Delinea | Privileged Access Management Blog

How Do You Choose the Right IAM Solution?

Written by Delinea Team | Sep 18, 2017 4:29:00 PM

Cloud-based services dominate today’s world and over the past few years, delivering cloud-based Identity and Access Management (IAM) solutions is no exception. The right solution can reduce risk, cut down costs and save time, but choosing the right IDaaS vendor requires careful consideration. Putting together some basic questions to ask while covering several key elements is the first step. So…where do we begin?

Is it a true hybrid solution?

Ask your prospective vendor if they truly provide a hybrid solution with control and access across on-premise and SaaS-based applications. Federation for SaaS apps is a great first step, but larger companies will demand solutions that are more mature and can handle the complex challenges of hybrid environments that include legacy on-premise apps as well as new SaaS apps. If these on-premise IAM capabilities aren’t supported, then companies will need to deal with disparate solutions, and that will be a struggle. At the very least, a solution should provide a single identity to access all apps -- wherever they may reside -- and from all end-user platforms (i.e. desktops, laptops, and mobile devices).

How do you manage access from mobile devices?

Today’s cloud-enabled and the mobile world go hand in hand and identity must be about the user... and the device.  Secure access needs contextual trust -- is your device known, managed, and secured? If your org has committed to a BYOD policy, does the solution at hand support iOS, Android, Windows, etc.? Unfortunately, most IDaaS solutions fall short when it comes to mobile support because they were built and architected before mobile devices became so prominent in accessing apps. Look for vendors that provide means to ensure that these end devices are trusted and secure. Look for those who have unified mobile and app access management as it reduces repetitive tools, processes, and skillsets. There is a true convergence of mobility and identity and they should go hand in hand.

How robust are the access policies?

Passwords alone can’t be trusted to properly and securely identify users and you need a solution that incorporates strong authentication and a common multi-factor experience across your apps (SaaS, cloud, mobile, and on-premise). Gartner confirms this by stating,

Use multifactor authentication (MFA) and adaptive access to the front door of the kingdom, meaning use MFA capabilities rather than only passwords when signing on to the IDaaS service.”  

The basics to ask your prospective vendor is if they can support various authentication methods (i.e. support for the password, soft token, hard token, biometric, and mobile device authentication). The next step is to look for MFA based on user behavior, flagging further authentication for “risky” behavior and creating automated policies that only challenge authentication when user behavior is outside norms.

Do you need a point solution or full platform?

What is the end goal? Point solutions will address the basic benefits of IAM but at the end of the day, you need a provider that can also address your foreseeable future needs. Too often we make the early decision of focusing on our immediate need and we ignore the complete, integrated platform by using several single-point solutions wired together (i.e. EMM, MFA, SSO, etc.). Frustration will soon build, accompanied by too many logins, integrations, and various challenges. The advantages of an integrated platform are far too large to ignore. Focus on an IDaaS provider that offers integrated technologies, and the ability to provide secure access for all users and solve actual problems, not just provide more tools.

Selecting the right IDaaS platform can be a challenging project and these are just some basic questions to help create and better understand your own specific requirements, before creating your long list. Leveraging analyst reports, such as Gartner, Forrester, and KuppingerCole, are also incredibly useful. Once you’ve defined your requirements, just as important is to vet and validate these capabilities customer reviews and testimonials as well. Independent sites such as FeaturedCustomers, aggregate customer reviews, customer videos, and case studies, aiding the purchasing process when you are ready. There’s nothing basic when it comes to choosing a cloud identity solution, but as you start to answer these key questions, they will inevitably help you in creating your own specs of the significant capabilities necessary for your organization.