What is Cloud Identity?
Cloud identity or a cloud identity and access management (IAM) service is functionally similar to an on-premises or self-managed IAM system. It secures access between users and devices and the applications and resources they are attempting to use. Access is secured by verifying the identity of the user or device and then applying authentication and authorization policies to ensure the access is appropriate.
Unlike on-premises IAM solutions housed in an organization's data center, cloud identity is delivered as a cloud-based service. Also known as identity as a service (IDaaS), cloud identity solutions are designed to ensure that users are who they claim to be, and to provide them with the right level of access only to those applications, data, and resources they are authorized to use.
Moving IAM to the cloud
As organizations migrate to cloud services, and employees, contractors, and customers increasingly work and connect from everywhere, IAM has become an even more critical security pillar. It ensures users, devices, and things are granted access to the right resources, at the right time, and nothing more.
In the past, organizations predominantly leveraged on-premises IAM solutions managed in-house by IT teams. Managing identity in this fashion became increasingly complicated as applications moved out of the corporate data center and into the cloud. This transition left organizations struggling to manage complexity with identities across multiple, disparate clouds.
Organizations attempted to alleviate this complexity by leveraging the public cloud as an alternate data center, deploying their self-managed IAM solution in their private cloud environments to increase flexibility, scalability, and business agility.
An unintended consequence of this approach was an increased need for professionals with IAM operations expertise that left many organizations facing hiring, training, and retention challenges and skills gaps. To address these challenges, some businesses outsourced management of their on-premises IAM solution to third-party organizations.
Most organizations have legacy applications that they cannot move to the cloud, and there's been a tendency to maintain one or more IAM systems for these applications and another for cloud apps and services. Furthermore, most organizations cannot keep track of all the apps in use, as business units and teams often adopt the tools they need without taking IAM into consideration. As a consequence, IT and security teams have silos of identity data and parts of the organization into which they have no visibility at all. To reduce the risks that come with fragmented data, many organizations are using a hybrid cloud approach that enables them to see all access activities and identities across the enterprise.
Key elements of a cloud identity service
While early cloud identity offerings struggled to provide comparable capabilities and features to legacy on-premises solutions, today's enterprise-grade services have matured to address all critical elements of identity and access management and offer flexibility in deployment options.
It is essential that your cloud identity provider offer a comprehensive identity and access management (IAM) service capable of addressing the majority of your use cases in a single platform. Key cloud identity features include:
- Identity management: Everything that connects to your organization has a digital identity. From the day a new contractor is onboarded or a new device is registered to the day an employee leaves the organization, each workforce identity has a "joiner, mover, and leaver (JML) lifecycle" and requires differing levels of access privileges across systems and applications — and these privileges can change frequently as people change roles. Identity management automates management processes throughout the lifecycle of an identity — person, device, thing, application, or service — within the organization.
- Access management: Users want easy and secure access to applications from anywhere and at any time. Access management allows businesses to provide a secure and personalized login and access experience to users, while granting access only to the resources for which they have privileges. Access management also applies strict security standards that reduce fraudulent and malicious activity.
- Single sign-on (SSO): SSO allows users to log in once to gain secure access to all the applications and services they are authorized to access. SSO improves the user experience and eliminates the frustration of multiple logins. Implementing SSO reduces administrative costs, improves workforce productivity, and prevents customer drop-off for consumer applications and e-commerce sites. By centralizing digital identity and user access information, SSO provides greater visibility into each user's roles and entitlements and ultimately reduces risk.
- Multi-factor authentication (MFA): Traditional approaches utilizing a username and password combination to verify identity no longer provide sufficient security. To decrease risk and achieve a high level of confidence in a user's identity, MFA requires one or more additional authentication factors. Examples of MFA factors include biometrics, such as a fingerprint or facial recognition, one-time passcodes delivered via text or email, a push notification from an authentication app, or a security key.
- Passwordless authentication: Passwordless authentication enables a person to log in to an online account without having to enter a password. Instead, the user can use an authenticator app, a token, a smartcard, or a biometric, such as fingerprint or facial recognition, to authenticate their identity. Passwordless authentication enables organizations to eliminate the security risks and usability issues associated with passwords, while reducing help desk costs associated with forgotten passwords and password resets.
- Identity governance: Identity governance and administration (IGA) allows organizations to manage workforce identities and access privileges so that they can prevent inappropriate access and comply with a complex web of laws and regulations that vary by region. In short, it allows organizations to see and control what users have access to which resources.
What are the benefits of cloud identity?
A cloud identity solution provides all the expected capabilities and benefits of an on-premises IAM implementation. Because they are deployed as a cloud service, they offer additional benefits commonly associated with SaaS or cloud-delivered models, namely reduced costs and complexity, increased security, flexibility and scalability, and an improved user experience.
Reduced costs and complexity
Cloud identity solutions reduce costs in a few ways. By deploying as a cloud service, an organization can eliminate upfront costs normally associated with equipment, infrastructure, and installation, instead accelerating deployment while minimizing costs. And because there are no servers or software to maintain, operational efficiency increases and ongoing maintenance costs drop. In addition, user self-service capabilities and reduced reliance on passwords can further reduce costs associated with support and ongoing operations.
Increased security posture
A cloud service is continually secured, audited, monitored, and maintained by IAM experts and is always current with the latest patches and updates. Providing an equivalent level of in-house expertise and up-to-date security in an on-premises scenario has become cost prohibitive for most organizations.
Enhanced flexibility and scalability
Whether seasonal events and promotions lead to an influx of new customer registrations, or the acquisition of a new business requires adding a hundred or ten thousand employees to your organization, a cloud identity service can scale to handle fluctuations in traffic demands with ease. Just like any other cloud service, with IDaaS you only pay for what you use, and that means that growing organizations can spend more based on their business growth and others can keep their operational costs consistent.
Improved user experience
Cloud identity solutions seamlessly and securely connect entities — users, devices, and things — to apps and resources in a fast, seamless, and secure manner. New features like passwordless authentication, passkey support and others can be rolled out without any user disruption. That translates into better experiences and faster access for employee identities, contractors, and customers anytime, anywhere. And faster access leads to great user experiences that onboard customers faster, build customer loyalty, and enable employees to work more productively.
The Future of IAM
When applications resided in the data center and users worked inside corporate offices or branch locations, the data center was the center of everything. So it made sense that identity and access management solutions resided on-premises. But times have changed. Organizations are embracing digital transformation and cloud-first initiatives to make their business more agile and productive.
Applications have moved out of the data center and into the cloud, employees have left the corporate office, and customers are connecting from literally everywhere. Organizations are adopting cloud identity or IDaaS as the new approach to identity and access management to enable their employees, contractors, and customers to seamlessly and safely access the connected world.
It's important to ensure that your cloud identity provider offers a comprehensive, full-featured IAM platform of services so your IT teams don't have to choose between capability and deployment options. It should include enterprise-grade identity management, access management, and identity governance capabilities. A robust cloud identity service should be able to manage all your IAM needs, manage every identity across your organization, and should be able to coexist with your legacy IAM solutions.
ForgeRock Identity Cloud is a true identity-as-a-service platform and offers a full suite of modern capabilities for any identity and access need and in any business environment, all within a single implementation.