Sign Of The Times: When Identity Access Management Platforms Aren't Ready For The Cloud

An emerging collection of Identity-as-a-Service vendors are disrupting traditional on-premise identity management platforms as the adoption of cloud-based services from, Box, Google Apps and Microsoft Office 365 continues to skyrocket.

Business owners are considering SaaS platforms from OneLogin, Okta, Ping Identity and other vendors to make logging into Web-based services a seamless process for employees, say solution providers and other industry observers. The market has been in a state of flux with traditional, on-premise platform makers retrofitting their platforms to support cloud delivery or acquiring components to meet customer demands for SaaS, said Andras Cser, vice president and principal analyst at Forrester Research, who predicts a market shakeup.

"There is absolutely room for consolidation because this is a very crowded market," Cser told CRN. "There are a large number of players in this crowded space, which is quickly commoditizing."

[Related: Discovering The SaaS Footprint]

Sponsored post

Large enterprises with significant infrastructure are often invested in on-premise identity and access management platforms from Oracle, CA Technologies, Dell, IBM-Tivoli, NetIQ, RSA-Aveksa and others. Symplified, one of the earliest vendors in the Identity-as-a-Service market, met an early demise in June when RSA acquired its assets.

Research firm IDC projected that the identity and access management market would reach $4.8 billion in 2013 and predicts continued market growth, reaching $6.9 billion in 2017. Analysts are looking at Ping Identity, a market leader, as a potential IPO candidate. Meanwhile, Ping Identity and other platform makers are busy adding capabilities such as user provisioning, customer-facing inbound identity services, access monitoring and analytics, and cloud encryption or data loss prevention.

The demand for Software-as-a-Service delivery models is one of the biggest growth drivers, said Pete Lindstrom, a research director for IDC's security products program. Organizations are focused on privileged identity and refining access controls among groups of end users, Lindstrom said.

SaaS identity vendors are creating opportunity for solution providers that specialize in delivering identity management projects to enterprises and for those migrating customers' Microsoft Exchange to Office365 and other cloud services. Larger businesses, often heavily invested in complex and incomplete on-premise identity and access management platforms, require customized solutions to extend capabilities to cloud services, said Todd Clayton, president and CEO of Coreblox, a New York-based identity management consultancy and solution provider.

"We don't typically see customers moving everything to the cloud so they're stuck with the problem of keeping certain pieces on-premise and certain pieces in the cloud," Clayton said. "Our job is to help them figure out how to stitch them together into a cohesive experience."

For cloud projects, organizations want to know how to properly authenticate users and need to be guided in maintaining authorization for users and understanding the options available to protect data in the cloud, said Tyson Kopczynski, a security solution principal at Slalom Consulting in San Francisco.

Organizations are increasingly shedding on-premise, monolithic identity platform implementations that are costly to build and maintain in favor of Identity-as-a-Service offerings or a hybrid approach, Kopczynski said. Even Microsoft, with its Azure Premium Active Directory offering, is looking at progressing into Identity-as-a-Service on its road map, Kopczynski said. Businesses will look to SaaS providers that remove some of the longstanding issues that hamper traditional identity projects and increase costs, he said.

"As a business, once you go down the SaaS road it starts removing some of the cost and complexity of maintaining [identity access management] within the organization," Kopczynski said. "All the major players seem to have a converging road map that sees [identity access management] in the cloud."

NEXT: Finding The Right SaaS Indentity Partner

SaaS-based identity platforms enable service providers to create use accounts for authenticated users, enabling orchestration to cloud services, said Tim Hopkins, a certified technical architect at Portland, Ore.-based managed services provider NTT Centerstance, which partners with Ping Identity.

"We see tremendous value in these tools when they simplify and accelerate enterprise security efforts both inside and outside the firewall," Hopkins said.

San Francisco-based Okta takes a hybrid approach to sales with about 25 percent of deals going through channel partners globally, said Bill Fitzgerald, vice president of channel sales. The company has more than 1,200 customers, including Western Union, LinkedIn and MGM Resorts International, and will increasingly rely on the channel to expand its market share, Fitzgerald said.

The company unveiled a four-tier channel program to grow its partner base, which currently includes 120 global partners. Okta finds value in solution providers with experience migrating traditional on-premise services to the cloud, he said, such as Microsoft national system integrator partners.

"We are focused on building relationships at that regional level and then working to grow something on a national level," Fitzgerald said. "My focus is about extending Okta's reach and revenue through a distributed partner ecosystem."

There is plenty of opportunity for solution providers to find a SaaS identity partner that fits within the specialty they have created, said Ashraf Motiwala, chief technology officer and co-founder of Identropy, an identity and access management and managed services consultancy. Motiwala said Identropy partners with Netskope to support its cloud advisory practice, which helps businesses get a handle on unauthorized SaaS services and add identity and data security controls that support productivity and reduce risk, said Motiwala said.

Identropy walks clients through an assessment process that maps policies and requirements to cloud identity platforms, single sign-on, federation and other SaaS security controls, such as data loss prevention, activity monitoring, data encryption and tokenization. Some businesses are waiting for their on-premise identity platforms to catch up to the pace of cloud adoption, but many businesses need to evaluate solutions to ensure data security and support regulatory compliance mandates, Motiwala said.

"Larger vendors are in unanimous agreement that their on-premise products are outdated and they have to do something in the cloud beyond ratcheting on a solution," Motiwala said. "These on-premise products were not built to support multitenancy."

This article originally appeared as an exclusive on the CRN Tech News App for iOS and Windows 8.