By Greg Keller Posted June 21, 2016
There’s a lot to think about when planning your identity management strategy – and while you can find a bunch of pages online that try to tell you the best IAM approach, the truth is that the right strategy for you really depends on the nature of your enterprise.
That’s why we’ve developed the series of questions below. By answering them, you’ll be able to make informed decisions about identity and access management and begin planning the path ahead.
Before we begin…
We’ve organized the questions into five categories: IT Infrastructure, Device Management, Authentication Requirements, IT Process, and Infrastructure.
We’ve aimed for this to be a thorough and comprehensive analysis tool for sys admins and IT admins / departments. But if you have any questions or would like to reach out to us for more information, don’t be shy! Reach out on our Contact Page.
Types of devices / operating systems
What types of devices do you have and what operating systems are they running? If you are running a homogenous environment, will you continue to do so?
Email infrastructure and productivity solution
Are you using Google Apps, Microsoft Office 365, or are you still on-premises with Exchange? Whichever email infrastructure you have, you’ll want to ensure that your identity management platform integrates with it seamlessly. And, if you are using Microsoft Office, don’t be surprised if you are forced to move to O365.
When dealing with cloud resources, it’s usually best to employ a cloud identity management service, also known as SaaS-based Identity Management or Identity-as-a-Service.
List of applications (on-prem and cloud)
Create a list of all of the applications in use at your organization. Who are the administrators of them? Are they cloud-based or on-premises? Do you have in-house applications that may need to be managed directly? Again, the more cloud-based applications you use, the more likely that SaaS-based Identity Management or Identity-as-a-Service will be the right fit.
Authentication support of applications
For your applications, what modes of authentication do they support? Can you authenticate via LDAP, SAML, OAuth, or other protocols? Add the protocol next to your application so that you can track everything.
Are you using IaaS providers and what types of compute, storage, and managed services do you have there? How will you manage user access to those resources?
What network infrastructure do you that needs to be managed? Is it just WiFi equipment or do you also have switches, routers, and VPN on-premises?
Do you have remote workers that need to be connected to IT resources? If so, you’ll want to account for how they are granted access and you are able to control their authentication. If they are employees of your organization, do you need to also control their devices?
Do you need to manage policies on your devices? Perhaps, you need to map networks drives or disable guest logins.
Are you interested in managing security policies remotely on your devices? Some organizations ensure that their hard drives are encrypted or that the screen locks after a period of time. If you are subject to compliance requirements, you may have a number of security requirements on your devices.
Many organizations leverage their ability to manage their devices via their identity management solution and they use that ability to set device configurations. Do you want or need to have this capability as well?
What compliance statutes are you subject to? Do you know the detailed requirements and how your identity management solution needs to support those? In this case, are you subject to password requirements, a requirement to use SSH keys, or perhaps multi-factor authentication (MFA or often called 2FA)?
Username / password requirements
What requirements do you have around your username and password structure? Do you have conventions that your identity management system needs to support?
Public/private key use
Do you use SSH keys in your environment? How do you plan to integrate them into your identity management platform?
Are you interested in or required to have higher levels of authentication? If so, how will you integrate MFA into your strategy?
You’ll want to design your identity management workflow to be efficient and secure. What does that look like? Who is involved in what aspects? What are you planning to automate and what will be manual? Do you need integrate with other solutions? Perhaps an HR system?
On-boarding / off-boarding
How will you ensure that your users are on-boarded properly and have access to everything that they need? And, just as importantly, if not more so, how will you terminate access everywhere upon a departure?
Resource: get the 2016 IT Department Guide to Onboarding and Offboarding Employees [free]
What are you comfortable having end users do themselves? Reset their passwords? Upload new keys? What do you want to still retain control over?
APIs for integration
Do you need to automate some portions of your access control process? If so, you’ll need to have an open platform with APIs that you can work with.
Your identities are key digital assets. How will you ensure their security? What is your plan to protect them and how would you detect a breach?
Do you need your vendors or platform to have third party certifications? If so, which ones?
Auditing / logging
What audit and logging are you looking for? What do you need for your own internal peace of mind and what do you need for your auditors, if you have them?
Cloud / on-premise options
Are you looking for a solution that sits on-premises with you or are you thinking about a cloud-based solution? Both have pros and cons – have you thought all of those through?
Reliability / availability
Your identity management system is the gateway to your infrastructure and it is the one platform that every user needs to do their job. How will you ensure that it is always running and functional?
Got More Questions than Answers?
This is a long, comprehensive list of questions. But that’s only because the IAM landscape is a complex place.
You may not have all the answers right now and you don’t have to. The good news is that we have one last resource for you (and it’s free too). You’re one click away from our 2016 IT Guide to Identity Management. Inside this 23-page PDF, you’ll find an overview of the IAM market, along with a rundown of the biggest challenges in Identity Management, paired with the most effective and innovative solutions.
Choosing the right identity management strategy can be daunting. There is a lot to consider. However, with a strong action plan, you can quickly uncover your core needs and then take the best approach to solving them.
We’ll extend our offer one more time to reach out to our identity experts at JumpCloud through our contact page. If you’re interested in centralizing user and device management through a cloud-based, Directory-as-a-Service® Identity-as-a-Service platform then get started for free here.