Overview of Identity and Access Management Platforms
The larger the company, the more information systems and staff members it has. This brings the issue of managing employee accounts and their access to enterprise systems to the fore. In a small company, this can be done manually by in-house system administrators. In a large company, however, this presents a number of challenges: a large and ramified IT infrastructure makes manual management of identification and access a very labor-intensive process. We also need not remind you that the greater the human involvement, the higher the risk of errors, delays, information security incidents, and even intentional sabotage. History is rife with examples where employees leaked confidential corporate information to competitors or intentionally harmed the employer after losing their job.
To avoid such unfortunate outcomes while maximally automating and streamlining access management, companies resort to identity and access management (IAM) systems. They help manage user accounts and their access to corporate systems, applications, and devices. This solves all of the above-mentioned and many other issues. Such systems are plentiful. Our overview covers some of them. According to Gartner experts and industry pros, they rank among the best in this segment. You can also choose the one that suits you best using the selection tool we devised. It stands to mention that similar terms exist, such as Identity and Access Governance (IAG), Identity Management (IdM), etc. They actually refer to one and the same thing. For the sake of convenience, we use the term "Identity and Access Management" or its abbreviation "IAM".
If you dissect the anatomy of IAM systems, you will see that these are integrated solutions comprising many tools. They are responsible for various processes, among which several key ones stand out: single sign-on systems, multi-factor authentication and password management, access control and secure storage of user profile data. Reliable credential management systems should handle these tasks without too much trouble. They include tools for gathering and logging information about user logins into corporate operating systems and employee access to devices (ranging from printers to servers and data repositories). They also greatly simplify and automate the configuration of accounts and provision of access to employees. For instance, upon creating a new employee account, the administrator chooses his or her access level. Depending on this setting, the user can immediately use all information systems accessible at this level. The user can do so using his or her account password. However, this user cannot access a server with confidential information using this account password.
It is important to understand that an IAM system is not a solution that can be installed with a few clicks and be up and running immediately. Each company has its own unique IT infrastructure to which any platform has to be customized and integrated. An IAM platform often comprises several standalone products that can be used collectively or separately. It all depends on the objectives and needs of the company.
That's why technical aspects should be considered first when choosing a platform of this kind. For instance, you should look at the degree to which a specific platform is compatible with the IT infrastructure: whether it has the appropriate connectors (modules that interact with corporate tools), the extension and scalability opportunities it offers, the number of supported accounts, and the cost of specific products. It also would not hurt to check how user-friendly the system is. This is not limited to an intuitive interface and level of automation. You should look at how easy it is to add and delete new employee accounts, grant permanent or temporary access, and perform other common procedures. Most products let you evaluate their functionality by running a demo version.
Many products of this type are currently available on the market, both those by big-name vendors and lesser-known companies. You can compare the functionality of some of these tools and choose the best option for your business on the comparison table of IAM platforms
These are the key aspects that merit attention. Let us now examine specific solutions.
Oracle Identity Management
Oracle’s solution is a comprehensive, integrated platform for managing data and roles both in an enterprise setting and in the cloud. Oracle Identity and Access Management is currently one of the most functionally advanced products on the market. It covers almost all aspects of identity management, access control, and directory services. It features over 20 tools, including solutions for managing privileged accounts, access from mobile devices, passwords, detailed reports, etc. All basic identity and access management functions are also available through a multi-user cloud platform.
Oracle Identity and Access Management has an advanced analytical system. For example, it can find inactive accounts and detect unauthorized changes to access privileges by administrators of IT systems in an enterprise. It also displays current and historical data of audits of employee access privileges. You can also generate a report on the history of decisions to grant access privileges.
Keeping up with the times, the product developers implemented support of the Social Sign-on authentication mechanism for Facebook, Twitter, and LinkedIn social networks, as well as Google and Yahoo accounts. This lets you logon to corporate resources using these accounts or simply import information from them when creating corporate accounts. This solution is fairly convenient in addition to being a time saver.
Okta Identity and Access Management
Okta offers a number of cloud products for comfortable management of user access and account credentials adapted to web applications. Based entirely in the cloud, this service is compatible with both cloud applications and the corporate IT infrastructure. Okta offers a total of six products as part of its IAM platform. Worthy of special mention are a single sign-on system and a universal directory that offers access to all users, groups, and devices. It also comes with a multi-factor authentication feature and tools for managing access to the API and the company's life cycle. Okta also offers its own APIs and off-the-shelf tools that can be integrated into applications. Okta tools are compatible with various types of directories, including Active Directory and LDAP, and can also be integrated with third-party identity and access management tools.
Okta products give administrators a very high level of control. They allow configuring a number of conditions for user integration into a particular system based on specific criteria, for example, whether or not the user has an existing account. Administrators can also generate real-time security reports that help identify vulnerabilities or abnormal user behavior. Since the product is entirely cloud-based, its deployment and configuration takes the least possible amount of time. The tools are free to try for 30 days.
SailPoint IdentityIQ
This is an integrated identity and access management solution that uses role-based models, rules, and policies. In addition to access management proper, it offers detailed information about employee interactions with applications and data. IdentityIQ also offers the essential controls and tools for unauthorized access prevention, as well as access-related risk analysis functionality. The product offers a single sign-on system for business application users. Both cloud and local services are supported.
In addition to IdentityIQ, SailPoint also offers a cloud platform called IdentityNow. Both have similar functionality and a very user-friendly and intuitive interface. Free trial versions of the products are also available.
IBM Security Identity Manager
IBM has been on the Gartner leaderboard for several consecutive years with its IAM platform. Its product, Security Identity Manager, is a role- and policy-based tool. It offers a very high level of automation. If configured properly, the involvement of administrators is minimal and comes down to creating user accounts and monitoring system performance. It is fairly easy to configure Security Identity Manager after the first launch using a Wizard tool.
The platform can be shared across multiple companies and projects at the same time. For example, it offers access to specific resources not only to the company's own employees, but also to business partners or third-party developers. It also offers an audit feature and detailed reports on user access. This ensures a high level of security and minimizes access-related risks. The degree of risk is assessed with the help of AI. A great deal of attention is also devoted to management of privileged accounts. A detailed audit and reporting feature is also available for them. In the event of unauthorized access, safeguards are in place to minimize potential damage caused by intruders. This is accomplished using a standalone tool called IBM Security Secret Server. The solution can be rolled out both on enterprise hardware and in the cloud. The cloud offers access to many popular SaaS applications.
Microsoft Identity Manager
Microsoft Corporation is renowned for its software and cloud services. It is therefore no surprise that it also has something to offer in the realm of identity management. Microsoft Identity Manager manages account access to applications, directories, databases, etc. It uses sets of policies, rules, and roles, and also provides user integration between dissimilar systems. This makes them accessible from a single location under one user account.
The product offers powerful tools for managing passwords and multi-factor authentication as well as privileged accounts. It comes with Azure Active Directory. This cloud-based solution enables comfortable interaction with cloud applications and provides a high level of security. Support of mobile devices is another strong suit of this platform. This is made possible by a standalone tool called Enterprise Mobility + Security, which offers control and identification of mobile device users and provides reliable protection of data and applications on them.
CA Technologies Identity and Access Management
The platform offered by CA Technologies comprises five products. The core product is called CA Identity Suite. As its name suggests, the product is responsible for identity and access management. The product supports local and cloud applications, can be integrated with various IT systems and scaled up or down depending on the current needs and changes in the enterprise infrastructure. Identity Suite offers convenient reports and risk analysis, making it possible to neutralize or minimize risks on the go. Role- and policy-based management is also supported.
The tools called CA Advanced Authentication and CA Single Sign-On support advanced authentication and single sign-on. Both tools provide a high level of security when used with web and mobile applications, while significantly simplifying access for employees (and customers and partners, if necessary). In addition to these tools, CA Technologies offers a directory management tool called CA Directory and a security tool for applications called CA Rapid App Security. This tool grants access to applications after matching data on the device, the user account, and the application itself. The arsenal of Rapid App Security also features many other tools such as fingerprint or face scanners.
Ping Intelligent Identity Platform
The platform by Ping Identity is an integrated solution that can operate both as a regular corporate application and as a cloud service. A hybrid usage model is also possible. Intelligent Identity Platform offers plenty of tools for effective identity and access management. They include sign-on and multi-factor authentication, support of policies, detailed reports with risk assessment, etc. A great deal of attention is also devoted to access security. It is provided using not only standard methods and policies but also the company's brand-name proxy server (in the case of a cloud-based solution) or a configured corporate proxy.
The Ping cloud offers thousands of pre-configured applications accessible through this cloud. The platform also offers convenient management of directories, supports all common types of devices, and provides AI-powered security.
NetIQ Identity & Access Management
NetIQ’s versatile platform comes with the tools that cover all basic identity and access management needs of employees. Its policies are equally productive in local, mobile, and cloud environments, and the high level of security makes the workflows reliable and safe.
The NetIQ product supports multi-factor authentication and single sign-on in addition to providing a powerful password management tool. Detailed reports are available to system administrators. A particular focus is on privileged user accounts with a high level of access, since they can be compromised and exploited to harm the company. All of these tools are available to customers as standalone solutions. Their functionality can be tested during a free trial period.
Brief Summary
IAM platforms do not necessarily fall into the category of essential tools. Still, they can be a big help to the company's IT department. Such systems can significantly reduce the time of forced interruptions of workflows caused by delays in providing access or other similar issues. This in turn boosts the overall productivity of employees.
--
Author: Vladyslav Myronovych, for ROI4CIO
*Article was previously published at BusinessBlogs
Leave a Comment