Originally published at HelpNet Security
Today, data infrastructures are highly distributed – on premises, in virtual private clouds and in multiple public clouds. Given the number of high-profile data breaches and the increasing complexity of data privacy regulation, controlling access to a company’s farflung data stores is now a concern in every C-Suite.
A question I get asked almost every day is how to do secure access management right. How do you authenticate users to ensure they are who they say they are, while also enforcing policy controls to allow only authorized users access to sensitive information? How do you do all this without burdening users who need fast access to information to do their jobs? And how can you create this environment quickly without a lot of development time or hiring an expensive team of security experts?
At Datawiza, we believe that a new data access strategy, access management as a service (AMaaS), holds the key.
The limits of Identity Access Management
Identity access management (IAM) includes two major competencies that have remained distinct: Identity Management (IM) and Access Management. Over the last few years, we have seen significant innovation in the IM space, with the rise of several popular modern IM solutions, including Azure AD, Okta and Auth0, which are now referred to as Identity as a Service (IDaaS).
However, we have seen little innovation in the access management space, and the IDaaS solutions alone cannot create a complete enterprise solution for authentication and authorization. Tools like SiteMinder, introduced more than 15 years ago, were powerful in their day, but they were never designed for modern hybrid multi-cloud environments and do not integrate well with IDaaS.
5 Challenges of Identity Access Management
- Expensive and costly to implement
- Long time to value
- High total cost of ownership
- Difficult to install and manage
- Don’t work well in hybrid multi-cloud environments
Companies moving their applications from a legacy authentication system to a modern one require significant and painful application rewriting, and that the number of time-consuming manual configuration steps leads to frequent errors. Even integrating new applications with solutions like Azure AD or Auth0 can require heavy integration work, for example, understanding the modern authentication/authorization protocols (e.g., OIDC/OAUTH), learning different platforms’ SDKs/APIs, writing integration code for each app, etc. This is especially hard on enterprises that have to migrate hundreds or thousands of applications, causing IT bottlenecks that frustrate employees and even creating the very security vulnerabilities the company is trying to reduce. Companies have also found that rewriting a custom authentication system based on new protocols is a lengthy and expensive proposition and requires security expertise, delaying the move to Zero Trust.
Similarly, companies that have written custom authentication solutions based on outdated protocols, such as basic auth, cannot implement the latest security best practices or take advantage of IDaaS without significant rewriting.
So how can you migrate your legacy applications to IDaaS without rewriting them? How can you integrate your new applications to IDaaS in a no-code/low-code fashion? And once you have your apps migrated/integrated with IDaaS, how do you enable unified, policy-based authorization across your hybrid environment -- which may include multiple IDaaS providers and multiple private and public clouds -- without creating an administrative bottleneck that hinders user productivity or requires constant attention from security professionals? Finally, how can you accomplish all this cost-effectively and with a quick time-to-value and low total cost of ownership?
Secure Data with Access Management as a Service
Datawiza Access Management as a Service, like most “as a service” offerings, provides an easy-to-deploy solution that simplifies, centralizes and automates key business processes. This frees IT (system admins, DevOps and developers) from complex and costly activities that distract from more strategic tasks – while also allowing businesses to consume the service on a subscription basis and reduce Capex costs.
When combined with an IDaaS, the Datawiza Access Broker offers the following capabilities:
- Security and trust – The secure access management environment authenticates and authorizes every employee, customer, contractor or partner each time they access data – based on modern security protocols, Zero Trust, and MFA (multi-factor authentication) – with fine-grained access controls.
- Support for hybrid multi-cloud environments – The Datawiza Access Broker works with every environment (on-premises, multi-cloud, hybrid-cloud), no matter where the applications and data reside.
- User productivity – The solution supports SSO (Single Sign-on) across siloed environments, such as multiple clouds, so each user needs to have only a single login ID and password to verify who they are and their access rights across every application and data source.
- Ease of maintenance – Administrators no longer need to keep policies, roles and permissions updated across dozens or hundreds of applications. Datawiza promulgates a single update across the hybrid multi-cloud environment.
- Ease of deployment/faster time to value – The Datawiza Acess Broker makes it possible to create a secure access management environment without deploying hardware or installing and maintaining a suite of complex enterprise software. It also eliminates or minimizes the need for rewriting applications or writing new integration code.
- Centralized management – With Datawiza, the entire access management environment is visible from a single pane of glass.
- Future proof – Since the Datawiza AMaaS relies on published APIs, it maintains the relationships between the AMaaS and IM systems and between the AMaaS and corporate applications as the IM systems and the applications are updated.
Today’s distributed environments require a new, comprehensive and centralized approach to identity and access management that meets the challenge of ensuring security and governance in the face of ever-increasing complexity. The Datawiza AMaaS works with modern IDaaS solutions to establish a strong foundation for Zero Trust, enabling centralized management of SSO and MFA, along with fine-grained access controls across the entire hybrid multi-cloud infrastructure.