Embed Size (px)
Citation preview
THE IAM PRO’S GUIDE TO BUILDING A BUSINESS CASE
Part Three of Three: Consolidating Identities with a
Modern Directory Solution
WHITE PAPER
The IAM Pro’s Guide to Building a Business Case, Part 3WHITE PAPER
2
TABLE OF CONTENTS
03
04
06
08
09
10
INTRODUCTION
PAIN POINTS OF LEGACYDIRECTORY SOLUTIONS
REQUIREMENTS FOR A MODERN DIRECTORY SOLUTION
HOW MODERNIZATION BENEFITS YOUR ENTIRE ORGANIZATION
THE BOTTOM LINE
CONCLUSION
ANALYST PERSPECTIVEHybrid IT requires highly integrated directories
with identity federation and provisioning
capabilities that extend the reach of identities to
internal, on-premises and external cloud systems.
Source: Gartner: Eight Opportunities and Challenges for Cloud Directories in Hybrid IT (2016)
The IAM Pro’s Guide to Building a Business Case, Part 3WHITE PAPER
3
INTRODUCTION
Applications, attributes, schema, devices, protocols and users are multiplying by the day. Mission-critical resources are everywhere.
User groups are becoming more diverse. Your various directories are experiencing unpredictable demand spikes from groups who
require uninterrupted access.
Proprietary, decentralized identity stores made sense when serving identity data to proprietary applications from the same vendor was
required. As standardized communications protocols and SDKs have minimized this requirement, silos of identity data have become a
significant cost to security, productivity and the bottom line.
You know that modern directory solutions can help.
Modernizing your legacy directory environment supports increasing performance and stability, moving to the cloud, and an increasingly
diverse set of apps and APIs. A robust, consolidated solution for managing identities will also improve workforce productivity and
decrease IT expenses.
You know your enterprise needs to modernize its identity infrastructure.
Convincing others, though, requires building a solid business case. You can guide your organization toward a better, more secure future
by demonstrating how a modern directory solution will:
• Improve performance to all applications and APIs reliant on identity data.
• Enhance the security of your employee, partner and customer identity data.
• Drastically lower the total cost of ownership of your identity infrastructure.
These are just some of the benefits of a modern directory solution. And it’s no accident that they’re aligned to your company’s top
strategic objectives.
This paper will help you build a business case that demonstrates how IAM can provide the reliability and performance you need, as well
as accelerate digital transformation and propel your company forward.
The IAM Pro’s Guide to Building a Business Case, Part 3WHITE PAPER
4
PAIN POINTS OF LEGACYDIRECTORY SOLUTIONS
Dispersed legacy directory solutions are problematic. Requiring disparate hardware infrastructure, software licensing and management efforts,
these outdated solutions require unnecessary costs and complexity to maintain consistent access security across applications.
And maintaining consistency is important. When you don’t, you face vulnerabilities, not to mention a frustrated workforce that’s hamstrung
by clunky access to the resources they need to be productive.
With productivity, security and cost concerns in mind, let’s take a look at five specific areas where your legacy directories may fall short
of today’s requirements:
1. INEFFICIENCY AND INABILITY TO SUPPORT CLOUD DEPLOYMENT• Efficiency is out of reach with no roadmap or support for virtualized deployments.
• Generic cloud hardware is often not supported on proprietary, legacy systems.
2. PLAGUED BY SCALE, STABILITY AND LATENCY PROBLEMS• As apps, data and attributes are added, latency and response time worsen.
• As scale increases so does downtime, impacting business operations.
3. INCREASED SECURITY RISK• Inconsistently enforced security policies and a general lack of oversight make decentralized identity systems gateways for stolen credentials.
• An inability to limit administrative access and resource consumption, or obfuscate and encrypt sensitive data all leave you at risk.
4. LACK OF SUPPORT FOR MODERN APPS• New applications and development teams often prefer developer-friendly REST APIs and SCIM, which many legacy deployments cannot support.
• Rigid schema make it difficult to incorporate new, required attributes for partner and customer access to applications.
5. HIGH TOTAL COST OF OWNERSHIP• Addressing high availability and global scale while deploying proprietary hardware exclusively in on-premises locations leads to increased
infrastructure and management burdens.
• Significant administrative effort is required to resolve frequently reappearing problems that aren’t resolved through limited vendor support,
like “hot fixes” and security patches.
The IAM Pro’s Guide to Building a Business Case, Part 3WHITE PAPER
5
Figure 1: Common on-premises legacy directory deployment with heavy infrastructure footprint on proprietary hardware, making it difficult to deploy in the cloud.
The IAM Pro’s Guide to Building a Business Case, Part 3WHITE PAPER
6
REQUIREMENTS FOR A MODERN DIRECTORY SOLUTION
When it comes to meeting the demands of the applications your workforce relies on, you need a best-in-breed identity management solution that delivers on these eight characteristics:
1. SUPPORTS BARE METAL OR VIRTUALIZED,
ON-PREMISES OR CLOUD DEPLOYMENT• Is certified by VMWare and is able to run in Azure and AWS.
• Offers easily scripted installation processes for multi-server, fully replicated and highly available infrastructure.
2. PROVIDES THE PERFORMANCE, RELIABILITY AND SCALE YOU REQUIRE• Supports thousands of transactions per second for large amounts of data.
• Accommodates growth from increasing users, devices and digital engagement.
• Provides carrier-grade high availability through unexpected demand spikes.
3. PROTECTS AGAINST A DIVERSE SET OF THREATS• Encrypts at the data layer end to end, for data at rest, in motion and while in use.
• Governs access to data and monitors use with tamper-evident logging.
• Enables limited administrative accounts with customizable active and passive alerts through JMX, SNMP, SMS and email.
• Integrates with certified compatibility to multiple SIEM platforms.
4. CONNECTS IDENTITY DATA TO MODERN AND LEGACY APPLICATIONS • Utilizes modern protocols and authentication flows like LDAP v3, SCIM 1.1, OpenID Connect, OAuth 2.0 with integrated support for
RESTful services.
• Provides flexible JSON schema for structured and unstructured data.
• Supports proprietary legacy apps by adapting to non-standard behavior, unique response and encryption formatting, atypical error codes
and rigid schema.
5. SUPPORTS SYNCHRONIZATION AND UNIFICATION OF IDENTITY DATA • Facilitates real-time or scheduled bi-directional synchronization to ensure seamless user experiences.
• Allows synchronization from diverse sources of data, such as LDAP, RDBMS, Active Directory and NoSQL, without disrupting applications.
The IAM Pro’s Guide to Building a Business Case, Part 3WHITE PAPER
7
6. LIMITS RESOURCE CONSUMPTION FROM RELYING APPLICATIONS• Protects identity infrastructure from DDOS and malicious insider deletes/requests.
• Reserves sufficient resources for business-critical applications.
• Ensures inside application requests cannot interfere with web traffic.
• Provides native dashboard or API visibility into root cause of problems.
7. INTEGRATES WITH EXISTING ARCHITECTURE FOR ZERO
DOWNTIME MIGRATION • Automates migration of schema, configurations, ACIs and data.
• Routes client requests to the appropriate directory server automatically with no changes or administrative efforts required to
accommodate legacy clients.
• Augments Active Directory to achieve larger populations with better uptime.
• Supports a broad range of configuration changes with seamless rollback.
• Performs phased migrations from Oracle, CA, NetIQ (Novell E-Directory) and RSA.
8. REDUCES TOTAL COST OF OWNERSHIP• Reduces hardware footprint from legacy implementation by as much as 80%.
• Simplifies infrastructure, reducing administration, maintenance and support hours.
• Eliminates scale-related outages, reducing IT costs and impacts to productivity.
Figure 2: PingDirectory can deploy on virtual machines on premises or in the cloud. Combined with efficient entry balancing, this can have a significant impact on your bottom line.
The IAM Pro’s Guide to Building a Business Case, Part 3WHITE PAPER
8
Your case for modernization wouldn’t be complete without a clear statement of the benefits to your entire organization. Here’s what you and others can expect when you implement a modern directory solution.
Security & Compliance• Ensure corporate policies relating to administrative access, security requirements and data governance are followed for identity
systems across the enterprise.
• Reduce employee use of unsanctioned cloud accounts to improve productivity, reducing the exposure of sensitive data and enabling
timely removal of cloud access.
• Restrict data access and provide a single source for audit reporting with data governance.
Supply and Value Chain Partners• Provide an improved, more secure experience for suppliers, distributors, logistics providers and other partners.
• Experience top-line benefits and improved security.
IT Executives• Improve stability and performance of all directory-reliant applications.
• Enable introduction of modern mobile and cloud-based applications.
• Increase IT capacity with scripting for self-tuning and other administrative tasks.
IT Budget Owner• Reduce overall hardware costs as much as 80%.
• Reduce administrative and support costs.
IAM Admins• Create standards for identity data to ensure quality and ability to use across all relying systems and applications.
• Reduce implementations that need to be managed by centralizing identity data.
All Employees• Increase performance and stability for all directory-reliant applications.
HOW MODERNIZATION BENEFITS YOUR ENTIRE ORGANIZATION
The IAM Pro’s Guide to Building a Business Case, Part 3WHITE PAPER
9
THE BOTTOM LINE
There are a number of benefits when you make the move to a modern directory solution. For starters, you’ll reduce your risk of business
disruption from relying on products that are facing end of life. There’s also a cost associated with staying invested in a product that’s no longer
being actively updated. Beyond this, there are hard cost reductions and bottom line benefits to modernization.
Infrastructure SavingsWhen migrating to a modern directory solution, you can expect a significant reduction in hardware costs. In fact, many customers reduce their
overall hardware footprint by as much as 80%. An out-of-the-box configuration for efficient entry balancing and replication helps support the scale
you need, while simultaneously minimizing costs. Decreased expenses stem from reductions in disk and memory requirements, and the ability to
run on virtualized, commodity hardware in any domain. If you choose to deploy in a cloud environment, you’ll experience additional savings as a
result of efficient resource utilization.
Labor SavingsA modern, consolidated directory solution allows you to deploy your limited pool of IAM resources on more productive projects. You’ll no longer
have concerns surrounding latency, stability and growth adjustments for relying applications. You can also eliminate the time associated with
investigating outages, applying “hot fixes” and implementing frequent security patches. Administrative black holes of continual rebooting,
resetting and fixing errors disappear. Finally, extended troubleshooting without support from your legacy vendor becomes a thing of the past.
Licensing and Support SavingsIt is common for directory licensing to be included in the cost of the relying applications. However, requirements for expensive proprietary
hardware and time spent maintaining systems no longer actively supported by the vendor make these licenses anything but free. And while open
implementations licensing may require no hard cost, you can incur significant soft costs in the way of maintenance and support efforts stemming
from custom implementations.
#3255 | 05.17 | v001
ABOUT PING IDENTITY: Ping Identity leads a new era of digital enterprise freedom, ensuring seamless, secure access for every user to all applications across the hyper-connected, open digital enterprise. Protecting over one billion identities worldwide, more than half of the Fortune 100, including Boeing, Cisco, Disney, GE, Kraft Foods, TIAA-CREF and Walgreens trust Ping Identity to solve modern enterprise security challenges created by their use of cloud, mobile, APIs and IoT. Visit pingidentity.com. 10
CONCLUSION
An investment in modernizing your directory environment has widespread benefits impacting the entire organization. From increasing security
of identity data to improving the performance of applications across the enterprise, these benefits are highly visible and align closely with
corporate objectives.
Here’s a quick overview of how a modern, consolidated identity solution will address your objectives and align to business initiatives.
Improve performance to all applications and APIs reliant on identity data• Handle thousands of transactions per second.
• Accommodate growth of users, devices and digital engagement.
• Provide carrier-grade high availability, even during unexpected demand spikes.
• Support bi-directional synchronization for seamless user experiences.
Enhance the security of your employee, partner and customer identity data• Ensure end-to-end data layer encryption: at rest, in motion and while in use.
• Leverage tools to govern access to data and monitor data use with tamper-evident logging.
• Limit access to administrative accounts with active and passive alerts.
• Benefit from certified compatibility with multiple SIEM platforms.
Drastically lower the total cost of ownership of your identity infrastructure• Reduce hardware footprint from legacy implementation by as much as 80%.
• Simplify infrastructure, reducing administration, maintenance and support.
• Eliminate scale-related outages, reducing IT costs and impacts to productivity.
• Enable cloud deployment for efficient resource utilization.
Ready to build your business case for a modern directory solution? You can strengthen your rationale by including the specific hard and soft
cost savings you can anticipate. Calculate yours with our technical brief Cut TCO with a Modern IAM Directory Server.
And be sure to read parts one and two of the IAM Pro’s Guide to building a business case for modernization:
Part One: Modernizing Legacy Web Access Management (WAM)
Part Two: Upgrading On-prem 2FA to Cloud-delivered, Adaptive MFA
