By Chris Fields, Vice President of Security Strategy.
All of the predictions around the explosion in the usage of Cloud technologies have finally come true. Many organizations are taking advantage of improvements in technology and reduction in cost and moving their applications off-premise and into shared data centers (a.k.a. the cloud). As cloud adoption increased, more security and identity and access management functions have become commoditized and moved off-premise as well. Single Sign-On (SSO) and Federation are two pieces that have recently arrived in the cloud with solid vendor options. SSO and Federation are two areas that typically leverage standards based technology and uniform implementation and integration approaches. These Software-as-a-Service (Saas) products offer improved speed of deployment, ease of administration, and lower cost of ownership than their on-premise equivalents because they are operating in a cookie cutter fashion that assumes that all SSO and Federation function uniformly.
The problem is when organizations look at their more advanced IAM functions and discover that their company doesn’t do things like their peers or competitors. There is little uniformity across the business processes that have been automated in mature provisioning solutions or with governance and compliance activities. There are very few Cloud IAM solutions that have tackled these higher functions in a multi-tenant environment with success. What is a company to do?
Many in the industry think that a hybrid model, or a joining of cloud and on-premise systems, is the architecture that will bridge the time until the next advances in technology make advanced configurations in a multi-tenant environment more viable. The hybrid model allows you to take advantage of the low price and ease of use of the cloud while still utilizing the more customizable on-premise IAM applications.
Once you decide that you need to move to a hybrid architecture, there are still a lot of decisions to be made around how the architecture should look. Will the cloud and the on-premise systems be allowed to communicate in real-time over dedicated network connections? Will you use secure API technologies from the cloud to manage identities in the on-premise applications? Would a bridge or proxy be a better decision?
There is no cookie cutter solution as every customer scenario is different. PathMaker Group has been working with cloud technologies for years and has the experience and expertise to help guide your architecture decisions, product selection, implementations from beginning to end.