In the past few years though, IAM needs have changed dramatically. Employees expect access to company systems anytime, anywhere; customers expect immediate and constant access to user-friendly, consumer-facing data; and partners need access to various apps with limited access to company data.
Traditional IAM cannot protect the modern web
Traditional IAM solutions were designed exclusively for the on-premises enterprise; they were not equipped to handle or adapt to the immediate demands of the modern Web. Let’s remember that the common use cases that influenced the initial development of traditional IAM were based on a very different set of business needs when compared to today’s needs. Early IAM was developed to secure employee identities and protect enterprise applications and data that were maintained behind the company firewall. The access devices were provided to the users (employees) by the company, usually a desktop or laptop. The scaling requirements were limited to the company’s employees so a deployment that exceeded 100,000 were rare. While use cases such as onboarding and off boarding of users were common, these processes happened at a much slower pace compared to today and were necessitated by predictable and intermittent events such as the hiring of a new employee.
In Gartner’s Ian Glazer’s presentation, Killing IAM in Order to Save It, he states that “current enterprise identity and access management cannot adapt and cannot evolve to the contemporary web. Identity management presently is ensconced in a reasonably static world. Identities are created, owned and managed by the enterprise. The problem is the world around identity management is growing both larger in terms of the constituents that have to be served and moving faster than this static model can keep up with.”
Glazer notes that “the current style is slow, requiring changes when an individual is added, moved or leaves an organization, and while this works fine, this isn’t the current pace or style of the modern enterprise, partners, or the customers that are working in the modern Web. Legacy IAM systems are a part from instead of a part of other crucial business services of an enterprise which ultimately is inconvenient and requires additional work. Modern systems need integrated systems.”
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.