Ovum sees cloud transforming the IAM industry

Melbourne, 15 August 2013 – The cloud provides significant problems and opportunities for the identity and access management (IAM) industry, according to global analyst firm Ovum. It is a disruptive technology that is challenging the status quo within the IAM sector.

New research* from the global analyst firm examined the impact of cloud computing and identity-as-a-service (IaaS) on the IAM sector. Traditional platform vendors are coming under pressure from a new generation of cloud-based specialists that are changing the way that IAM services will be consumed in the future.

According to Andrew Kellett, principal analyst for IT security solutions and author of the report, “The increasing use of cloud-based services is driving the need for better and more interactive single sign-on (SSO) and federated identity management (FIM) facilities. For the foreseeable future, organisations will continue to make use of a mixed range of on-premise, hosted and cloud-based systems and services.”

Almost 80 percent of businesses already make some use of cloud services. Strategic as well as ad hoc adoption of cloud facilities is on the rise. The ad hoc element brings with it the added danger that business and IT could be sidelined if services are brought on stream in an uncoordinated manner by local decision-makers.

“The issue when working with locally sourced services involves what is becoming commonly known as “shadow IT”,” said Kellett. “In some organisations “shadow IT sprawl” is already presenting significant infrastructure, control and security problems. This is because services are often open at the point of delivery, and can allow anyone to sign up and create identities and passwords, while utilising information systems that the organisation does not control.”

On behalf of business organisations, their users, business partners and customers there is an argument being put forward that the only secure and acceptable way to log into business systems, including cloud services, is through an identity management system. Mainstream IAM platform vendors make a strong case for using their facilities to maintain secure access when moving between on-premise systems and cloud-based applications. Some are also reconfiguring their offerings to deliver IAM from the cloud.

“The question is, are they in a position to deliver on their promises? The answer is somewhat mixed because some have well advanced cloud strategies and others are just starting out. However, as with all issues relating to the management of cloud services and identity in the cloud, the maturity is not there, nor can it be,” says Kellett. Business requirements are not clear, and both enterprises and their service providers have work to do to clarify future requirements.

“The cloud remains a source of opportunity for the IAM sector. A new generation of cloud specialists are challenging established approaches to managing identity, and are positioning themselves as offering a more flexible, easier to deploy, and cost-effective approach to managing identity from the cloud. Their ability to operate independently as well as alongside existing IAM providers needs to be tested, as does the range, quality and security of the bridging facilities and application program interfaces (APIs) currently available for delivering access to cloud-based applications,” concludes Kellett.