The Future of IDaaS: More Than Just Another “as a Service” Solution
It seems like there are a thousand “X as a service” solutions out there today. Even companies like Microsoft are getting into the act by offering products like MS Office on a subscription basis. One of those that you might have heard of is IDaaS, or identity as a service. What is it and what should business owners and decision makers know?
What Is IDaaS?
The Cloud Security Alliance defines IDaaS as, “the management of identities in the cloud, apart from the applications and providers that use them.” Obviously, it’s a broad term, but it has immense implications both immediately and in the future. According to Gregg Kreizman of Gartner, Inc., there are two categories of IDaaS out there:
- Web access software for cloud-based applications, such as software as a service (SaaS)
- Web-architected applications. The second is for “cloud-delivered legacy identity management services”.
What does that actually mean, though? Really, it boils down to this: IDaaS provides a set of functions that offer identity and access management for use either in the cloud or on the user’s premises. Given the fact that more and more businesses are moving to the cloud and looking to invest less and less in physical hardware and other IT assets, it’s this definition that will grow in 2015 and the future. All features and functions in such a system are modularized, and can be consumed on a subscription basis.
There are numerous different components that go into IDaaS as well, including some familiar names. For instance, single sign-on capabilities are part of IDaaS, as is password management, provisioning and access governance. However, most adoption in this area has involved SMBs (small and medium businesses) rather than enterprise level organizations. That is due to a number of factors, including a lack of readiness on the part of larger organizations, which have significantly more complex needs in terms of access, provisioning and governance and still rely largely on on-premises solutions.
SMBs, on the other hand, are quickly taking advantage of the benefits offered by IDaaS, which include a simpler use lifecycle process, greater focus on ease of use and the ability to scale services as needs change.
The Future Looks Bright
There’s a lot of excitement out there about identity as a service solutions and its ongoing evolution to meet emerging business and industry needs. Experts predict that this sector will evolve rapidly to embrace enterprise level organizations as well as SMBs by combining on-premises and cloud identity governance areas.
In a world migrating to the cloud, IDaaS providers are best positioned to address challenges for developers of all kinds. Though traditionally associated with providing employee single sign-on to apps, developers will increasingly turn to IDaaS to address identity challenges for three other external stakeholder groups, namely partners, customers and app developers.
The pace of businesses moving to the cloud will also increase in 2015 and beyond. Remember – despite its prevalence and the amount of talk about it, the cloud is still in its infancy. It will grow and mature, becoming more robust. By 2016, Garnter expects that the bulk of new spending in IT will involve the cloud. Cloud architecture is also expected to play a critical role in enabling an organization’s strategic vision according to a study conducted by IBM.
As you might imagine, security will remain a significant concern with the cloud and associated apps. IDaaS is uniquely positioned to provide peace of mind and protection through single sign-on, multi-factor authentication and password management functions. Single sign-on capabilities ensure that users no longer have the hassle of trying to remember long lists of complicated passwords for the various platforms, apps and programs they must access on a daily basis.
Additionally, multifactor authentication will take the place of the outdated username/password combination. Too many businesses have found that passwords are the most common route for attackers interested in gaining access to business information. Instead of signing in with a username and password, employees will sign on using their unique PIN (or other identifier) and a one-time-use password (OTP).
Another benefit here is the expected rise of automated, real-time de-provisioning. Currently, IT must take the time to manually remove accounts when users are no longer authorized to access specific areas (after employment termination, for instance). With the automated deprovisioning processes, those application accounts will be eliminated as soon as the employee leaves the company. This does a great deal to minimize and even eliminate security risks.
As new types and more quantities of information are needed, identity as a service solutions will be required to provide greater security. However, these solutions will also be useful for gaining additional information about consumer, employee and partner behavior to better inform business decisions.
No matter how you cut it, IDaaS will play an increasing role in both the near term and the long view. It is essential for business owners and decision makers to learn more about these solutions and how they can integrate within the framework of their business, what advantages they can offer, and how they can scale as the company’s needs change.