Webinar Wrap-up: How Datawiza AMaaS Makes Azure AD Even Better
On July 13, 2021, we partnered with Microsoft to present “Secure Legacy/Private Applications with Azure Active Directory and Datawiza.” David Gregory, senior program manager, Microsoft Identity CXP, and I demonstrated how easily Datawiza’s access management as a service (AMaaS) solution works with Azure AD to enable companies to migrate applications to Azure AD with just a few clicks. We also focused on how the combined solutions save time and resources while enabling a Zero Trust security.
Did you miss our webinar? Explore the session on-demand
During the webinar, several interesting questions came up. Since these are the issues that are most on the minds of businesses looking to solve their access management challenges, I want to spend some time elaborating on my answers.
Why is Microsoft working with Datawiza?
The goal of Azure AD is to simplify and centralize access, improve the user experience and help customers achieve zero trust. In addition to Office 365, Azure AD can be used to secure access to third-party SaaS applications like Workday and Salesforce, other cloud platforms like AWS or GCP, and legacy and on-premises applications. The problem is that many companies with multiple platforms already rely on multiple identity solutions - resulting in unnecessary complexity and costs, as well as potential security gaps.
As a result, a key goal for Microsoft is to make it as easy as possible to migrate applications to Azure AD. Microsoft has a solution, Azure App Proxy, but it is primarily for remote access users. Using Azure App Proxy for users inside the corporate network creates latency and a less-than-desirable user experience.
Datawiza provides a secure, cloud-native, “one-click” way to migrate applications to Azure AD, for both remote users and those inside the corporate network. Datawiza can reduce the migration effort by as much as 10X, while actually improving security by reducing the potential for errors arising from manual migrations. So the more complex the environment and the more applications there are to migrate, the greater the value of Datawiza.
What is access management as a service?
We are defining a new category, access management as a service, or AMaaS, and the most complete answer is in a dedicated blog post from earlier this year. Briefly, AMaaS enables companies to easily bring all their applications -- whether private (or on-premises legacy) applications and new cloud applications -- into identity management solutions to achieve single sign-on (SSO), multi-factor authentication (MFA), and fine-grained URL-level conditional access control across an entire hybrid multicloud environment. The Datawiza AMaaS is made up of two parts. The Datawiza Access Broker is a lightweight cloud-native proxy that connects applications and APIs to identity providers such as Microsoft Azure AD, Okta and Auth0. The Datawiza Cloud Management Console (DCMC) provides comprehensive, centralized, fine-grained policy management, visibility and analytics across the entire environment. The solution consolidates access management across all data sources in hybrid multicloud deployments for continuous, real-time trust and risk management. Datawiza also future-proofs enterprises by maintaining the relationships even as application and identity systems are updated.
Do I have to migrate my applications to the cloud to use Access Management as a Service?
No you do not. We make it easy to migrate applications to Azure AD, but you have the option to deploy your applications wherever you want, on-premises, in a private cloud or in any public cloud, such as Azure. This means existing applications can stay exactly where they are, and new applications can be deployed wherever they make the most sense to balance security, performance and cost. Hybrid environments introduce complexity, but they also let you achieve maximum agility. Datawiza lets you take advantage of the agility of hybrid while simplifying data access management.
How do you authenticate an API?
You can authenticate API requests using the Datawiza Access Broker, which can also sit in front of APIs to validate access tokens, enforce access policies, and perform other tasks necessary to secure APIs.
Does Datawiza work for hybrid work -- meaning both remote and onsite users?
Some proxy solutions work great for remote users but introduce latency, and even security concerns, if they have to route corporate user logins back out to Azure AD. However, the Datawiza proxy sits very close to applications and can be deployed as a gateway or as a sidecar or agent. As such, Datawiza does not need to route all traffic to Azure AD. For corporate applications, the Datawiza proxy talks to Azure AD only to finish the single sign-on protocol, for example, the OIDC protocol. After that, everything flows inside of the network.
How long will it take to bring hundreds of applications under one purview of Datawiza and Azure AD?
It really depends on the experience and confidence level of customers. Based on our experience, customers tend to go very slowly with the first three to five applications, spending several hours on each to see how the process works and test the migration. But after that, most configurations take only a few minutes to accomplish. It really is that easy.
Does the Datawiza Access Broker need to reside on the same servers as the applications?
No, the Datawiza Access Broker can reside on any server, as long as that server can talk to your application. That is, it can be deployed using a gateway model or sidecar model, but it can reside on any server, including on the server of the application itself.
Is the Datawiza Access Broker a dedicated hardware device, or does it run on Windows or Linux VM?
Our Datawiza Access Broker (DAB) can reside on any server. We deliver it as a Docker container, so as long as you have a Docker environment, you can install it on Windows, Linux, or even Mac. And the DAB is a very lightweight proxy. The Docker image is only 100 megabytes compared to other solutions, which might require 200 gigabytes of disk space.
Can we try Datawiza before implementing it?
Yes, we have a free trial available on the Datawiza website. We also have very good documentation, which you can reference, or we can help you set up the free trial or answer any questions regarding how Datawiza works and how to deploy it. Feel free to contact us at email@example.com or 540-912-8886.
To hear about future webinars and events, follow us on LinkedIn.