Fischer International Identity

BUILT FOR BUSINESSYOURS

WHITE PAPER
Identity as a Service
A simple solution to a complex problem


Rene Bacherman
President and CEO, Fischer International Identity
























Fischer International Identity: Identity as a Service (IaaS) 1
Introduction

Today's competitive and pressure-filled business climate has created the need for organizations to spend
more time managing technology with fewer resources and lower budgets. Outsourcing is one way that
this issue is being addressed. However, most outsourcing models still incorporate traditional licensing and
traditional software deployment. Software as a Service (SaaS) is a sourcing alternative that has become
increasingly more popular among organizations of all sizes. According to Gartner, SaaS will grow seven
times faster than on-premise software deployments [through 2009]. SaaS provides the required
functionality without the burdens of licensing, implementing, managing, and updating software. SaaS,
which is used interchangeably with software on-demand, is already more pervasive then most people
realize. Salesforce.com, WebEx, and Fidelity Investments 401K.com are among the best known
examples of SaaS on the corporate side. eBay is prominent on the consumer side and might well be the
largest provider of software on-demand.

SaaS provides many additional benefits compared to other delivery models. They include:

Increased service levels
Lower investment cost
Shorter time to value
Improved business continuity and disaster recovery
Better access to advanced capabilities
Less risk

The most common SaaS offerings are business applications such as messaging, CRM, ERP, and HR, as
well as security applications such as threat management, end-point security, and virus protection. While
clients derive significant value from application technology as a service, interoperability technology as a
service provides exponential value. This paper addresses the challenges, value, and viability of
interoperability technology as a service, and specifically, Identity as a Service (IaaS).


Infrastructure Technology as a Service

When architected correctly, infrastructure technology provides enterprise interoperability, which is
required to transform application technology stovepipes into a cohesive platform for efficiently managing
business processes. Interoperability brings organizations the benefits of uniform services, global
acceleration, reduced complexity, and remote management, while securely and affordably enabling
additional strategic services.

Generally, interoperability comes at a high cost: an extensive integration effort, especially across
domains. The cost and complexity of integrating disparate applications and infrastructure components is
often so great that it negates any value. For this reason, Global Outsourcers and Service Providers have
been slow to adopt infrastructure technologies as lines of business.

Ideally, infrastructure technologies would quickly and cost-effectively interoperate with local and remote
systems and fully leverage contemporary standards such as SOA to further reduce integration time and
cost. Additionally, they would be able to run within open-source environments to predict and minimize
ongoing operational costs. A technology with these attributes would eliminate the barriers to entry for
offering infrastructure technology as a service.




Fischer International Identity: Identity as a Service (IaaS) 2
Case in Point: Identity Management

Identity Management (IdM) enables organizations to automate the management of identities, access
rights, and resources across multiple IT applications and business processes. Given all the systems,
applications, networks, domains, user accounts, locations, etc. that IdM must manage, it would be easy to
assume that simplified interoperability is a core capability of every Identity Management solution. Not true.

The Identity market has been evolving over the last decade. The standard vendor approach to creating
Identity products has been to develop and / or acquire various vertical applications, such as password
management, provisioning, compliance, etc., as the market evolved. Vendors continue to invest
inordinate amounts of time and resources integrating these disparate components (see Figure 1) without
providing additional value, such as interoperability across enterprise systems. Without interoperability as
the foundation, IdM solutions cannot easily cross firewalls, domains or enterprises, and are far too
complicated and expensive to support in a managed-services environment. As a result, the client must
settle for a very expensive and highly inefficient on-premise solution that is generally not flexible enough
to extend to the entire enterprise. This is validated by numerous customer experiences and analyst
reports which cite the struggles of organizations to deploy and maintain their IdM solutions while failing to
obtain the expected ROI and other business results.



























Figure 2 illustrates the impact of using standard IdM solutions to provision new employees. Automated
provisioning and compliance are enabled only within the domain where the Identity solution resides.
Outside the domain, account creation, policy / separation of duties (SoD) validation, auditing, etc. must be
performed manually, or by replicating expensive and inefficiently scripted point products. The result is
non-compliance, low quality, high labor costs, lost productivity, delays, and increased risk. By definition,
Identity as a Service must traverse domains since a Service Provider must perform IdM remotely for
people and resources at client sites, which means IaaS is not feasible with traditional IdM architectures.
Figure 1:
Standard Identity
Management
Architecture: Fuse
Disparate Applications


Fischer International Identity: Identity as a Service (IaaS) 3




























The Viability of Identity as a Service (IaaS)

The viability of IaaS is contingent on the technology. Specifically, the Identity Management solution
must have the following attributes and capabilities:

Highly interoperable with both web services-enabled and non-web services-enabled systems
Delivers standards-based and SOA-compliant technology
Leverages open-source technologies
Seamlessly and securely crosses domains as a single solution
Allows clients to retain their desired levels of control
Provides common administration, compliance, and audit services
Supports multi-tenancy models
Deploys rapidly and using lower-cost resources
Provides ease of change management and support
Simplifies provisioning through a robust tool that eliminates scripting and programming
Securely enables remote deployment and management

Figure 3 depicts an identity solution with the capabilities necessary for Identity as a Service. The
interoperability platform automates Identity Management regardless of the number of domains, firewalls,
or the complexity of each organization's IT environment. It also incorporates the entire enterprise, from
older legacy systems to "state-of-the-art" web services-enabled applications. Enterprises served by this
solution derive benefits as if widespread adoption of standards (SOA, SAML, SPML) has already
occurred, regardless of whether any of these standards have actually been utilized by the connected
systems and applications. This architecture also leverages open-source technology as well as virtual
environments and can be configured to deliver robust services at an affordable cost.
Figure 2:
Provisioning a New
Hire Employee Using
a Standard Identity
Management Product


Fischer International Identity: Identity as a Service (IaaS) 4





















Fischer Identity is built on the only architecture that addresses the business requirements for Identity
Management and the only architecture that makes Identity as a Service viable.


Summary

Identity Management is a strategic technology, and one that most organizations are planning to deploy
within the next 18 months. Advances in Identity technology make IaaS a viable sourcing alternative.
Now, organizations can benefit from this robust and affordable alternative to expensive IdM software-as-
a-product product deployments. Organizations that adopt IaaS can significantly expedite and automate
compliance and reporting, simplify business processes between partner organizations, as well as
provision and manage clients, employees, and partners access rights via a secure on-demand solution.
IaaS enables organizations to realize the full value of Identity Management by simplifying what has
traditionally been a very complex and costly proposition.

Rene Bacherman is President and CEO of Fischer International Identity, LLC. Fischer's flagship product,
Fischer Identity, is the only Identity Management solution designed to enable cross-domain
provisioning, IaaS, and Managed Identity Services.

Figure 3:
Identity Management
as Service (IaaS)
Architecture
























































Fischer International Identity
3073 Horseshoe Drive South
Naples, Florida 34104
239-643-1500
www.FischerInternational.com


Document MCW-06-151C: April, 2008

2008 Fischer International Identity, LLC. All rights reserved.
Fischer International, Fischer International Identity, Managed Identity Services, Identity as a Service, IaaS, the Fischer International
Logo, Global Identity Architecture, DataForum, Fischer Global Provisioner, Built for Business...Yours, and all other Fischer product
or service names are the trademarks and/or registered trademarks of Fischer International. All other company, product, or trade
names are the property of their respective owners.
Built for BusinessYours