With billions of transactions occurring online every day, business today truly occurs without boundaries. Clients, partners, merchants and other associates all need to access your network—or your cloud—to make purchases, discover information, or use applications. While these new classes of users are critical for sustaining a competitive edge, your business also needs to monitor them and grant to them appropriate access to protected resources. However, there are thousands—in many cases, millions—of them. The need for your business to connect with customers and in turn have your customers interact with your business in ways not possible before can be good for business, but how do you manage such a number? Traditional procedures for identity management simple do not scale. How could you reset passwords or manually grant access for millions of users? Behold the taken-for-granted, unexceptional shopping cart:
Back in the day, stores were not as they were today. You went in, there was a long counter, and you had the counter clerk show you what was available. That is how things worked: virtually everything was behind the counter. You described to the clerk what you needed, and they presented you your options. You bartered over the price, decided on an item; the clerk bagged it for you, and off you went. However, as the shop owner interested in keeping prices down, this model was less than perfect. It required many clerks, not to mention veteran clerks who knew all the goods and could be trusted to set an adequate price. Eventually, retailers tried placing more goods out on display in the store so customers could “help” themselves. Some patrons liked the ability to pick items off the shelves, but more importantly, you did not need as many counter clerks, and certainly not as many veteran, highly paid ones. Additionally, if you wanted to sell more than one item at a time, you needed something to hold your selections. A shopping cart allowed customers to browse for more items to buy and make multiple selections at once. This is important in the retailer world because the more stuff in the cart, the more stuff you are selling.
Soon businesses realized that the bigger the cart, the more customers would put into it. This in turn led to large supermarket chains that expanded from selling food to providing practically all the shopping that customers might need—clothes, pharmacy, music, etc. The philosophy is that by providing many services in one store, shops can offer clients the convenience of obtaining their needs in one stop. This analogy is the same today. Business users in the past had to visit the Database Admin for DB access, the Network Admin for VPN or external access, and the Application Owner for every other individual application. For new employees, this could be weeks before actual work began. Not only that, but you also had some of your most skilled and highest paid IT professionals simply creating accounts and resetting passwords. What businesses need is a one-stop shop for employees where users can look up the system or access right of interest through an identity portal. Once found, a particular entitlement is placed into a virtual shopping cart where requests can be adjusted and permission attributes can be specified like end date, request comments, and additional fine-grained requirements. A "checkout" process follows (continuing the physical-store analogy) in which managerial approval is collected, if necessary. The employee often receives an e-mail confirmation once the transaction is complete. Obvious advantages is that the virtual shopping cart is available 24 hours a day, and many consumers have internet access that follows the same schedule wherever they are located. In contrast, routine identity management tasks, which would require travel to the office and would need to take place during normal business hours, can now be completed at the user’s convenience. Additionally, the end user and an IT admin do not need to get together to complete a transaction. An end user can change terms and conditions instantaneously. This means that Identity Self Service is not just a standard, run-of-the-mill business tool; it has become a competitive advantage.
There are three key areas where Identity Self Service will play a big role in the future of Identity Management.
- User focused Identity Portal for large user populations
- Self Service access to cloud based services
- Partner access and application integration
In each instance, organizations are transforming the way they grant user access. To achieve this transformation, they typically provide self-service capabilities as they safeguard secure operations and support regulatory compliance.
User-Focused Identity Portal for Large User Populations
With the use of roles, accounts, and access permissions, an identity portal helps to power the creation, modification, and termination of access rights throughout the entire user lifecycle. Whether for internal enterprise users or for trusted partners or suppliers who need access to in-house company resources, the identity portal enables the organization to grant permission to access information and applications and then to control access as the user’s role and responsibilities change. Users and partners receive self-service functions in areas such as password reset, system and role access request, and federated application access. The identity portal becomes a single place where all user lifecycle management can take place. Truly a one-stop shop. The result is a lower identity management cost, improved compliance with user access through a centralized portal, and faster access for your users.
User Access to Cloud-Based Services
Within the last few years, and with mounting speed, “the cloud” has stormed the technology world. Its consumption and intrinsic values have influenced an expansive range of businesses. Unlike traditional solutions, such as in-house software solutions, cloud computing can be defined by two key characteristics:
- Information becomes more readily available to your users
- Costs to maintain access to that data goes down
To realize secure and dynamic access for users and to eliminate lag times in delivering that access, organizations need to provide SSO into the cloud environment. This allows access request times to take minutes whereas before they would take hours or days. As new members are on-boarded to the team, they can have rapid access to services, and if and when they leave the company, IT staff can remove their access rights to all systems from a single location, an identity portal, instead of logging into dozens of different systems. Giving internal users access to cloud-based applications is essentially the same as providing access to other on premise applications. An identity portal provides identity management capabilities that enable organizations to deliver internal users, including privileged users, the ability to manage their own identities and request their own access rights to cloud based services.
Business Partner Access
When users must access resources beyond their own organization, a highly scalable solution for enrollment is required in which
- External users initiate enrollment and set their passwords,
- The organization customizes challenge/response options, authentication and access methods, and
- The user can deprovision the account when it is no longer needed.
Federated SSO and self-service access techniques are necessary for integration across organizational boundaries. Business today require a central, standards-based system to accomplish and implement user authentication, SSO, and self-service for business-to-business, business-to-employee, and business-to-consumer use cases. Having such a system in place relieves the complexity and expense of provisioning and managing user accounts. An identity portal framework helps organizations connect users to services and determine what credentials are beings use to connect without having to manage individual users, all while engaging with the end user to allow them to set account details and request application access.
In the 1990s, businesses urgently re-organized to capture the advantages of new technology available to them. In the last decade, online usage has grown exponentially. Everyone uses it, experienced employees are accessible, the technology is established and recognized, and the number of prospective customers continues to increase globally. The speed of high-tech development has not slackened—faster, smarter, and cheaper. Organizations are transforming business by expanding their systems to large numbers of internal and external users, many of whom are mobile. It will necessitate each organization to determine their own requirements of ensuring effective identity management, because each organization has its own needs, goals, and set of users. One thing is for sure: for a business to survive in a faster, smarter, and cheaper world, they will have to adopt automated solutions that enable the user to solve their own problems in new and exciting ways.
About the Author: Adam Fisher is a Principal Consultant with CA Technologies whose qualifications include CISSP Certification, a Bachelor of Science Degree in Information Systems and a Master of Business Degree in Information Technology Management; a detailed knowledge of IDAM technologies and best practices, and successfully lead projects at 4 of the top 5 banks in North American and Europe. Ten years of experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations throughout Europe and North America. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Title image courtesy of ShutterStock