by Christophe Primault
Published on 12 September 2011
The enterprise cloud revolution is upon us. IT organizations everywhere, from small and mid-sized businesses to Fortune 500 companies, are moving from on-premise application software to on-demand, cloud-based services.
As enterprise IT makes this transition to a new hybrid on-demand/on-premise paradigm, controlling who is granted access to which applications and data becomes increasingly important. This presents CIOs and their IT organizations with a whole new set of identity management challenges. In addition, end users face the challenge of keeping track of multiple URLs, usernames, and passwords to get access to their applications, and the role IT must play is also fundamentally changing. As the steward of these new services, IT must provide additional insight and advice about software-as-a-service (SaaS) applications to ensure the company is maximizing the business value of their investments.
Here are the eight biggest identity and access management (IDM) challenges associated with adopting and deploying cloud and SaaS applications.
1 - End-User Password Fatigue
The SaaS model makes it easier for users to initially access their applications, but complexity increases quickly with the number of applications they use. Each application has different password requirements and password expiration cycles also vary. So, multiply the variety of requirements by the variety of expiration cycles and the result is lost user productivity and increased user frustration as they spend time trying to reset, remember, and manage these constantly changing passwords and URLs across all of their applications
2 - Failure-Prone Manual Provisioning and De-Provisioning Process
When a new employee starts at your company, IT often provisions the employee with access to the corporate network, file servers, email accounts, printers. Since many SaaS applications are managed at the department level (Sales Operations manages Salesforce.com, Accounting manages QuickBooks, Marketing manages Marketo), access to these applications is often granted one-at-a-time by the specific application's administrator, not by someone in IT.
3 - Compliance Visibility: Who Has Access to What?
It's always important to understand who has access to applications and data, where they are accessing it, and what they are doing with it. This concern increases when it comes to cloud services. Unfortunately, only the most advanced offerings like Salesforce.com even offer any compliance-like reporting, and when they do it's siloed for just that one application.
4- Siloed User Directories for Each Application
If you're like most enterprises, you've made a significant investment in a corporate directory (such as Microsoft Active Directory) to manage access to on-premise network resources. As you adopt cloud based services, you need to leverage that investment and extend it to the cloud, rather than create a parallel directory and access management infrastructure just for those new SaaS applications.
5- Managing Access across and Explosion of Browsers and Devices
One of the great benefits of cloud applications is that access is available with any device that is connected to the Internet. As discussed previously, more apps mean more URLs and passwords, and the rise of mobile devices that have real computing capability introduces yet another access point.
6 - Keeping Application Integrations Up to Date
Truly centralizing single sign-on and user management requires building integrations with numerous applications and keeping track of the maintenance requirements for new versions of each application. For the vast majority of organizations, having their IT department maintain its own collection of connectors across that constantly changing landscape is unrealistic and inefficient.
7 - Different Administration Models for Different Applications
As cloud applications become easier and less expensive to get up and running, companies adopt more point SaaS solutions every day. These solutions are often managed by the corresponding functional area in a company, such as the Sales Operations group in the case of Salesforce.com. While this is beneficial to IT, leaving application administration to others and freeing up more time for other tasks, it also creates a new problem with no centralized user and application administration and reporting
8- Sub-Optimal Utilization, and Lack of Insight into Best Practices
One of the reasons for the rise of cloud applications is that low upfront costs and monthly subscription models have replaced the upfront lump sum of the old, on-premise license purchase. CFOs clearly prefer to pay for the services that employees use as they go. With no centralized insight into usage, however, information technology and financial managers have no data to manage these subscription purchases and little idea whether they are paying for more than they actually use.
Okta is the market leading on-demand identity and access management service that enables enterprises to accelerate the secure adoption of their web based applications, both in the cloud and behind the firewall. Okta delivers a complete solution addressing the needs of IT, end users, and business leaders; no customization required. With a catalog of pre-integrated applications and deep integration with Active Directory, Okta provides IT centralized user provisioning, access management, and reporting. Every end user gets a personalized, single sign-on home page for all of their applications, and business leaders get the insight they need to maximize ROI and track compliance.Okta's intial service is built on a secure, reliable and extensible on-demand, multi-tenant cloud services platform. That platform will be the foundation for a growing set of core Okta and partner services that empower businesses to eliminate cloud adoption barriers and unlock the potential of the cloud for enterprise users everywhere