According to Gartner (News - Alert), by the end of 2014, IDaaS (Identity Management-as-a-Service) will account for 25 percent of all new IAM sales, compared to less than 5 percent in 2012. At the same time, the explosion of cloud-based apps is taking the enterprise by storm.
In fact, OneLogin's 2013 State of Cloud Application Access Study showed that 78 percent of respondents plan to increase the number of cloud apps in their organizations this year.
As we reach this tipping point in cloud adoption, it’s important for IT pros to ask the right questions of cloud identity management providers. Here are 12 of the most critical:
Real-time directory integration means that all directories are updated whenever changes are made in one directory within seconds, creating a “kill switch.” This is important as the last thing you want is sensitive data sitting out there in the cloud that's still accessible by former employees. Yet according to our survey, 20 percent of firms admitted that former employees could still access applications after they no longer worked for the company.
By its very nature, a single sign-on service to other applications must be extremely reliable. While some SaaS vendors operate with planned partial or full downtime, a cloud-based single sign-on solution should perform without planned downtime – this includes planned read-only mode for the admin interface during upgrades.
Since the value of an identity management solution is a direct function of its ability to integrate across an organization’s IT assets, any head-to-head product evaluation should start with a comparison of the competing vendors’ pre-integrated offering. The size of the app vendor ecosystem and directory types is paramount (Active Directory, LDAP, Workday, GoogleApps, etc.), but don’t overlook other types of infrastructure such as VPN integration (Juniper SSL VPN, Cisco (News - Alert) ASA, SonicWall, RADIUS-based VPNs, etc.)
In today’s dynamic business environment, even smaller businesses or teams need to be ready to incorporate new network infrastructure and applications. Whether it’s through an acquisition, new branch office or joint venture, IT needs to consider the advantages of having a complete and highly extensible identity platform that can cover requirements when business needs change. Does the IAM vendor offer free SAML Toolkits for all five Web development frameworks or third-party SAML plugins for popular Web apps like Drupal, Joomla, Moodle, Wordpress, and Atlassian’s Jira and Confluence?
Do you have access to a well documented REST API for unique requirements?
Fact is, many SaaS applications offer built-in provisioning capabilities, including Box, Clarizen, Dropbox, Echosign, Google Apps, GoToMeeting, HipChat, Netsuite, Parature (News - Alert), RemedyForce, Salesforce, SAManage, WebEx, Yammer and Zendesk. For example, upon creating a new user in Salesforce, you should also be able to assign the new user to the Admin, Marketing or Sales group based on business rules inside the IAM solution. Most IAM vendors offer real-time user provisioning, importing, matching and de-duplication as well as Just In Time Provisioning into the IAM directory. But most stop at basic CRUD operations.
Modern cloud-based IAM solutions should empower IT to take back the security controls they once had when all their applications were behind the corporate firewall.
Flexible roles and privileges mean that you can give users the power to manage accounts, groups or specific users. This means that a LOB manager could administer his own group and users.
This flexibility could be important for the ability to separate app administration from user management.
You may find it useful to use attributes in Active Directory as an indicator for assigning roles (groups of applications), group memberships (policies), as well as performing bulk operations (like activating users).
Bulk operations should let administrators perform operations on sets of users based on any combination of role, group and status. Examples of bulk operations include applying mappings, sending invitations, activating accounts, deactivating users and forcing password resets.
Seventy-two percent of the respondents in our survey have the need to provide external users (i.e. consultants) with temporary access to the company’s cloud applications. Will you ever need to manage cloud app access outside of your on-premise AD model? Would it be beneficial for you to be able to write and rewrite rules in seconds without changing your on-premise security permissions?
Does it work seamlessly across the web, mobile and iPads? Can your users search across cloud apps in real-time? How easy and secure is your Mobile OTP App for Multi-Factor Authentication (e.g. is there a Push feature to send the one time password out-of-band over a cellular or wireless network without having to enter the digits manually?).
Our survey showed that 71 percent of respondents admit to using cloud applications that have not yet been sanctioned by their IT department (like Dropbox (News - Alert) and Gmail) to get work done. The ability to quickly add new apps will be crucial to overall security.
Thomas Pedersen is chief executive officer and founder of OneLogin, the innovator in identity management with 12 million users across 700 enterprise customers in 35 countries, including AAA, Gensler, Netflix, News International, Pandora (News - Alert), Steelcase and PBS.
Powered by Technology Marketing Corp.
Ph: 800-243-6002 , 203-852-6800
Fx: 203-853-2845 | Contact Us