InfoSec-Specific Executive Development for CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive labs to build you and your team's InfoSec skills
In looking at the current state of IAM, older identity and access management (IAM) solutions continue to be a viable for enterprises, however, a shift to the cloud is a time for mature organizations to evaluate new IAM solutions. Leading providers in
the space have advanced and broad capabilities that may offer better mid- to long-term options for organizations considering a new approach.
We see some definitive shifts in IAM occurring in the marketplace. In the past, IAM encompassed centralized authentication, single sign-on (SSO), session management and authorization enforcement for target applications (often tied to some role/privilege
While this has not changed, modern IAM solutions also include adaptive and contextual authentication (which allows context, such as a user’s specific mobile device or location, to dynamically update authentication options or requirements) and support
for modern identity federation/integration protocols such as SAML, OAuth2 and OpenID Connect (OIDC). All these features are important for improving federation and cloud service integration, as well as reducing the risk of attacks with an increasingly
With the shift to hybrid cloud and widely expanded types of end-user access models, IAM solutions increasingly also encompass:
Several IAM providers could be serviceable for a mature organization that needs a broad suite of IAM capabilities, relative ease of use and deep integration with both on-premises and cloud-based systems and services. Highly regulated organizations can also consider:
Okta: Okta provides a software-as-a-service (SaaS)-delivered IAM solution that includes deep authentication and adaptive authentication capabilities, as well as SSO, directory services, multifactor authentication (MFA) and broad API support. Okta also provides threat intelligence and much-improved session management, along with a relatively recent reverse proxy solution for integrating legacy and non-standard applications.
Microsoft: Azure Active Directory (AD) is highly capable within Microsoft and more support for third-party applications and services is emerging all the time. Licensing can also be somewhat complex, but the pace of updates and new capabilities, particularly in Azure AD adaptive and contextual authentication through
conditional access rules, is good.
Ping Identity: Ping is considered among one of the most complete solutions available today, however, depending on your business' needs you might have to buy numerous packages to get there. Ping also offers threat intelligence and robust directory services
Other service providers also offer relatively complete IAM portfolios, including IBM and Oracle, with other options in the form of solutions from ForgeRock and OneLogin.
When considering a move to a new IAM solution, organizations should be careful to thoroughly evaluate all the different use cases currently in place for application and user access and authorization. Federation, SSO and application integration to cloud
services are now priorities, and flexible options with MFA and mobile access are also key considerations. We suggest taking the following into account:
Looking at both financial and operational costs for each solution. Be sure to ask providers what the expected deployment and maintenance overhead will be because these can be significant.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
October 19, 2021
By IANS Faculty
Continuous compliance requires continuous monitoring and validation of controls in the environment, as well as integration with governance, risk management and compliance tools and platforms. Understand the processes, tools, stakeholders and focus required for a best practice continuous compliance program.
October 14, 2021
Learn how the DDoS threat is evolving and get a step-by-step playbook to ensure your organization is protected against DDoS attacks and has a response plan in place.
October 12, 2021
Uncertain how to secure your M365 environment? Our Faculty identify and explain the five primary areas of M365 that will provide the best security return-on-investment with the least user experience impacts.