In this latest article, Satbir Singh Hundal, Associate Services Consultant at our partner Securience, talks about the benefits of moving Identity and Access Management to the cloud.
Cloud computing consists of a shared distributed network of computational resources available to any consumer through a myriad of service providers. With the advent of cloud computing, consumers have the freedom of using on-demand computing power and are no longer limited to fixed resources of traditional on-premise infrastructure. This consumer-centric model allows for flexibility and costs savings through on-demand service offered by several vendors, enabling competitive pricing. In recent years, organisations have strategically migrated several of their services to the cloud to mitigate risks, achieve scalability and reduce costs.
According to Gartner more than $1.3 trillion in IT spending will be affected by the shift to cloud by 2022, with predicted spending on system infrastructure and Infrastructure software almost doubling since 2018[1]. According to Forbes, 83% of enterprise workloads will be in the cloud by 2020[2] and Identity and Access Management (IAM) is no exception. In the last 3 years, several IAM vendors have rolled out their SaaS offering to enable organisations to migrate their IAM services to the cloud.
Benefits of IAM in the Cloud
Cost Savings
One of the immediate cost savings of moving IAM services to the cloud is on infrastructure. Organisations are not required to maintain expensive on-premise IAM servers hence saving on enterprise software licenses costs (operating systems, databases, application servers, etc.), HVAC costs, and personnel costs. Additionally, the overhead of upgrading and patching the servers, and the risks of fixing any security vulnerabilities are transferred to the IAM cloud vendor.
Scalability
Due to digital transformation in organisations, devices, data, and applications have exploded which has also impacted the scale and volume of data required to be processed by the IAM platform. This could have a domino effect on the IAM system which has to run a series of tasks post the aggregation of the data, including but not limited to Joiner, Mover, Leavers, Segregation of Duties, Role Mining, and Self-Service Requests. Organisations often tackle this problem by provisioning additional infrastructure for their IAM service which is time-consuming and expensive. Organisations could easily scale up or scale down their IAM infrastructure on the cloud with a few clicks, saving time and effort which could be spent on optimising business processes.
CI/CD (Continuous Integration/Continuous Delivery)
A key benefit to cloud adoption is infrastructure modernisation and streamlining. If an organisation’s IAM solution requires some form of a codebase for feature development/implementation or automated testing, the engineering team can build, test, and deploy changes to the solution with greater efficiency. Automated regression testing improves trust in the service functionality by identifying configuration issues and automated deployment for enhancements and bug fixes that have passed the necessary pre-requisites.
Availability
Global interoperability requires organisations to ensure their primary services like IAM are available round-the-clock with minimal downtime. Organisations can deploy their IAM infrastructure in regions closer to their end-users on demand and could implement optimal disaster recovery strategies. With comprehensive usage statistics and advanced analytics, dynamic scaling can be designed for peak and off-peak load times to save costs without impacting performance. This could also assist in better IAM architecture like load balancing and failovers mechanisms.
Things to Keep in Mind
Choosing a cloud vendor for hosting the IAM services requires awareness that all data collected and processed by the IAM platform will not be physically managed by the organisation. The cloud vendor will have access to the servers hosting the organisational data and it should be mandated to have enterprise-grade encryption on the data. Most IAM service providers operate in a multi-tenanted manner, meaning more than one organisation’s data may reside on the same physical server, although they would be logically separated and encrypted. Organisations must perform adequate due diligence to ensure the cloud vendor or the IAM service provider meets the necessary compliance and regulatory requirements for data protection and other related laws like GDPR, HIPAA, etc.
IAM service providers often roll-out automated updates and patches to the IAM solution for all their customers. Although it’s a good-to-have feature to reduce the overhead of keeping the IAM solution up to date with the latest enhancements and features, it may impact any customisations or configurations specific to some organisations. Automated update schedule should be agreed beforehand with the IAM service provider to allow sufficient time for testing and bug fixes.
Technical issues regarding the hosted services generally require raising a support ticket with the cloud vendor for further investigation and issue resolution. Organisations must ensure that they chose a cloud vendor that they can trust, has a detailed service level agreement and could offer a range of other managed services to meet the organisation’s future requirements.
Additional Advice
It is considered good practice to kick-off IAM cloud adoption with a hybrid approach where an organisation can have their IAM services available in both on-premise and on the cloud. This will give additional time to the end-users to adjust and learn and better prepared to interact with the IAM solution, both functionally and technically. The extent of the benefits of cloud adoption will vary depending on an organisation, but one could be certain that the features, although cost-efficient and promising, come with their own set of risks. Organisations should perform their due diligence and ensure they assess potential risks and have appropriate mitigating plans in place.
Why should you consider Able+ for your identity and access?
Able+ is a comprehensive, future-proof IAM solution that helps you deliver your organisation’s digital strategy. To find out more about Able+ and how we can help increase productity for your organisation, visit our webpage or contact us directly.