Considering a Cloud IAM Solution? Here’s our recommendation
Jatin Chugh | 4 May 2017
Prior to the adoption of the Cloud, business IT was primarily designed for consumption behind firewalls. Often, IT infrastructure was sold to individual business units and inter-organization sharing of IT resources was far and few.
Users, devices, and servers were protected behind firewalls, and on-premise products like Microsoft Active Directory (AD) was used to manage identities and administer access in IT environments. Identity & Access Management (IAM) was contained and somewhat simple and static.
However, in our current world, the way businesses consume IT has changed significantly, and Identity and access management had to follow the change. Now users are often (arguably mostly) outside the organizational firewall; using a variety of mobile devices (smartphones, tablets and laptops); and connecting to web applications potentially hosted in different continents altogether.
Managing identities and administering access in such a diverse and ever changing environment poses challenges that are far more complex for businesses today when compared to the firewall era. Some of these challenges are:
- How can businesses manage information security in such a diverse and ever changing environments, specifically in context of IAM?
- How can businesses further reduce IAM costs and further streamline IT processes?
- How can businesses address compliance with various industry regulations?
Why Microsoft Azure Active Directory?
Currently, the market provides a wide variety of products that address these challenges. While different products come from different vendors and provide various benefits; we have chosen Microsoft Azure Directory (AD), for these three main reasons:
The comprehensiveness of features and capabilities
Azure AD provides a suite of IAM capabilities across identity management, access administration, self-service options, extensive reporting capabilities, multi-factor authentication and even privilege access management.
Integration with Microsoft technologies
Azure AD can be the natural extension to cloud IAM while allowing organizations to leverage their existing on-premises Active Directories. Furthermore, integration with Office365 and other products in Microsoft’s Enterprise Mobility Suite (EMS) portfolio puts together components of an ecosystem that would fulfill organizational requirements across different industries.
The Microsoft Advantage
Azure AD comes with a few Microsoft advantages including familiarity with Microsoft products for both enterprises and small businesses, global presence, commercial support agreements, industry-specific credentials, data centers in different geographies that comply with various regulations, and high availability of infrastructure components.
Addressing the Challenges
Identified as one of the Leaders in Gartner Magic Quadrant for Identity and Access Management as a Service in 2016, Azure AD addresses both the business and technology challenges.
Overcoming Challenge #1: Comprehensive Natural Cloud Extension IAN
Azure AD is a cloud based and scalable IAM solution that can:
- Store, manage and use identity related data; and
- Manage access for both integrated in house and/or third party web based applications.
So it manages both your on-premise and cloud words. We see Azure AD as a tailored solution to extend on-premises Active Directory (AD) into the cloud for managing access for your web applications. Having said that, it can be used independently without linking it with your on-premises AD.
In addition, Azure AD multiple capabilities provide mechanisms to identify high-risk objects or events. And when a high-risk event is identified, pre-defined actions such as restricting access and/or providing notification to administrators can be triggered. For instance, a user attempting to login from two different continents within minutes will be identified as a high-risk event and unauthorized access attempts and appropriate user-options and system actions will be enforced to address the identified risk.
Azure AD multiple capabilities include:
- Single-sign on (SSO)
- Multi-factor authentication
- Device registration
- Self-service password management
- Self-service group management
- Privileged account management
- Role-based access control
- Application usage monitoring
- Auditing, and
- Security monitoring and alerting
Overcoming Challenge #2: Reduced IAM Costs
Azure AD licensing model allows to “pay for what you consume” and it can reduce IAM overall costs.
More cost savings are gained by integrating the solution to the on-premises AD, Office 365, and thousands of popular SaaS applications like Salesforce, Workday, Google Apps, Box, ServiceNow, Dropbox, and more.
Overcoming Challenge #3: Multi Industry Compliance
Microsoft Azure AD components and services have been audited and attested as compliant with several critical industry standards including HIPAA (via a BAA), HITRUST, NIST 800-171 among others.