Identity-as-a-Service Emerging as a New Basis for Security and Authentication in a Hybrid/Cloud World

Wednesday, February 28, 2018

IT organizations in a traditional on-premises environment have historically relied on a centralized IT system known as a directory to manage the user accounts and identities used to authenticate users for a variety of business applications. These traditional directories allowed an organization to create a single sign-in user account that could be used to log into many different applications, and for organizations to apply policies/controls to that account in a fairly uniform manner. Legacy tools, such as Microsoft’s Active Directory, were critical to managing applications that largely resided on-premises and where vendors followed standardized protocols to allow their systems to be accessed by traditional Windows user accounts. According to security technology analyst Jonathan Ho, “In the traditional world, one could have a single Windows-based login that IT would automatically synchronize with other applications that resided within the enterprise. Users did not have to remember and maintain a large number of login IDs since the systems were able to interoperate in a somewhat homogeneous and well-defined environment.”

Modern IT infrastructure is undergoing rapid changes with the adoption of the public cloud, SaaS applications, mobility, IoT, and virtualization. Business users are demanding access to applications such as Box,, AWS, Office365, and Concur, regardless of where they reside, as a means to improve productivity and increase efficiency. According to a June 2017 report by Netskope, a leading provider of cloud access secure brokering services, the typical enterprise uses on average 1,071 cloud services. In a hybrid cloud world, the traditional network perimeter also ceases to be the security boundary, as users and data are increasingly stored and accessed through third-party infrastructure. From that perspective, identity is rapidly becoming viewed as the new perimeter for security.

However, the traditional Windows-based user identity and login paradigm does not hold up in these environments. User accounts that used to be exclusively within the domain of on-premises Windows systems are now being replaced by separate logins used for SaaS applications, custom web applications, customer-facing applications, mobile device applications, traditional on-premises third-party applications, and legacy Windows user accounts. The result is that business users and IT organizations have been forced to try to manage IDs on their own by creating disparate stand-alone user directories for every application that does not fit into the traditional identity paradigm and trying to manage those directories on a distributed basis. Managing individual accounts across multiple users for each of those applications is a logistical nightmare that can create significant security and compliance risks for enterprises.

Ho stated, “As IT infrastructure continues to migrate to the cloud with increasing adoption of SaaS, public cloud, and mobile applications, we believe a new cloud-based platform will be required to unify identity access management across disparate architectures. Traditional and vendor-specific solutions offer a siloed approach that we believe is likely to be redundant and ineffective across increasingly heterogeneous environments.”

Forecasts for the identity access management (IAM) market range from $7.5 billion to the tens of billions of dollars. Ho views this market as lightly penetrated today with accelerating adoption driven by changes in the IT infrastructure market.  Nearly every enterprise is building customer-facing applications for cloud, mobile, and the web to interact and engage directly with their customers. All of these applications use some form of login identification and authentication that is cumbersome to build, maintain, and manage.

Ho believes that the trend toward increasing cloud and mobile adoption among enterprises will continue to increase the complexity of IT networks and erode the perimeter of those networks, leading to operational inefficiencies and security vulnerabilities. In addition, organizations are finding it advantageous, and indeed increasingly necessary, to connect with external users of its network in the form of customers, partners, and suppliers. Both of these trends tend to introduce more applications, devices, and types of infrastructure that must be taken into account for the interaction of each organization’s various relationships. Ho states, “Providing a layer of abstraction for efficiently, uniformly, and securely handling the resulting explosion of relationships is of paramount and increasing importance. Identity management is appearing as an important and effective way to provide this abstraction.”

However, traditional IAM solutions were not designed for the cloud-based and increasingly mobility-based architectures that are becoming more prevalent. Legacy solutions tend to be a loosely constructed set of solutions that are designed for on-premises use-cases, rather than a strong unified set of offerings that are built for cloud and mobile environments. As a result, directory services tend to be less efficient than more modern identity-centric solutions. Similarly, legacy solutions also tend not to provide modern API capability for what users consider to be proper mobile/web experiences, as they were not built to handle cloud/mobile architectures. Among modern identity-centric solutions, Ho believes single (point)-solution providers are not as capable as vendors that provide a suite of offerings that are more unified, because suite-oriented solutions are generally built to be more seamless, and therefore can provide a more powerful, resilient, cohesive, and secure experience for end-users. Ho also believes that suite-oriented solutions tend to scale better.

This report initiated coverage of Okta, Inc. For more information on this or other companies from Jonathan Ho’s coverage list, please contact your William Blair sales rep.

News Alerts

Stay connected to your favorite publications and news features.

Subscribe Now