Many companies are considering moving their current identity and access management (IAM) implementations to the cloud, or they are looking at the cloud for their new IAM use cases. This might be driven by the threat of attacks via identities, increasing compliance mandates, expanding needs of end users for frictionless data access or improving the total cost of ownership.
View this presentation and watch the corresponding webinar to help you determine whether your organization is ready to move to IDaaS.
1. Are You Ready to Move Your IAM
to the Cloud?
Webinar
February 28, 2018
Peter Volckaert
Senior Sales Engineer
IBM Security
peter.volckaert@be.ibm.com
Patrik Horemans
Senior Sales
IBM Security
patrik.horemans@be.ibm.com
2. 2 IBM Security IBM AND BUSINESS PARTNER INTERNAL USE ONLY
Agenda
• What Is IDaaS?
• Typical IDaaS Use Cases
• IDaaS or On-Prem?
• Question & Answer
12. 12 IBM Security
IAM for Consumers: Another World…
Consumer
Scale
Employee
XXL M to XL
Distributed Centralized
Individual Business
Low High
Control
Focus
Complexity
Source:Gartner:“ConsumerIdentityandAccessManagementIsaDigitalRelationshipImperative”,30December2015
13. 13 IBM Security
Consumer IAM
Cloud/InternetCompany
Consumer
Data
Consumer
Identity Store
IDaaS
On-prem Apps
App
Social Identity
Cloud Identity Service
16. 16 IBM Security
Traditional/Legacy IAM
Company
- provisioning
- passtru authn
- SSO
- HR feeds
Cloud Directory
- provisioning
RDBMS
SAP Linux HR Data
User Directory
On-prem Apps
App
Social Identity
Cloud/Internet
IDaaS
LDAP
IdP/ Proxy
SaaS Apps
Cloud Identity Service
18. 18 IBM Security
To Cloud or Not To Cloud …
SaaS adaption
Internal IAM not
delivering
Competing IAM
implementations
Source: Gartner: “How to choose between On-Premises and IDaaS Delivery Models for Identity and Access Management, July 2016
Mature IAM program
and implementations
Cloud security and data
residency concerns
Need customized IGA
Staffing and
TCO
19. 19 IBM Security
Responsibilities: You? They? Together?
You Own It They Own ItShared
Responsibility
IAM program
IAM vision &
strategy
IDaaS infra
Service patch
management
Service
improvements
On-prem target
integration
Bridge components
Health target systems
Test environment
Business continuity
User support
Source:Gartner:“HowtochoosebetweenOn-PremisesandIDaaSDeliveryModelsforIdentityandAccessManagement,July2016
20. 20 IBM Security
IBM Cloud Identity Resources
http://bit.ly/TCOofCloudIAM http://bit.ly/CloudIAMBuyersGuide
More resources on Peter Volckaert’s Cloud Identity page: https://ibm.box.com/v/cloudidentity
Introduce yourself: good afternoon. I’m … , working within IBM Security, working within services for X years, currently sales engineer. Specialized in IAM.
And when talking with customers and prospect the word cloud is unavoidable…
De IDaaS use cases worden gedreven door de trend van “digital business” / disruption
Opm: B2B?
Access by Anyone, from Anywhere, on Any Device
This architecture is assuming an internal, enterprise IdP. Typically provided by an access management solution from IBM, CA, Oracle, etc or AD-FS. Users trying to access SaaS apps will be redirected to their company IdP, where authentication takes place. Then they will be redirected (with a SAML token) to the eventual SaaS app.
Alternative: a so-called cloud directory that resides in the IDaaS solution
Yes, you can also connect to your on-premises apps. Okta uses SWA for that. The user’s credentials are securily kept in the IDaaS
Transaction scale can also vary widely depending on the season and the marketing campaign.
Control: for employees: centralized, company-owned attributes. For consumers: self-registered, self-managed attributes, spread over multiple data sources (organisations, social media, credit-reporting agencies, public records, financial institutions) hence “distributed”.
Ensure scalability. The registration and access services must be able to handle large user volumes. There may be circumstances where thousands, tens of thousands or hundreds of thousands of users are registering for a service within a short period of time. Because consumer-oriented systems often experience highly variable demand due to seasonality and marketing campaigns, many organizations use cloud-based systems
CIAM: Some organizations in highly regulated industries are still more comfortable with
an on-premises solution, and such solutions can be deployed in the cloud, if desired.
Hier: de markt bespreken. Legt de vendor véél bij zich of toch wat minder?
Grote verschillen…
Ook bridge componenten: hoe meer on-prem hoe goedkoper, maar wel verantwoordelijk en wat met de TCO?
Hier: CIS in de schijnwerper.
Belangrijk: jij moet:
visie/strategie/planning
Policies (entitlements, etc)
Integraties: bijv met 3rd party authn systeem en SIEM
Infrastructuur: bijv VPNs, onderhoud on-prem stuff (sync)
IDaaS is dus vooral: implementatie! Met CIS is er ook prof. services die een klant helpt met strategie