By Greg Keller Posted June 13, 2016
Let me lay out the vision for you of modern identity management.
It starts with one central user identity that is used to access all of an individual’s IT resources.
The same set of user credentials log the user into their desktop or laptop, onto the WiFi network, into servers, with applications, and to cloud applications. There is no distinction between where the IT resource is located, what platform it is, or whether it is centrally managed or not. Users simply have access to whatever they need with the one set of credentials that they control.
But is a Single Identity Ecosystem Actually Possible?
This vision has been the “Holy Grail of IT” for almost two decades.
It was almost within reach in the mid-2000s. With Microsoft dominance of the internal IT network, there was so much unity across devices and applications in the enterprise that it was actually plausible for all of these relatively contained IT resources to be accessed through a single user identity.
But today, things are much more decentralized.
With the dramatic move to the cloud and the introduction of new platforms, it is more difficult than ever to centrally manage access control. There are simply too many different protocols, platforms, and types of resources for admins to connect to antiquated user management systems.
Why Hasn’t User Management Evolved with the Cloud?
Modern organizations need a next generation centralized user management solution.
For organizations that are leveraging cloud systems and web-based applications, here are the key requirements that IT admins should think about:
Delivered from the Cloud
Modern organizations are moving away from on-premises infrastructure, not towards it. A centralized user management system not only needs to be delivered from the cloud, but also needs to connect users to IT resources both in the cloud and on-premises.
Next generation user management solutions often called Identity-as-a-Service platforms are capable of functioning adeptly on-premises, in the cloud, and everywhere in between. It’s much easier to accomplish that being delivered from within the cloud, then trying to reach the cloud from on-premises.
The goal of a central user management system is to connect users to all of the IT resources that they need. A decade ago, virtually all of those resources were Microsoft Windows based connecting to a Microsoft based directory service, Active Directory.
Today, there are a large number of varying systems leveraging different protocols. These protocols range from LDAP to RADIUS, SAML, SSH, and a variety of others. In order for a user management system to work in a modern network, it needs to be able to handle a variety of protocols in order to connect users to those IT resources.
Digital identities are the most sought after electronic assets. A centralized user management system is a high value target. It is the key to your digital kingdom.
As such, the central user management systems need to be highly secure. It needs to protect the identities through one-way hashing mechanisms and access to the system should be highly secured as well.
Moreover, the user management system should also have built-in account login failure / acceptance monitoring to ensure that rogue users have not accessed the system.
Where Do You Rank on these Key Requirements?
This isn’t the type of test you can score 50% on and then round up. There’s a reason that we call them requirements. If you want to achieve centralized identity and access management, then you need to deliver the system from the cloud, support a wide variety of protocols, and maintain stringent security practices.
And really, those are only the requirements. From there, some IT organizations will want even more for their more rigorous user management needs.
No matter what your needs, it’s important to get this right. The user management system is the core of any identity management approach. Thinking through the key requirements allows you to gain insight on the specific solutions that need to be implemented.
When it comes to solutions that can address all of these needs, we’re partial to our own Directory-as-a-Service®. It’s a cloud-native directory solution that supports a wide variety of protocols from SAML to SSH and more. Security is our top priority, so we always one-way salt and hash credentials and we also offer automated password rotation requirements.
If you’re interested in how DaaS could help you achieve centralized user management, then reach out to us today or get started with a free trial for the first ten users.