Enterprise identity management has become increasingly complicated, especially in the new age of Hybrid IT and the cloud, in which enterprises maintain some on-site infrastructure while allowing a cloud provider to handle the management and maintenance of other, usually less critical data and applications. This kind of hybrid cloud deployment situation provides an ideal compromise between the cost savings and efficiency of a full cloud deployment and the expense and time-intensive-but-extremely-secure benefits of a completely on-premise solution. But with a hybrid deployment, enterprises must deal not only with on-site identities but also access and authorization for third-party providers, clients and customers.
There are four major areas – or, pillars, as this whitepaper from Microsoft defines them – of identity management, and together they form the foundation for a strong, comprehensive identity management solution that’s perfectly adapted to the new world of Hybrid IT.
Pillar 1: Administration
The first of these pillars is administration, or creating an accurate and centralized view of a user’s identity, according to the Microsoft report. Administration encompasses a number of aspects of identity, including provisioning, change and version control, and entitlements, all explored in-depth by Tom Shinder, Principal Knowledge Engineer, SCD iX Solutions Group, Microsoft, and his co-authors.
Pillar 2: Authentication
The authentication pillar is important since it determines how users prove to the solution that they are who they say they are (i.e., authorized to access applications and information). To integrate a successful authentication pillar, you must consider authentication strength, delegation and the end-user experience, Shinder and his co-authors said.
Pillar 3: Authorization
The authorization pillar is “about enabling an application or a resource to make the best decision possible. In other words, authorization means processing the incoming identity data in order to decide what an identity should be able to do within the application/service that it wants to access,” according to the report.
This pillar is crucial in allowing access only to those users who have been authorized to edit, add to and/or change information or application settings. If you don’t get this pillar right, you could be facing an avalanche of inappropriate access, compromised data integrity and application functionality issues.
Pillar 4: Auditing
Finally, you can’t afford to overlook the auditing component, despite the fact that it can be a complicated and time-consuming part of the solution. The most difficult issue to deal with is log data – web service logs, event logs, custom logs — all of this data must be harvested, processed, and filtered to ensure your identity management solution is working properly.
The new world of enterprise IT means that even enterprises with large, on-premise infrastructures will need to connect with public or private cloud resources and enable identity management, authentication, authorization and access control decisions to be made at all layers of the enterprise and cloud stacks, according to Shinder and his co-authors. The report points out that “current infrastructure designs were based on a firm delineation between on-premises corporate identity and external identities,” but as those infrastructure designs become obsolete, new challenges will arise.
The four pillars – Administration, Authentication, Authorization and Auditing — can help your organization develop and implement a comprehensive and robust identity and access control solution that can easily address the challenges of the new Hybrid IT world.
About the Author: Sharon Florentine is a freelance writer who covers everything from data center technology to holistic veterinary care and occasionally blogs for Rackspace Hosting.
License: Creative Commons image source
