{"id":17761,"date":"2020-02-18T10:10:10","date_gmt":"2020-02-18T18:10:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/02\/18\/news-11494\/"},"modified":"2020-02-18T10:10:10","modified_gmt":"2020-02-18T18:10:10","slug":"news-11494","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/02\/18\/news-11494\/","title":{"rendered":"Harnessing the power of identity management (IDaaS) in the cloud"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Tue, 18 Feb 2020 17:25:42 +0000<\/strong><\/p>\n<p>Sometimes, consumers have it easy.<\/p>\n<p>Take, for example, when they accidentally lock themselves out of their personal email. Their solution? Reset the password. With one click, they&#8217;re able to change their old, complicated password with a new, more memorable one.<\/p>\n<p>Self-service password reset is awesome like this. For users on a business network, it&#8217;s not so simple. That is, unless they&#8217;re using identity-as-a-service (IDaaS). <\/p>\n<h3><strong>What is IDaaS? <\/strong><\/h3>\n<p>IDaaS\u2014pronounced \u201c<em>ay-das\u201d<\/em>\u2014stands for identity-as-a-service. Essentially, it is identity and access management (IAM)\u2014pronounced \u201c<em>I-am\u201d\u2014<\/em>deployed from the cloud. <\/p>\n<p>Organizations use IAM technology to make sure their employees, customers, contractors, and partners are who they say they are. Once confirmed via certain methods of authentication, the IDaaS system provides  access rights to resources and systems based on permissions granted. And because it&#8217;s deployed through the cloud, business entities can request access securely wherever they are and whatever device they\u2019re using.<\/p>\n<p>Giving its own users self-service access to portals is just one of the ways an IDaaS system can provide support for businesses. In fact, the need to better engage with customers while securing their data and conforming to established standards has become the main driving force behind the move to IDaaS.<\/p>\n<h3><strong>IDaa<\/strong>S vs. traditional IAM<\/h3>\n<p>While traditional, on-premise identity management systems offer levels of self-serve access for employees at the office, their benefits are limited in comparison to cloud-based options. This is because IAMs are:<\/p>\n<ul>\n<li><em>Expensive to create and maintain.<\/em>\u00a0It costs more if the organization supports global users due to complexity of infrastructure. IAMs can also be unsustainable overall as the business grows. Both cost and infrastructure complexity increases, making IAMs more difficult to support.<\/li>\n<li><em>Inefficiently managed, security-wise.<\/em>\u00a0IAMs that must be placed on legacy systems, for example, put organizations at risk because patching these systems is a challenge, leaving the door open for vulnerabilities at access points.<\/li>\n<li><em>Time-consuming.<\/em>\u00a0Upgrading IAM hardware is time-consuming. Sometimes, the upgrade doesn\u2019t happen if it means long downtimes and lost productivity. Also, IT teams are faced with significant time-consuming (and patience-testing) tasks, from\u00a0<a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.okta.com\/resources\/whitepaper\/increase-efficiency-iam\/\" target=\"_blank\">password resetting to user provisioning<\/a>.<\/li>\n<li><em>Not future-proofed.<\/em>\u00a0Although some traditional IAMs can provide limited cloud support, they\u2019re essentially designed to handle on-premise resources. Since IAMs inherently lack support for modern-day tech (mobile devices, IoT) and business disruptors (Big Data, digital transformation), they don\u2019t address what current users need and want.<\/li>\n<\/ul>\n<h3>Benefits of IDaaS<\/h3>\n<p>Businesses can benefit from IDaaS in so many ways. For the sake of brevity, keep in mind these\u00a0<a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.ibm.com\/account\/reg\/us-en\/signup?formid=urx-30841\" target=\"_blank\">three main drivers for adapting IDaaS<\/a>: new capabilities, speed of implementation, and innovation. Not only would these make them more attractive to potential customers, but also helps to retain current ones.<\/p>\n<p><em>New capabilities<\/em>, such as\u00a0<a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.techopedia.com\/definition\/4106\/single-sign-on-sso\" target=\"_blank\">single sign-on (SSO)<\/a>, gives business customers the ease and convenience of accessing multiple resources using only a single login instance. Logging in once creates a token, which the IDaaS system then shares with other applications on behalf of the customer, so they would not need to keep logging in. <\/p>\n<p>SSO also removes the burden of remembering multiple login credentials from users, which usually drives them to create memorable but also easily breakable passwords. Needless to say, SSO\u2014and other protocols like Security Assertion Markup Language (SAML), OAuth (pronounced\u00a0<em>\u201coh-auth\u201d<\/em>), and OpenID Connect (OIDC)\u2014will greatly enhance an organization\u2019s security.<\/p>\n<p>Since IDaaS is cloud-based, <em>implementing<\/em> it in your organization is a lot quicker. For one thing, hardware provisioning is already with the IDaaS provider. What usually takes a couple of years to realize will only take several months\u2014sometimes even a few weeks. <\/p>\n<p>Organizations that are still unsure of whether they want to fully embrace IDaaS but are curious to try it out can temporarily use the solution as a subset of their applications. Should they change their minds, they can pull back just as easily as they pushed on.<\/p>\n<p>And finally, IDaaS removes the barriers that inhibits organizations from moving forward on <em>innovation<\/em>. Understaffed IT teams, the mounting costs surrounding IT infrastructure that only gets more complicated over time, and insufficient support for modern technologies are just a few of problems that hold modern businesses back from innovating in their own workforce processes, product offerings, and marketing and sales techniques. <\/p>\n<p>Business leaders need to get themselves \u201cunstuck\u201d from these problems by outsourcing their needs to a trusted provider. Not only will doing so be lighter on their pockets, but they can also customize IDaaS\u2019s inherent capabilities to fit their business needs and improve their customer engagement. It\u2019s a win-win for all.<\/p>\n<p>Note, however, that a pure IDaaS implementation may not be for every organization. Some organizations are simply not ready for it. In fact, the majority of enterprises today use hybrid environments\u2014a combination of on-premise and cloud-based applications. This is because some organizations believe that there are some resources best kept on-premise. And when it comes to IDaaS adoption, utilizing the best of both worlds is increasingly becoming the norm.<\/p>\n<h3><strong>My organization is small. Is IDaaS still necessary?<\/strong><\/h3>\n<p>Absolutely. Small- and medium-sized businesses experience many of the same IAM issues enterprise organizations face. Every employee maintains a set of credentials they use to access several business applications to do their jobs. An SSO feature in IDaaS will significantly cut back on the number of login instances they have to face when switching from one app to another.<\/p>\n<p>It\u2019s a good question to ask if your business needs IDaaS. But perhaps the better\u2014or bigger\u2014question is whether your business is compliant enough to established security and privacy standards. Thankfully, having IDaaS will help with that issue as well. The caveat is that organizations, regardless of size, must evaluate potential IDaaS providers based on their maturity and their capability to offer a great solution. No two IDaaS offerings are the same.<\/p>\n<p>Mike Wessler and Sean Brown, authors of the e-book&nbsp;<a href=\"https:\/\/www.ibm.com\/account\/reg\/us-en\/signup?formid=urx-30841\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">\u201cCloud Identity for Dummies\u201d<\/a>, propose some questions to consider when deciding:<\/p>\n<ul>\n<li>Are they a new company on a shoe-string budget catering to lower-end clients with cost as the primary driver?<\/li>\n<li>Are they relatively new in either the cloud or IAM field where they gained those capabilities via recent acquisitions and are simply rebranding someone else\u2019s products and services?<\/li>\n<li>Do they have legitimate experience and expertise in cloud and IAM services where offering IDaaS is a logical progression?<\/li>\n<\/ul>\n<h3><strong>What are the possible security problems?<\/strong><\/h3>\n<p>Despite the good that IDaaS could bring to your organization, it is no cure-all. In fact, some security researchers have already noted concerns on some of its key capabilities. Using our previous example, which is the SSO, it is argued that this has become a \u201csingle point of failure\u201d should the authentication server fails. Or it can also act as a \u201csingle breach point,\u201d waiting to be compromised. <\/p>\n<p>The cybersecurity sector has a dizzyingly long laundry list of use cases where organizations are breached due to compromised credentials. Australia\u2019s Early Warning Network, which was compromised a year ago, was caused by\u00a0<a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/01\/early-warning-network-compromised\/\" target=\"_blank\">the misuse of stolen credentials<\/a>. And there are many ways credentials can be leaked or stolen. Organizations can thwart this by requiring the use of\u00a0<a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\/\" target=\"_blank\">multi-factor authentication (MFA)<\/a>.<\/p>\n<p>The bottom line is this: IDaaS or no, businesses still have to adopt and practice safe computing habits to minimize their attack surface.<\/p>\n<p>If you&#8217;d like a more in-depth reading on IDaaS, please visit the following:<\/p>\n<ul>\n<li><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.okta.com\/resources\/whitepaper\/8-identity-access-management-challanges\/\" target=\"_blank\">Top 8 identity and access management challenges with your SaaS application<\/a><\/li>\n<li><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.ilantus.com\/blog\/have-you-found-the-real-cost-of-idaas\/\" target=\"_blank\">Have you found the real cost of IDaaS?<\/a><\/li>\n<\/ul>\n<p>Stay safe!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/explained\/2020\/02\/harnessing-the-power-of-identity-management-idaas-in-the-cloud\/\">Harnessing the power of identity management (IDaaS) in the cloud<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/explained\/2020\/02\/harnessing-the-power-of-identity-management-idaas-in-the-cloud\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Tue, 18 Feb 2020 17:25:42 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/explained\/2020\/02\/harnessing-the-power-of-identity-management-idaas-in-the-cloud\/' title='Harnessing the power of identity management (IDaaS) in the cloud'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2020\/01\/shutterstock_1580349928.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>With security, compliance, and customer engagement driving organizations to the cloud, it&#8217;s no wonder IDaaS has become the standard in identity management. Learn about the benefits and concerns of IDaaS for organizations of all sizes. <\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/explained\/\" rel=\"category tag\">Explained<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/hybrid-environment\/\" rel=\"tag\">hybrid environment<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/iam\/\" rel=\"tag\">iam<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/idaas\/\" rel=\"tag\">IDaaS<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/identity-and-access-management\/\" rel=\"tag\">identity and access management<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/identity-as-a-service\/\" rel=\"tag\">identity-as-a-service<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/singe-sign-on\/\" rel=\"tag\">singe sign-on<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/sso\/\" rel=\"tag\">sso<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/explained\/2020\/02\/harnessing-the-power-of-identity-management-idaas-in-the-cloud\/' title='Harnessing the power of identity management (IDaaS) in the cloud'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/explained\/2020\/02\/harnessing-the-power-of-identity-management-idaas-in-the-cloud\/\">Harnessing the power of identity management (IDaaS) in the cloud<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10522,24249,21077,19837,21872,24250,24251,10603],"class_list":["post-17761","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-explained","tag-hybrid-environment","tag-iam","tag-idaas","tag-identity-and-access-management","tag-identity-as-a-service","tag-singe-sign-on","tag-sso"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17761","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17761"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17761\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17761"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17761"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17761"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}