By Greg Keller Posted January 12, 2015
The Identity Management field is a broad IT category that encompasses everything from the management of access, to management of IT resources.
The identity and access management field started with the earliest computers where an individual was granted access to a singular computer. At that time, identity management was simple because the privileges and access any one person had was limited by the scope of the lack of Internet and software providers. As a result, most access was granted and reviewed manually.
Over time, however, as the number of IT resources and amount of people needing access to them grew, managing access became a complicated task. Complex organization charts foster dynamic and complex user-access rules, privileges, permissions, and software systems have become more prolific and complex, too.
But while the complexity of identity and access management has increased, the principles have largely stayed the same: the right access needs to be granted to the right users.
Whether it’s one person looking to login to one platform, or a global enterprise needing thousands of permutations of user access, IT needs to provide users with the correct access for their business needs.
Additionally, with the advent of compliance standards, businesses in many industries must audit and review their user access definitions regularly and on a widespread basis to meet regulations.
To do this, businesses today leverage a variety of make-as-you-go solutions to manage their entire Identity Management infrastructure, composed of myriad software solutions each answering one part of the equation. JumpCloud® is looking to change this splintered process. We believe a singular, reliable identity management infrastructure is made up of five key parts:
At the core of the market is directory services. The directory serves as the Identity Provider which can be federated to other identity consumers including other categories on this list. The core directory service is the point of authentication and authorization for a variety of IT resources, and can also include device management capabilities. Modern directory services are cloud-based and work seamlessly with cloud infrastructure. These directories, called Directory-as-a-Service® solutions, also leverage a variety of authentication protocols, self-service tools for end users, and modern security techniques.
As many legacy directories are not able to cover all of the different platforms and geographies, a category of directory extenders emerged. Primarily, these extensions were built for Microsoft Active Directory®, as well as Linux and Mac device management or Web applications for single sign-on. These extensions generally replicated the user store within Active Directory, and then granted access to the appropriate users. This category gained significant traction after the introduction of Active Directory and prior to the emergence of the SSO category.
Privileged Identity Managers
This category of solutions focused on privileged accounts to critical infrastructure components such as routers, switches, databases, and others. Within the Identity Management space, it focused on granular access and deep reporting. This category has thrived because of the critical nature of the IT assets that it manages, and the fact that the historical directories such as AD and OpenLDAP didn’t cover this area.
Web Single Sign-On / Password Management
Perhaps the most active category in the Identity Management market recently, the web single sign-on (SSO) market is focused on enabling access to SaaS-based Web applications. SSO solutions leverage the core directory and extend those users, credentials, and access to Web applications. The benefits of this area include greater control over access to applications outside of the corporate network, greater security, and data control.
Multi-Factor Authentication / Biometrics
Another critical category in the Identity Management space is the multi-factor authentication, or alternate authentication mechanisms. With the increase in identity theft and corporate hacking, organizations are leveraging multiple mechanisms to authenticate users. Traditional usernames and passwords authenticate users through something they know. Additional mechanisms include something a user has, for example, a code on a smartphone, a fingerprint, or retinal print. Multi-factor authentication combines both of these measures to heighten the overall level of security in your organization in order to better protect your sensitive information.
The Future of Identity Management
Identity Management is an exploding field. With the core IT landscape shifting and changing, so too must the Identity and Access Management market. Couple that with an increased focus on security, and this sector will continue to grow and thrive. If you would like to learn more about Identity Management, drop us a note. We would be happy to discuss what strategies are best for your organization. Additionally, if you are interested in cloud based identity management, feel free to try out our Directory-as-a-Service platform. Your first 10 users are free forever.