Identity Management (in the cloud): IDaaS


What is IDaaS?

Identity as a service (IDaaS) is a SaaS-based Identity (and Access) Management offering that allow organizations to use single sign-on (SAML or OIDC), authentication and access controls to provide secure access to their growing number of software and SaaS applications.  (“Identity as a Service (IDaaS) – What is IDaaS”)

Gartner defines IDaaS as, “a predominantly cloud-based service in a multi-tenant or dedicated and hosted delivery model that brokers core identity governance and administration (IGA), access and intelligence functions to target systems on customers’ premises and in the cloud.”

What are the benefits?

  • Single Sign-On – removes password fatigue – there is no need of remembering multiple IDs and passwords – a single one gives access to all apps and functionalities.
  • Easy and efficient provisioning – creating roles, accesses, and identities is simple and can be pre-defined. Cleaning up after an employee is terminated can be clean and complete, without any loose ends.
  • Password reset self-service – using multi-factor authentication it is simple for users to reset their passwords on their own. This reduces helpdesk phone call and emails and saves hours and manual labor.
  • Logging, tracking, and red flags – noticing  trends that indicates brute force attacks on passwords is simple, and rules can be made to lock out systems after ‘x’ number of wrong attempts
  • Risk transference – The onus of maintaining the data confidential, and ensuring high availability is on the cloud provider

What are the disadvantages?

  • Out-of-premise – An organizations employee/customer data: id, passwords, phone numbers: are all stored out-of-premise at a server of the cloud providers choosing – this can still be a concern
  • Complexity – getting various disparate applications to fall under the umbrella of an SSO can be complex and takes a sizable development and production cycle
  • Downtime – if the cloud provider has a service outage – all access is locked out (as it recently happened with AWS) (” Amazon’s massive AWS outage was caused by human error”)
  • IDaaS provides can have data breaches – and clients data is completely at risk. This was highlighted in the OneLogin breach earlier this year- where the breached data was capable of being decrypted. (“Identity management outfit OneLogin sugar coats impact of attack”)

Examples of IDaaS providers-

The 2017 Gartner Magic Quadrant clearly displays the IDaaS enterprise players and their position in the security world-

References:

Identity as a Service (IDaaS) – What is IDaaS. (n.d.). Retrieved September 19, 2017, from https://www.pingidentity.com/en/resources/client-library/articles/identity-as-a-service-idaas.html

Rey, J. D. (2017, March 02). Amazon’s massive AWS outage was caused by human error. Retrieved September 19, 2017, from https://www.recode.net/2017/3/2/14792636/amazon-aws-internet-outage-cause-human-error-incorrect-command

Sharwood, S. (n.d.). Identity management outfit OneLogin sugar coats impact of attack. Retrieved September 19, 2017, from https://www.theregister.co.uk/2017/06/01/onelogin_breached/