Identity Governance Evolving in the Enterprise
Global enterprises have a lot of changing needs as they constantly pivot to address ever-changing business requirements. This is forcing more and more enterprises to evolve their infrastructure. While some are moving to a cloud-first strategy, others are looking for a delivery option that reduces their needs for skilled staff and limits infrastructure capital expenses. Regardless of what path they take, all enterprises need identity governance with the ability to manage their entire hybrid IT environment. This means that identity management needs to evolve to meet those needs, offering more than one ‘flavor’ of identity governance deployment options.
To gain greater insight into how enterprises are managing their identity management deployment strategies without sacrificing critical capabilities, I reached out to Dave Hildebrand, who leads business unit activities for IdentityIQ. Dave oversees the engineering, product management, development, and client services for IdentityIQ, and is the perfect position to see this activity across a wide range of organizations and industries.
How is increased cloud adoption changing the way customers approach identity management?
As our customers think about cloud and identity, they’re starting to make some distinctions in two key areas. One is whether they want to deploy these systems on-premises or in the cloud, and the other is how they want to manage their identity governance programs in general.
Some of our customers want to accelerate their identity management program by using a SaaS offering such as IdentityNow. In this case, they’re not deploying anything, as it’s all handled by the IdentityNow service. Some customers are choosing to deploy IdentityIQ because they have the need for more flexibility to adapt to their complex identity management needs, but even these customers are starting to leverage cloud environments like AWS and Azure to realize some of the operational cost benefits that are just inherent in those cloud environments.
In the end, the question for these IdentityIQ customers is whether they want to deploy IdentityIQ on-premises or whether they want to deploy it in the cloud. We’ve been working diligently here to innovate and support both of these IdentityIQ deployment options.
The second big distinction is the management of their overall identity governance program. Management of these programs can range from deployment and configurations we’ve talked about, but also day-to-day application management of the identity application itself as well as the ongoing identity governance program execution for things like managing an access certification campaign.
Customers can choose to manage all these things themselves or they can rely on a services provider to provide any or all of these services. These services providers can manage the deployment and the configuration services, or they can even provide the day to day running of the application itself.
On the first point you made, what do you see as the decision-making process or the important factors when deciding on-premises versus cloud identity deployment?
I think some of this is driven financially by the customer. They want to be out of the data center business. Some of them have even been given mandates to get out of the data center entirely, and identity management is one other application they’d like to move out. I think some of this is driven by the cost and availability of IT staff with the right skills and the cost/benefit of cloud versus on-premises.
When it comes to timing the move to cloud, does much of it depend on the nature of their architecture?
That’s an interesting question. I think it does. If they still have a large portion of the work that they’re managing in the data center, they may be slower to move identity to the cloud, and I have one customer where identity Management was the last application they moved into the cloud.
What do you see as the common identity-management and cloud pathways forward for customers?
There are valid reasons for being in all different types of computing environments, and I think we will continue to see customers with good reasons to move into the cloud, and we’ll continue to see people make different choices on that management spectrum as well. And I don’t know whether we’ll see a full migration of customers into the cloud, I think it’ll be a subset of the customers who will want to do that and others will stay.
Are there tradeoffs between having identity managed in the cloud verses on-premises?
Yes, I think there are tradeoffs. One is you’re losing a bit of control around your identity management program that is not on-premises and in a cloud environment like AWS or Azure. This causes some customers to pause and may be a sticking point getting into the cloud at all because they lose partial control. It also might be that they have a sophisticated IT staff and they’re fine managing on-premises.
When it comes to identity management and cloud, do you think these concerns will linger for some time?
Customers have become more comfortable with their cloud environments. Some do remain laggards, but many others are very eager to get out there on the cloud. It is often simply about attaining a comfort level with these cloud environments.
When it comes to moving IT processes to the cloud, we’ve seen it already happen in many other areas of technology. When it comes to identity management, we do think there’s a slower migration. Much of this is because of the type of data that touches identity, and the control that these companies want over this data. I think regardless of where you’re deploying identity management, you need to be able to manage resources that are on-premises as well as those that are cloud-based resources, and that’s not going to change for some time.