printer friendly version

IAM: Looking ahead

The future of identity and access management (IAM) and access governance (AG) is getting clearer as every year passes and 2017 should be no exception. What I mean by clearer is that visibility into the user accounts and the access rights they have to applications and data will be become easier to see. This visibility will also come with a significantly lower cost and be implemented in a much shorter window.

Dean Wiech, MD of Tools4ever.

First, let’s take a look at where the solutions themselves are going over the course of the next 12 months. The standard account lifecycle management and role-based access control (RBAC)/attribute-based access control (ABAC) functionality for access rights will continue to the main driving force that companies look at when considering an IAM/AG solution. Vendors are starting to bundle ever more functionality into these solutions to make the life of the IT department and the helpdesk easier, but to also provide a better experience for the end users themselves.

By bundling self-service and web-based single sign-on portals into the technical, back office systems needed to maintain the user accounts and set proper access rights, end-users now have the ability to perform many tasks either much simpler or on their own.

A self-service portal allows them to securely perform tasks that previously required either calling or e-mailing the helpdesk and their manager and then waiting for approvals to occur. Now a simple visit to an internal portal allows them to request additional applications, a new computer or mobile device, access to data shares or being added to a distribution group. The request is then routed to the appropriate person or persons for approval or denial. If approved, the workflow moves forward to either completion in the network or routed to the appropriate system owner for completion. The requestor has visibility into where the process is at any time and is notified when completed or rejected without further time wasted.

Single sign-on

The idea of a single sign-on (SSO) portal for web apps is not a new one. However, recent enhancements make the newest products even more useful for end-users and security professionals alike. For users, the convenience of having all of their authorised apps available from one location, and not having to enter credentials every time, has always provided an ease of use benefit. The latest and upcoming iterations of these products provide ‘any device’ functionality, meaning what they are familiar with on their desktop is now also available on their smart, mobile device. This means regardless of where they are or when they are trying to get work done, the ease of access to critical applications is never more than a couple of clicks or taps away.

For the security professionals, the ability to disable a SSO profile and immediately eliminate access for a user provides immediate peace of mind when someone leaves the organisation. However, the addition of the latest functionality also provides peace of mind while the user is employed. The ability to restrict users access to the portal, or to specific application within, can be accomplished by time and day, IP address, device type, as well as other security focused settings. Basically, this means you can restrict the finance application to one group of users only being utilised from within the network on a Windows computer between the hours of 8 a.m. and 5 p.m. A second group, possibly senior management, would be allowed to access the same application anytime, anywhere and from any device.

Lower identity costs

The other exciting trend in the IAM/AG space is that even though functionality continues to rise, the price points continue to drop, along with the time needed to implement the solutions. In the not too distant past, organisations could expect to pay upwards of $50 to $100 per user for complete functionality and expect an implementation to last between 12 and 18 months, possibly even longer. While this was certainly in the realm of reality for large multinational organisations with dedicated IAM/AG teams in-house, it was certainly out of the reach of the vast majority of small and medium businesses.

The coming year will see a continuance in the drop in the per-user pricing, most likely down to the $15 to $25 user range. Just like any technology, as more companies adopt it, the more affordable it becomes. The other interesting trend is the time to implement continues to decrease as well. Not only have the systems become more sophisticated and secure, but they have become more standardised, using templates and frameworks instead of custom development to suit a company’s requirements.

As part of this, organisations are also electing to phase in the system rather than trying to do an ‘all or nothing’ or ‘all at once’ implementation. Functionality, such as web SSO or self-service password reset, can be implemented in a few days and provide an immediate benefit and time relief to the IT and helpdesk. In turn, this new found time can be devoted to bringing up the provisioning and AG processes, again by phasing it in small, easily implementable components.

One thing is certain, as 2016 comes to a close, it is safe to say that it has been a banner year for IAM. With the better, faster, less expensive trend starting to pick up steam, the growth in 2017 should be stellar.

Share this article:

Further reading: