Omada in the Media: CEO Interview with Identity Management Solutions Review
Identity Management Solutions Review interviews Omada CEO Morten Boel Sigurdsson on the future of identity and access management.
Solutions Review: Identity and access management-as-a-service - do you feel this is the direction IAM solutions will take over the next few years? And what features of identity and access management-as-a-service do you feel will be most important in the future?
Morten Boel Sigurdsson: IAM-as-a-service is a future-proof solution, which gives some obvious advantages:
Customers have, by now, passed the hurdle of getting a secure cloud service, which among other reasons happened [by] getting organizations’ HR data into the cloud. This mental hurdle has been crossed and organizations are therefore now more open to cloud adoption. For many organizations, IAM-as-a-service is a more secure solution as they do not have adequate critical mass themselves to maintain the same security level as would be the case on-premises.
Another advantage is that organizations can get much faster time to value with an IAM-as-a-service solution. They do not need to spend time on installation and there is no need to spend time on automating scripts [or the like], meaning organizations can get the solution up and running [much faster]. With IAM-as-a-service we also experience that customers are more inclined to adopt standard processes instead of getting solutions customized, which also means faster implementation.
There are many benefits of IAM-as-a-service for organizations, including increased ROI, faster time to market, and benefits of scale for both customers and the solution providers. IAM-as-a-service can be delivered either by managed service providers or delivered by the vendor as a software-as-a-service.
There are many features of IAM-as-a-service, which we feel will be important in the future. Identity and access governance is among others especially important in relation to hybrid IT environments, supporting the so-called ‘cloud first’ strategies, which many organizations are starting to implement, as well as the general increase in digitalization.
The increase in hybrid IT environments means organizations require seamless access governance across both on-premise enterprise solutions and cloud-based services and platforms. For most, it is challenging [today] to ensure that the right people have access to the right information at the right time across cloud and on-premises applications. An advanced identity and access governance solution, working across both cloud and on-premises applications, is therefore crucial to minimize risk and maintain security around identities and data.
Organizations need a solution which includes access requests, provisioning of users, accounts, applications, entitlements, and recertification across multiple platforms and systems. It must be easy to establish an overview of access data across hybrid IT environments, monitor access to critical data, validate and ensure that only the right people have access to critical data, and govern users, applications, and cloud resources. An efficient solution should enable segregation of duty (SoD), policy management, role-based access control (RBAC), and other assignment policies such as provisioning, validation/reconciliation, compliance reporting, and attestation/re-certification, meaning that the organization can ensure greater governance, thereby working to close the governance gap across all cloud and on-premise platforms. This in turn creates full visibility and a strong foundation for comprehensive control across all an organization’s applications, identities, and entitlements.
Another important feature is automating the identity lifecycle. Automating your organization’s identity and access management process not only provides efficiency and enormous time saving, it can also improve quality. If identities are not given the correct permissions, the organization faces increased cybersecurity risks, both from externals sources looking to wreak havoc or the quiet insider threat.
By automating identity and lifecycle processes, organizations not only ensure that new employees, partners, and contractors can be up and running from day one. The organization can also implement processes for employees’ entire journey through the organization, such as maternity leave, promotion, and retirement. This thereby increases the security, speeds up efficiency, and frees up necessary resources for (among others) the IT department.
Identity-as-a-service lowers the hurdle for companies to adopt an identity and access governance solution and thereby responds to an urgent need in the market, paving the way for easier, faster compliance. Identity and access governance, delivered as-a-service, means organizations gain easier access to compliance and security with a solution, which drives down the total cost of ownership.