Despite global security expenditure expected to reach £176 billion in 2020, data breaches continue to increase. Although two-factor authentication has long been the standard for remote access, we now know it is simply not enough. The Enterprise increasingly needs to find an alternative IT security solution to protect their valuable data and assets both inside and outside the traditional network perimeter. The deployment of effective Identity and Access Management (IAM) is precisely that solution.
IAM solutions are responsible for managing digital identities. With an IAM platform in place, access to information can be restricted within an
organisation to the appropriate users. These platforms identify, authenticate, and authorise not just individuals using IT resources, but also the hardware
and applications that employees need to access. Having an IAM platform in placeboosts security and ensures compliance.
Choosing an IAM platform can be a daunting task, so we’ve put together 12 questions to ask when evaluating identity & access management solutions, from authentication processes and deployment complexity to single sign-on and mobile operating systems.
Should we choose an on-premise or cloud-based solution?
When choosing whether to go with an on-premise, cloud-based or hybrid solution, the pros of each solution must be weighed up:
On-premise: Ideally suited to large enterprises who have the resources to manage on-premise solutions and its integration. On-premise provides greater levels of control compared to cloud-based solutions.
Cloud-based: Using cloud-based solutions offers enterprises the ability to quickly implement a solution with immediate cost-savings, easy scalability and a greater degree of flexibility to businesses looking to expand.
Hybrid: A hybrid solution sits between on-premise and cloud-based, with sensitive data hosted on-premise and less critical workloads hosted in cloud-based solutions.
Companies must weigh up which solution best suits their needs when choosing an IAM solution, examining the security and usability requirements of employees and users.
What applications do we need our Identity Management solution to work with?
The introduction of cloud-based Software-as-a-Service (SaaS) applications has greatly enabled previously complex modern IAM solutions. A good IAM solution can now support or integrate into thousands of applications. It’s important to evaluate which apps your employees use, have access to, and which apps you’d like to track. Once you’ve taken stock, you can then compare this to which business and consumer applications each vendor supports.
How do I know the Identity Access Management solution will suit my business’ future needs?
Whilst no one can truly accurately predict the next 5 years of a business, it’s always worth trying to envisage what your company’s requirements from an identity solution will be in future years. Questions to consider should include:
- Is it scalable?
- Will it receive future patches, updates, and will I receive any new releases?
- Throughout the deployment, will it be cost-effective?
What is the solution’s ability to support various authentication methods?
No two IAM solutions are the same, with each vendor having their own individual stance. Some IAM solutions can provide nearly 30 different multi-factor authentication (MFA) methods; ranging from mobile-push notifications to fingerprint and facial recognition biometric options. Using such a solution allows for a flexible approach, as different authentication methods can be adapted dependent on user, group or application.
Does the solution have Single Sign-On capability?
Choosing an IAM solution which includes web-based Single Sign-On (SSO) will come as a huge relief to admins and users alike. Benefits include reduced password fatigue, improved employee productivity, and reduced costs for IT. Using an IAM solution to enable SSO will help deliver a seamless user experience. Combine this with MFA and adaptive authentication, and admins can expect fewer authentication disruptions coupled with a highly secure access environment.
How is access managed for mobile devices and what operating systems are supported?
Whether it’s for consumer access or for businesses with a mobile fleet (be it corporate or BYOD devices), understanding the level of support IAM solution providers can offer mobile devices is key. If your company has implemented a BYOD policy, it is especially key to check whether an IAM solution supports a range of operating systems, from iOS and Android to Windows and BlackBerry.
How much will an Identity Management Solution cost me?
IAM solutions will often have complex pricing structures with different benefits. This is because some solutions will offer basic packages, whilst others venture into more sophisticated territory. Alongside this, there are different pricing models to take into account, with some solutions charging a per-user licence fee, whilst others include line items into various options. It’s key to create a like-for-like comparison to work out what you’re getting and for how much.
Does it provide any pre-authentication risk checks?
A sophisticated IAM solution can analyse multiple factors of an authentication request, including device, location, IP address, and behaviour. Through this, it can determine the legitimacy of every login attempt, meaning any request it doesn’t have total confidence in can be elevated to a higher risk level – meaning further authentication checks, or the attempt can be blocked entirely.
How will an Identity Management Solution impact user experience?
A good IAM platform should not compromise security for user experience and vice-versa. Users nowadays expect immediate, pain-free results from their digital experiences. To help create a seamless experience, ask vendors about whether they have user self-service options available. These can ensure peak productivity, enabling users to perform simple 24×7 functions such as password resets, account unlocks, device enrolment and more. A simple self-service option can reduce help desk calls by up to 60%, greatly freeing up staff whilst enabling a positive user experience.
IAM platforms which perform multiple risk checks also enhance the user experience, as they only require MFA steps if risk is identified.
How complex will it be to deploy?
Whilst identity management administration can be complex, some IAM solutions help simplify and accelerate the creation and administration of access control and user experiences across a number of systems. Leveraging reusable templates, policies, and settings can reduce administrative time greatly.
Does the Solution support passwordless authentication?
With 51% of people reusing passwords across their business and personal accounts, many companies may choose to eliminate the password side of authentication due to security concerns. Some IAM solutions combine multi-layered risk analysis through biometric authentication and mobile apps, thus removing the need for a password. Using biometrics with risk checks such as device, location, IP address and behaviour provides far better protection than a simple username-password combination or 2-factor authentication (2FA) alone, as well as enhancing the user experience.
How Available is the service?
As more services are protected by a central Identity, it is important to remember that this service is a vital part of your overall IT Service infrastructure. Users clearly need to be able to log in at all times. Make sure to check the availability of the service.
How We Can Help
At Mobliciti, we work with customers to identify primary business challenges to create tailored managed services. SecureAuth’s Identity Platform provides the flexibility required to meet security and usability requirements for diverse populations of identities — workforce and customer.
With Mobliciti Auth, we can offer SecureAuth’s Adaptive Multi-Factor Authentication service based on 99.99% availability and fully UK-hosted datacentres. It allows enterprise firms to implement a more secure authentication platform without disrupting user experience or adding to the cost & complexity associated with an on-premise deployment. Get in touch to find out more.