Signs It's Time to Modernize Your Identity Management Software

© 2016 Forrester Research, Inc. Reproduction Prohibited 3

We work with business and technology leaders to develop customer-obsessed strategies that drive growth.

Your legacy IAM system is obsolete. Now what?

Andras Cser, VP Principal Analyst

December 14, 2016

5© 2016 Forrester Research, Inc. Reproduction Prohibited

› IAM is essential for business

› General IAM future requirements

› The problem with legacy IAM systems

› Replacement of IAM systems

› B2E, B2B and B2C need one workflow

› Forrester’s predictions

Agenda


›Perimeter is long gone (Can you give a laptop with VPN to every contractor and employee???)

› Identity has emerged as the new perimeter

›Holistic approaches for joiner, mover, leaver, attestation and self service processes

›Unified treatment of Application, Data, Endpoint, and Network access controls

Shift identity to the center of your threat detection ecosystem

7

Digital transformation drives IAM


›Digital customer experience vs Security strength

› IAM must support profile and preference management

› IAM must protect privacy

› IAM must aid in helping protect sensitive data

›Mobile/any device support

› IAM must support BI

IAM is essential for today’s business and digital transformation


› Consumer like user interface everywhere

› API security and availability of IAM services as an API

› Behavioral profiling built in

› Multimodal and multi target IAM (SaaS and on-premIAM policy servers to support cloud and on-premworkloads

› IAM becoming lightweight (microservices)

› Privacy and security must be built in

General IAM future requirements


›Monolithic

›Customization requirements are high = high hidden costs

› IT and admin and not business user focused

›Minimal cloud support (on-prem IAM with on-prem app support)

Legacy IAM systems present considerable headache


›Most IDaaS is not quite here for governance and provisioning

›Configurability of IDaaS is still lacking

›Open source solutions are tempting but can be a dead end (cost of deployment is high)

›Upgrades, reimplementation usually mean brand new implementation

›Great opportunity to simplify business requirements

Replacement of IAM systems require careful planning


› The lines are blurred between these populations (employee helping a contractor or consumer)

› Privacy and security concerns remain

› Scalability is hugely problematic

› B2C systems need integration with non-security information (customer profile, master data management)

B2E, B2B and B2C users need one workflow


›Today’s environments are 10x-100x bigger than what we had even 4-5 years ago

› 11 billion mobile devices

› 50-100 billion IoT connected devices (Forrester est.) – hard to patch, easy to attack

›Using IoT devices to perpetrate DDoS attacks has already been demonstrated in the Dyn DNS breach

Recommendations: Assess Scale


› Look at vendor track records of implementation and mapping of business process

›Define what IAM product and configuration migration success means (timelines, etc.)

› Look for microservices and loosely coupled architectures

›Prepare for IoT scale everywhere

›Prepare for access anywhere

Recommendations: Migration


› IAM suites becoming much more loosely coupled than today

› IDaaS will do provisioning, governance and attestation, not just SSO

› B2C will spawn a new class of customer management services

› Fraud management and IAM / access control integration is key

› Behavioral profiling is to expand to certification and access request management

Forrester’s predictions


›You don’t want to be on CNN headline news

›Security has shifted from a Director/VP/CISO/CIO IT problem to a CEO problem

›Data protection is a key concern

›Mobile and IoT present new challenges

›BYOD/user owned devices are here to stay

Assess the impact of cyberattacks

forrester.com

Thank you

Andras Cser

+1-617-613-6365

[email protected]

•

•

•

•

•

•

CASE STUDY: WORKFORCE & CUSTOMER IAM

•

•

•

•