My clients find identity solutions to be complex and costly to implement. For mature and/or large enterprises, these issues are simply a cost of doing business — and compliance or online strategic drivers are usually sufficient to fund and launch an IAM initiative.
For the smaller enterprise there appear to be two paths followed: do nothing or do it poorly. When done poorly, shoddy IAM implementations can result in poor credential management, lousy availability and inappropriate access controls.
So how does a smaller company or organization deal with identity properly? How can users be efficiently identified online without building expensive, custom solutions? What service levels and supports are possible for a login service when staff go home at 5pm? How can niche needs like strong authentication be met without excessive server license costs and complex implementations?
Enter the cloud. Cloud-based IAM service providers are maturing and there are a number of solutions that offer the smaller organization solutions. For example:
- Symplified offers a full IAM service that promises plug-and-play integration with surprising depth, including support for mobile devices and apps.
- PhoneFactor has a slick and secure solution for two-factor authentication that can be licensed on a per-use basis.
- TransUnion have a robust identity proofing service for the critical process of confirming the identity of an online visitor.
Using one or more of these solutions allows for rapid deployment of IAM for smaller organizations. The cost savings are considerable and services levels are beyond what most companies could hope to provide on their own. There still remains integration work — applications need to be ‘plumbed’ to inter-operate with the cloud solutions — but all the heavy-lifting of designing and configuring a solution is eliminated.
The maturation of cloud IAM solutions means an increased number of companies can implement secure and compliant solutions without the long lead-times and high cost of traditional product-based offerings. In this age of rampant data breaches and increased focus on compliance, this is a welcomed development.