Serg Nvns - Fotolia
WASHINGTON, D.C. -- Identity and access management can be a daunting responsibility for IT admins. But there is a method to the madness, according to Wade Ellery, director of solutions architecture at Radiant Logic Inc., a data management and identity integration vendor in Novato, Calif.
End users need to access applications from multiple locations, and IT admins need to protect corporate data and ensure systems are up and running. Ellery recommended a hybrid cloud strategy to provide the best of both worlds. One part of that strategy should include hybrid identity management, which enables IT admins to manage and monitor who is accessing the organization's information and if they have the right to access it.
Hybrid identity management can enable the kind of flexibility end users are looking for, along with the kind of security CIOs and other top-level executives demand, according to experts at Identiverse, an identity and security conference. But building this kind of hybrid environment isn't easy -- or simple.
"Living in a hybrid world is akin to planning a wedding or moving. There's a tremendous amount of logistics involved," Ellery said during a session at the conference.
As IT continues to modernize its infrastructure, identity management is often left to IT admins to administer the upgrade, which can be a difficult project, according to Adam Steenwyk, senior program manager at Microsoft.
"Identity projects can be an overwhelming experience," he said during a session on hybrid identity management. "IT professionals are often the ones holding the bag for these projects."
Importance of federated identity
Hybrid cloud is growing in the enterprise. Rather than put everything in the cloud or keep everything on premises, organizations are opting to do both. They're expected to keep doing so, according to Market Research Future.
The India-based research firm projects the hybrid cloud market will hit $140 billion by 2023. Late last year, IBM CEO Ginni Rometty predicted it could reach $1 trillion by 2020.
Hybrid cloud management gives organizations some control over their data, while providing the kind of flexibility employees and executives are looking for, Ellery said.
One critical aspect of hybrid cloud management is managing the appropriate access for end users. Access and identity can suffer when an organization extends enterprise applications to the cloud, Ellery said, and IT needs to securely manage who can access what.
That's where identity federation could come in, Ellery said. Identity federation links an end user's identity across multiple environments, so they can access what they need wherever they are. Radiant Logic, a sponsor at Identiverse, sells a federated identity product.
"End users no longer care where their apps are sourced," Ellery said. "But their identity needs to be ubiquitous and available wherever they are."
Identity management isn't a new, emerging technology. It's something that organizations and software companies have been working on for decades.
"We've been trying to improve the capabilities of identity systems for 30 years," said Andrew Nash, managing vice president of identity services at Capital One, a financial services company based in McLean, Va.
One aspect that has made hybrid identity management more of a reality is the improvements around AI, according to Andre Durand, CEO and founder of Ping Identity, based in Denver.
"Identity intelligence will allow us to identify threats faster and make infrastructure more secure," Durand said during the conference's main keynote.
Four questions for hybrid cloud migrations
For companies that have yet to migrate to a hybrid cloud environment, Ellery outlined four questions he believes IT departments should ask themselves.
Wade ElleryDirector of solutions architecture, Radiant Logic Inc.
First, organizations need to choose a cloud provider. The market is saturated with choices, with large SaaS vendors like Salesforce, Microsoft and Oracle dominating the market.
Beyond choosing a SaaS provider, organizations need to think about picking an IaaS vendor and even an identity as a service (IDaaS) provider, especially if the workforce is mostly mobile.
"You should ask yourself, 'Should I take my identity with me to the cloud?'" Ellery said. "If most of your authentications are still on premises and your workforce is in the office, it doesn't make sense to. But if you're mobile and your end users are already accessing web apps, and that authentication is already happening in a cloud environment, then it makes sense to migrate your identity management to the cloud."
"If you take the identity aspect and host that in the cloud, there can be advantages there with the managed infrastructure," Ellery said, adding that those advantages include an improved user experience, better security and easier management for IT. Vendors such as Google, Okta and OneLogin offer IDaaS products.
Second, Ellery recommended IT admins ask themselves what data they plan to take to the cloud.
For IT admins, that means thinking through what data or applications are too sensitive to be put anywhere but behind the company's firewall, while providing the flexibility employees need.
Third, Ellery recommended IT organizations figure out what to leave in on-premises environment.
"Your entire IT department can't live in the cloud," Ellery said.
On-premises applications, mainframe infrastructure and other legacy-based business processes are often difficult to migrate, Ellery noted, and they are often built and originally operated by IT admins who have left the organization.
"No one wants to touch that, because if something goes wrong, no one wants that responsibility," Ellery said.
The fourth question to ask before diving into hybrid identity management is when to make the move. There's no clear-cut answer for any organization, according to Ellery, but having answers to the three previous questions and having structure around how IT will manage the different identities -- both on premises and in the cloud -- will set an organization up for success when it does decide to migrate.