By Cassa Niedringhaus Posted December 2, 2019
Today, just about anything is delivered “as-a-Service” — including identities. The as-a-Service model allows service providers to deliver myriad utilities to consumers and organizations as outsourced solutions, but we’ll examine the basics of Identity-as-a-Service (IDaaS) through a cloud identity management service.
With identities delivered as-a-Service, IT admins can grant one authoritative identity to each employee and centrally control those identities, thereby locking down their organizations’ security.
Through modern IDaaS, each employee has one authoritative identity they use to access most if not all company resources, regardless of vendor or platform. The same identity (i.e. username/password, SSH keys, MFA tokens, etc.) grants them access not only to their laptops or workstations but also to the office WiFi via RADIUS, applications (i.e. Salesforce®, GitHub, etc.), and file servers. Think of the identity as the gateway to company resources.
Identities are not stored in multiple, independent silos but instead are stored in a central directory and provisioned to resources through an IDaaS platform.
However, this was not always the case. IDaaS previously referred to web application single sign-on solutions (SSO), which are not the comprehensive identity management solutions that exist in the IDaaS sphere today. Historically, first generation IDaaS solutions were built on top of the core identity provider, which lived on-prem.
The comprehensive Identity-as-a-Service solutions that exist today are key to organizational security.
Core Identity: Key to Cyber Security
In most offices during the past two decades, IT admins provisioned user access through Microsoft® Active Directory® (AD). Users’ core credentials gave them access to their workstations, through which they accessed Microsoft-based, on-prem networks, servers, and applications.
Now, however, users need to access a vast array of non-Microsoft and cloud-based resources to do their jobs efficiently. The rapid expansion of these resources prompted some users to circumvent traditional IT processes to create their own, non-sanctioned accounts separate from their core AD identities, and the resulting shadow IT is a cyber security risk for enterprises.
If an employee replicates credentials for professional and non-sanctioned or personal accounts, a breach in any of those services could spell disaster for an enterprise. A LastPass report on password security noted that, on average, an employee reuses a password 13 times — a trend that threatens security because a breach in any of the 13 services for which they reuse the password leaves them all vulnerable.
The key to locking down enterprise cyber security is ensuring users have one core, secure identity to access their resources, each of which IT admins can account for and monitor.
In addition to monitoring, admins can increase security by implementing password requirements that dictate complexity and rotation minimums. They can also require multi-factor authentication at each log in, whether employees are logging into systems, applications, networks, or other resources. For on-prem and cloud-based server access, they can require SSH keys. First-generation, so-called “IDaaS” platforms were simply web application SSO solutions, but modern IDaaS platforms now serve as the core directory, eliminate the need for on-prem operations, and extend the concept of cloud-based identity management to much more than simply web applications.
Modern IDaaS solutions serve as the identity provider and core directory for enterprises. Through a variety of protocols, including LDAP, SAML, and RADIUS, they federate those credentials to the necessary resources employees access.
Such solutions eliminate the need for both an on-prem directory instance and the add-ons that extend it to the cloud. They also eliminate the need for on-prem infrastructure and maintenance. All of this helps reduce traditional IT cost centers — like physical servers and Client Access Licenses — and outsource the setup and maintenance work to trusted third-party services.
Through modern IDaaS, IT admins realize efficiency gains, all while establishing central control over user identities, passwords, and critical security measures.
If you’d like to learn more about IDaaS basics through a cloud identity management service and how it can increase organizational efficiency and security, consider browsing our IT Guide to Identity Management.