According to new research by Forrester and IDC, the identity and access management (IAM) market is a bright spot in the slumping IT market, with the vast majority (77 percent) of respondents to a recent survey of 239 security decision-makers in the U.S. and the U.K. indicating that plans are underway in their organization for new investment in IAM of externally focused website and applications.
The reasons for the large number of respondents suggesting that they have plans to implement an identity and access management solution are as varied as the types of organizations that are implementing the systems. Some of the main driving reasons are reduced costs of IAM applications, enhanced functionality, reduction in the time and effort needed to implement, time and labor savings from automating an otherwise manual process and increasing the overall security of on-premises and cloud applications.
Let’s take a deeper dive into each of these areas.
Five or 10 years ago, the costs associated with a full-blown IAM application were quite high, easily approaching and often exceeding $100 per user when figuring all associated costs of the product and implementation. While large organizations could absorb these costs, small to midsize companies often struggled with finding a discernable ROI. Today, these costs have been slashed by 75 percent or more, making the solutions more affordable to virtually any company.
Even as costs have gone down, functionality has significantly increased. Today’s systems allow for more interaction from the employee level up to management level. Workflows can easily be designed to handle approval and request processes and eliminate paper or email methods. In addition to just applications and access, this can include items such as requesting a company cell or tablet.
Access governance reporting – who has access to applications with what rights – is becoming commonplace. Functionality to determine file structure rights and group memberships are also being integrated into IAM solutions to allow a complete picture of the network. Allowing for employee self-service such as password reset requests is becoming the norm in complete solutions as well.
Easier and quicker to implement
As costs have decreased, so has the time needed to get a system from the planning stages to completion. Early adopters of IAM were often faced with months or even years of effort to get the system functional. This long time frame was always accompanied by the need for expensive consulting personnel and heavy involvement from the company’s IT staff.
The IAM systems of today can now often be implemented in a few days to a few weeks, depending on the level of sophistication required. Further, many of the modern systems have been created with ease of configuration in mind, allowing internal staff to implement on their own while minimizing the need for expensive, external consultants.
A small to midsize organization will not have a significant number of employees who are on-boarded and off-boarded as would a large company; but the time spent creating, managing and deleting users can still be considerable. Further, these small to midsize companies normally have a smaller IT staff that is tasked with doing more. Routing mundane tasks, such as provisioning user accounts takes a back seat until it becomes critical when a user is unable to perform his or her job due to inaccurate access rights. By automating these tasks or enabling employees and managers to perform the requests and approvals, the IT staff can recoup valuable time.
Security – in house and in the cloud
One of the driving forces for IAM deployments is to increase the internal security of the network and data access. The days of copying one user as a template for another are over. Frequently, this led to too many or too little in regards to access for applications and data. While adding access rights is common, revoking them is often overlooked. This is also true of adding employees. They are always created in systems or applications to ensure they can perform their jobs; but removing them from all systems upon their departure is often one of the tasks relegated to the back burner, to be completed when things aren’t as hectic.
The explosion of cloud applications further complicates these issues. Now, with IAM solutions, an IT person must only log in to a Web portal to create, manage and delete users. Virtually all cloud applications have a monthly cost associated with every user, so provisioning only those that truly need access, and timely deletion of users, has a direct cost impact on the company.
Older IAM systems did not extend user life cycle management to the cloud and were limited to on-premises systems, but all modern IAM solutions now can easily accommodate both types of applications.
Based on the many factors above, it is easy to understand why so many organizations are planning on implementing IAM solutions in the near term, even as overall IT spending remains stagnant or decreases. The cost /benefit analysis of the solutions has reached the tipping point where it makes sense to invest sooner rather than later to begin reaping the benefits.
Dean Wiech is managing director of Tools4ever, a global provider of identity and access management solutions. Dean has worked with businesses for more than 20 years, helping them identify solutions that make their businesses more secure, efficient and easier to manage. He is responsible for Tools4ever’s U.S. operations and has written dozens of articles about identity and access management, security, IT audits, BYOD, the cloud and managing IT for small businesses to enterprise systems. Follow him on Twitter.