In order to stay competitive and reduce costs, smart enterprises are constantly on the hunt for disruptive ways to leverage technology. They’re moving towards hybrid IT environments because they recognize the benefits of faster implementations and high cost savings that come with moving from on-premises to cloud-based applications and infrastructure.
Although many businesses are in the process of moving as much as they can to the cloud, IDC estimates that 70% of large enterprise workloads still run in on-premises data centers. The popularity of best-of-breed apps (such as Office 365, Salesforce, Slack, and so on), paired with the reality of on-prem systems that aren’t going away any time soon, contribute to complex hybrid IT environments that are challenging to secure.
Not all hybrid identity solutions are the same
Thankfully, there are powerful identity and access management (IAM) solutions that can help IT and security teams protect both Software-as-a-Service (SaaS) and on-prem resources. That said, choosing such a crucial platform for your business can be difficult, since there are many requirements, considerations, and variations to evaluate. One key way to differentiate hybrid access providers is to understand their origins—did they start out building a cloud-born platform and then extend its modern innovations to the on-prem world, or did they first focus on on-prem needs and later attempt to adapt that platform in light of growing demand for cloud IAM?
As we’ll explore below, this is no minor distinction, which is why cloud-led approaches win out time and time again in almost every technology category. Just because your top leadership says they want to embrace this cloud journey, that doesn’t mean you can rip out critical on-prem systems, like Oracle e-Business Suite or SAP, right away. It’s more important to avoid adopting any new solutions that add to server sprawl, and instead look to mature cloud technologies as opportunities arise. One element of the IT stack that’s prime for replacement is legacy web access management (WAM) systems, which are costly to maintain and offer only limited, commoditized capabilities. Consider whether the time might be right to adopt identity-as-a-service (IDaaS) and start protecting your hybrid IT environment from the cloud.
Key considerations for hybrid IAM
To aid in the IAM evaluation process, let’s review the three primary areas where cloud-led solutions differ from on-prem-first systems: how long it takes to extract value from your initial investment, the ongoing resources required to support hybrid access needs, and the platform’s ability to future-proof your enterprise’s security posture. We’ll start with a look at the long-term impact of hybrid IAM solutions.
Gaining future-proof identity
The most important advantage of cloud-born providers is that they are not constrained by existing on-prem baggage, so they bring features and security improvements to market faster. In thinking about your hybrid access needs, be sure to consider how they are likely to evolve over the long term as your company moves more and more towards a cloud-centric IT posture. Question whether your strategic partner is continuously investing in and innovating around the cloud, keeping in mind that the majority of today’s most critical IAM functions—like authentication, federation, and coarse-grained authorization—are delivered more securely and cost-effectively as on-demand cloud services.
Below are some ways to determine how future-proof an IAM solution is:
- How long has the cloud IAM offering been generally available?
- How well does the provider’s cloud feature set match up against either their own original on-prem products, or other cloud-first solutions?
- How much is the vendor investing in true cloud innovations, vs. basic APIs that just lift-and-shift on-prem identities to the cloud?
- Which cloud-specific features do they offer, if any? For example, adaptive multi-factor authentication, dynamic scaling, or identity lifecycle management?
- Is the provider able to analyze the evolving threat landscape and emerging attack vectors across thousands of customers to uncover real-time insights that will protect you before attacks occur?
- Is the solution built to automatically handle growing volumes of both users and authentications, so it won’t restrict your company’s growth?
- What type of scale has the platform already been proven to support (while meeting all performance and compliance expectations), e.g., can it manage billions of identities, millions of daily authentications, and traffic bursts of up to 500,000 authentications per minute?
When selecting a new solution, it’s also important to understand the total cost and agility impact of managing and maintaining that system over time. Switching from a legacy WAM system to on-prem-centric IAM can initially provide incremental value, but it will still consume too many resources for administration and maintenance. If you fully modernize with a cloud-first IDaaS solution, you will minimize on-prem sprawl, increase your team’s productivity and responsiveness, and eliminate the risk exposure of delayed upgrades.
The popularity of best-of-breed apps (such as Office 365, Salesforce, Slack, and so on), paired with the reality of on-prem systems that aren’t going away any time soon, contribute to complex hybrid IT environments that are challenging to secure. Thankfully, there are powerful identity and access management (IAM) solutions that can help IT and security teams protect both Software-as-a-Service (SaaS) and on-prem resources.
To aid in the IAM evaluation process, let’s review the three primary areas where cloud-led solutions differ from on-prem-first systems:
- The time it takes to extract value from your initial investment
- The ongoing resources required to support your hybrid access needs
- The platform’s ability to future-proof your enterprise’s security posture