EzIAM – Moving your Identities to the Cloud – An Analysis
There could be 3 types of movers to the cloud.
- New Movers to a cloud IDM Infrastructure – companies starting their operations in the Cloud & hence want to have all their identities in the new cloud IDM infrastructure from day 1 of their operations:
1. Will the cloud IDM solution be safe to implement (i.e safe to have my corporate users & identities exist in there) ?
2. Will the cloud IDM solution be able to address the day-to-day IDM operations/workflows that each user is going to go through?
3. Will the cloud IDM solution be able to scale for the number of users ?
4. What are the connectivity options (from a provisioning standpoint) that the cloud-idm system provides ? (i.e connecting to their applications/db’s/directories that are existing on the cloud, assuming they are a complete cloud organization)?
5. How robust these connections are (i.e in terms of number of concurrent users, data transport safety) ?
6. What are the Single Sign-On connectivity options that the solution provides ?
7. What are the advanced authentication mechanisms that the solution provides ?
8. What are the compliance and regulatory mechanisms in place ?
9. What are the data backup and recovery technologies in place ?
10. What are the log and audit mechanisms in place ?
There are more than 30 out-of-the-box provisioning connectors available to connect to various directories, databases and software applications. The Single Sign-On connectivity options are innumerable with support for SAML2.0, OpenID 2.0 and OAuth 2.0. Varied advanced authentication mechanisms are supported that ranges from X509 cert/smart card based tokens & OTP/mobile-based authentications. Being in the AWS cloud the backup process and recovery process is as efficient as any back process can be. Daily backups of snapshots and data are taken, with ability to recover within minutes.
Most of the companies would fall into this category. These kind of movers, move only a few parts of their IDM infrastructure to the cloud. They would initially move their applications to the cloud to start with. Then they would probably move their user stores/directories and along with that their identities to the cloud. They would still have some applications on-premise, which they would need to connect from the cloud IDM solution. They would also want to perform the daily identity workflow process from the cloud IDM solution. This way they can streamline their operations especially if they have offices in multiple locations, with users in multiple Organizational Units (OUs), accessing multiple on-premise and cloud applications.
1. Will the cloud IDM solution enable me to have a single primary Corporate Directory in the cloud? How will it enable the move of my current on-premise primary directory/user database to the cloud?
2. Will the solution allow me to provision users from our existing on-premise endpoints to the cloud?
3. Will the solution help me keep my on-premise endpoints (that contain user identities) in tact and move these endpoints in stages to the cloud.
4. I have applications, on-premise whose access is controlled by on-premise Access Control software. How can I continue to have these applications on-premise and enable access control to them via the cloud IDM solution?
5. How will the solution provide access control to the applications that I am going to move to the cloud?
6. Will the cloud IDM solution help me chalk out a new administrator/group/role/user base structure?
7. Will the solution help me control my entire IDM life-cycle management (from the day a user joins the org to the time any user leaves the org) through the cloud IDM ?
8. How exhaustive will the cloud IDM solution allow my access permission levels to be?
9. How often would the cloud IDM solution allow me to do a bulk-load of users from an on-premise directory or db?
10. What will the performance of the system when I perform other IDM operations with the system, during this bulk-load of users?
11. Will the solution allow us to have a separate HR application which we would want to be connected and synched up with the cloud IDM Corporate Directory?
12. What are the security benefits in connectivity, transport, access control, IDM life cycle operations, provisioning, admin-access etc. that the solution offers?
13. What are the connectivity options (i.e connecting to other enterprise applications across that enterprise’s firewall’s?)
14. What SaaS applications that the solution would allow the users to connect to in the future? How would the solution control those connections through a standard universal access administration for my company?
The primary motivation behind the “Total Movers” of IDM to the cloud would be the following:
For all the 3 kinds of cloud movers described above, EzIAMTM would be a perfect solution. Pretty much all the questions posted above for all the types of movers, can be answered by the deployment of EzIAMTM. The solution is very versatile, customizable and has great connectivity options to all types of endpoints that an enterprise can have. The learning curve to get used to the screens is very minimal, as the screens are intuitive. Mobile access is enabled. The feature of integrating EzIAMTM with a cloud Governance Service solution is an added incentive for the movers, as this option would be extremely helpful to govern their identity environment efficiently.