By Greg Keller Posted July 19, 2016
At the heart of modern identity management rests the centralized user identity that is used to access all of an individual’s IT resources.
A single set of credentials log a user into their laptop or desktop, into servers, onto the WiFi network, with applications, and to cloud applications. This allows there to be no distinction between where the IT resource is located, what platform it is, or whether it is a centralized system or not. With one set of credentials a user has access to everything they would need.
Is a Single Identity Ecosystem a Plausible Vision?
For nearly two decades this single password system has been the dream for IT organizations across the world.
It seemed as though this dream was close to fruition in the mid-2000’s. Thanks to Microsoft commanding the internal IT network, a unity between devices and applications was created. This unity hinted at a future where a single user identity could access all of the contained IT resources.
As time pushed forward so did technology, and the result was a world of decentralized business.
The popular move to the cloud, alongside the introduction of new platforms, made it tricky to centrally manage access control. The multitude of protocols, platforms, and types of resources for admins to connect to outdated user management systems created disarray.
The Cloud Evolved, But Why Hasn’t User Management?
For the modern business there needs to be a next generation centralized user management solution.
If an organization is heavily steeped in cloud systems and web-based user apps, their IT admins need to heed these key requirements:
Cultivated from the Cloud
As on-premises infrastructure is pushed to the side by modern organizations, a centralized user management system cultivated from the cloud needs to be implemented. In its implementation this system must join users to IT resources both in the cloud and on-premises.
Identity-as-a-Service platforms are the future for user management solutions. These capable platforms are adept at operating in the cloud, on-premises, and everywhere in between. When cultivated from within the cloud, these functions are far easier to set up, versus trying to connect the cloud from on-premises.
The end game for a centralized user management system is to sync all users to the IT resources they need. In the past, nearly every resource was Microsoft Windows based and would connect to a Microsoft based directory service – Active Directory.
The game has changed quite a bit, now a multitude of systems leverage different protocols. Ranging from LDAP to RADIUS, SAML, SSH, and more, the list is rather daunting. For a modern user management system to function in a network like this, it needs to be able to grasp all of the protocols so it can successfully connect users to IT resources.
When it comes to electronic assets the most sought after are digital identities. At the forefront of this is the number one target for attackers: the centralized user management system.
The highest priority is the need for the centralized user management system to be exceedingly secure. All access to the system should be extremely secure and identities must be protected through one-way hashing mechanisms.
Likewise, the user management system must also gave internal account login failure / acceptance monitoring to protect against rogue users accessing the system.
How Do You Stack Up With These Key Requirements?
There is no graded curve when it comes to this test. The statements above are called requirements for a reason, and they are absolutely critical if you want to achieve successful centralized identity and access management. Cultivating the system within the cloud, supporting a diverse set of protocols, and maintaining rigid security standards are paramount.
These are just the baseline requirements. For more complex user management needs, IT organizations will desire even more.
Ultimately, no matter what you need, it is critical you get everything right. A centralized user management system is the nucleus of an identity management procedure. Hashing out these key requirements furthers your insight on the particular solutions that need to be enacted.
When looking at comprehensive solutions that reach all the key requirements, we’re naturally inclined to be partial to our own Directory-as-a-ServiceⓇ. Our DaaS is a cloud-based directory solution that supports protocols from SSH to SAML and more. Our prime concern is security, and we practice what we preach in offering automated password rotation requirements and by always one-way salting and hashing credentials.