As corporations continue their trend towards hybrid environments, IT organizations are discovering another level of complexity to their any, any, any initiatives. The reality is that for most environments hybrid isn’t as simple as cloud-only architectures. Included in the mix of hybrid complexity are the Identity and Access Management (IAM) capabilities that must span across internal and cloud-based services to keep them secure and accessible. Whether corporate services are internal or cloud-based, identity information will need to be properly provisioned and governed, connectivity based on them need to be delivered to users on their mobile phones, tablets, laptops without causing confusion or requiring users to jump through hoops.
Having a robust IAM infrastructure matters because organizations are constantly seeking ways to scale faster, be agiler and engage more effectively with their customers and partners. Per the rule of corporate chaos, we know that these objectives usually don’t happen in methodical fashion. Rather than having time to step back to define the architecture from a big-picture perspective, the typical stories that I hear about are IT teams subjected to a series of tactical projects driven by business owners with initiatives or priorities.
It’s this siloed, tactical approach to identity and access management that leads to so many “accidental architectures;” if an environment is hard to manage and secure you probably have an accidental architecture. These environments are rife with silos of functionality that makes integration of resources complex. Because accidental architectures are unable to provide a uniform way of controlling and delivering access, sooner or later your organization will run into “Access Fatigue,” meaning your business has come to a realization it’s time to be more strategic and invest in an Access Security Layer (ASL).
Network architects can think of the ASL as a derivative their traditional network security layer where key functions and services are modular while the administration is centralized. A well-designed ASL provides centralized Identity and Access Management functions to manage identities and accelerate application implementation. Some of you may have seen a Gartner report talking about this exact point called The Evolving Architecture of Modern Identity. Of course, the right approach is never to let your environment reach that level of identity and access control chaos.
As you can see from the diagram above, I’ve defined the Access Security Layer to offer three functional segments: authentication services, security gateway services, and identity services.
NetIQ offers mature and robust solutions that integrate all disparate applications into a single, centralized solution.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.