existing legacy access management platform or implementing a new one. Both come with challenges. If remaining on-premises, mirroring components such as the heavy database infrastructure for session storage, policies and encryption keys is complex and expensive to manage. Deploying a new solution, however, means overcoming some migration complexities, as well as a learning curve. On the whole, however, pursuing a cloud-ready solution has a far greater upside.
IAM systems can be cloud-based (IDaaS) or on-premises; a modern cloud-IAM solution is generally much more lightweight and cloud-ready, allowing protection for resources hosted on-premises and in the cloud. Today, more organizations are moving to cloud IAM systems. Reports indicate only 38% of enterprises expect to remain on-prem for the next three years; 60% will rely on a third-party IAM service that supports multiple cloud environments and unifies access across on-prem and public-cloud resources. These hybrid or SaaS-based solutions and policies can be easily extended from on-premises to the cloud to ensure the right people have access to sensitive resources. Additional advantages of Cloud IAM include cost savings in infrastructure and maintenance, increased reliability, for reduced risk of downtime, and ease-of-upgrade, so your software is always current.
- Challenge #2: An increasingly distributed workforce
Remote employees are increasingly becoming the norm rather than the exception; in the last decade, the number of remote workers jumped 115%. One strategy for recruiting and retaining the best talent is providing a flexible work environment. However, with employees requiring access from all over the globe, maintaining a consistent user experience without sacrificing security is a daunting challenge for IT teams. Reduced visibility and control over employee work practices have made traditional workplace security methods impractical. To further complicate matters, BYOD enables employees, contractors, partners, and others to connect devices and access the corporate network. IT needs to address these devices and protect company assets without disrupting employee productivity and the user experience.
Many organizations have IAM best practices in place, however these practices and procedures are only effective if they are adhered to across the organization. Unchecked or mismanaged exceptions to IAM policies are the most common cause of compromised data. Even with policies in place, it’s critical to periodically review and validate your IAM program for areas of strength and weakness and make adjustments as necessary. In addition, IAM needs to be included in your overall modernization strategy to ensure the solution you implement today is still secure tomorrow.
- Challenge #4: Lack of a centralized User Directory
The effective management and security of user identities and data requires visibility into all aspects of IAM, yet many organizations still lack this essential component. Without a unified approach and a centralized user directory, identity sprawl is (or will become) a real challenge. Identity sprawl occurs when a user’s identity is managed by siloed, unsynchronized systems, resulting in multiple identities for each user. Investment in a corporate directory (such as Microsoft Active Directory) is necessary to manage access to on-premises network resources. And as your organization adopts cloud-based services, most can be extended into the cloud. Oftentimes, however, an application isn’t—or can’t be—integrated with the central directory service, requiring the management of another set of user identities to support access and grant permissions. With cloud and SaaS-based services being accessible to IT and non-IT staff alike, this challenge is not going away.
One of the main challenges of identity sprawl is being aware of every system that contains identities and data security management, so the first critical step is to identify these systems. Once this step is complete, it’s essential to gather all requirements and layout a unified plan. If the chosen solution fails to support your requirements and provide the services users require, your project will also likely fail. In addition, when establishing a centralized repository, it’s important to analyze risk to determine the potential impact of centralizing critical data so appropriate countermeasures may be implemented.
- Challenge #5: User Password Fatigue
This oneThe growth of cloud-based applications means users must remember an increasing number of passwords and may be required to use numerous authentication protocols. User frustration can result from the additional time needed to manage multiple passwords along with varying requirements for password complexity, history, expiration length, etc. Users tire of remembering passwords for different accounts and as a result use the same password for multiple accounts. The problem, of course, is that if one account becomes compromised, others can be easily compromised as well. Due to the prevalence of outside threats, passwords have become essential to holding and managing accounts, yet companies continue to rely on key accounts that serve critical functions (e.g. human resources, finance, access to protected data, and contract management). A balance of security and ease of management is essential to keep these critical accounts safe.
Enterprises can readily make password issues a thing of the past by federating user identity and extending secure Single Sign-On (SSO) capabilities to SaaS, cloud-based, web-based, and virtual applications. However, solid design and groundwork must be laid in order to trust the identities being federated. Assessment and cleanup of your Active Directory (or whichever directory is your trusted source) is absolutely vital. In addition, once implemented, having governance in place to ensure users are provided appropriate access is a key component of ongoing security.