During a recent forum in Washington, DC, one of the discussion leaders casually referenced the evolution of the perimeter from a physical to virtual entity. I expected some debate, but instead, saw violent consensus that this shift is both on-going and welcome. More surprising was the uniformity of opinion that the primary control for enterprise resource access is now identity and access management (IAM) – which is a correct observation.
So, that’s the good news. The bad news is that IAM infrastructure is often more complex than the underbelly of the Space Station. And trying to wrestle IAM from the shackles of an enterprise LAN into a hybrid cloud is not easy. The most difficult challenge is that much legacy IAM infrastructure will remain inside the DMZ indefinitely. You know the analogy: It’s like rewiring an airplane in flight over the Atlantic.
To this end, IAM solution providers must deal with the dual challenge of supporting existing enterprise, while also easing the transition to a more virtual architecture. I had the recent great privilege to interview Andre Durand, CEO of Ping Identity. He was kind enough to share his views on the critical role of IAM in the enterprise, and explained how his fine company is approaching the challenge of cloud.
EA: Andre, do you see IAM as gaining in strategic importance as a primary control in most enterprise environments?
AD: Yes, that is certainly occurring in all environments. With the progression to hybrid cloud in the modern enterprise, the only way to create seamless control is to get the identity and access management approach right. The Ping identity platform is designed specifically to address IAM at scale across cloud, mobile, and legacy on-premises, becoming the primary control plane. Most IT and security teams have begun to realize this shift in their enterprise architecture.
EA: What are the biggest challenges for IAM teams as companies migrate to mobility and cloud?
AD: I would say that the biggest challenge we see in our work with customers involves maintaining the critical capabilities these enterprises require to ensure seamless, secure access to applications. This includes support for single sign-on, multi-factor authentication, access security, directory services, and data governance – all of which are obviously vital capabilities for any enterprise. And increasingly, these features must work seamlessly across a hybrid IT environment that spans both on-premises applications and cloud-based infrastructure.
EA: How do you see identity federation evolving in the coming years? Will the larger cloud providers federate to everyone else?
AD: Yes, we do see identity federation evolving, and great progress has been made already across the IAM community. With modern application portfolios now spread across hybrid IT environments has come increased complexity for administrators and users. Enterprise teams must therefore work with modern IT and security platforms that support the latest IAM standards to meet federation requirements between all participants including SaaS, on-premise, and cloud environments. Users demand SSO at scale, and without standards-based federation, that is not possible.
EA: What will be the role of mobile devices in future enterprise IAM?
AD: Mobile devices will become, and you could make the case that they already have become, fundamental components to the overall IAM solution. Every person and business is now dependent on mobility for their business and personal needs and interests, so the integration of mobile devices, tools, services, systems, and infrastructure into IAM has become a key aspect of modern enterprise security.
EA: Tell us about some of the new capabilities and streamlined services being developed by your team.
AD: The Ping Identity Platform is continually advancing to deliver a highly secure and seamless experience for end users and administrators. We see large enterprises adopting new digital business initiatives, which can expose new security risks and new serious gaps in an organization’s security, compliance, and user experience. We are extending our platform with new customer IAM capabilities, advanced multi-factor authentication features, data governance, and regulatory compliance capabilities, and we are continuing to make it seamless to migrate from legacy IAM systems to the Ping Identity Platform. We are focused on helping enterprises close their security and compliance gaps before they are exposed to risks. And I should say that we continue to focus on giving users a fantastic experience.