WHITE PAPER Identity as a Service A simple solution to a complex problem
Rene Bacherman President and CEO, Fischer International Identity
Fischer International Identity: Identity as a Service (IaaS) 1 Introduction
Today's competitive and pressure-filled business climate has created the need for organizations to spend more time managing technology with fewer resources and lower budgets. Outsourcing is one way that this issue is being addressed. However, most outsourcing models still incorporate traditional licensing and traditional software deployment. Software as a Service (SaaS) is a sourcing alternative that has become increasingly more popular among organizations of all sizes. According to Gartner, SaaS will grow seven times faster than on-premise software deployments [through 2009]. SaaS provides the required functionality without the burdens of licensing, implementing, managing, and updating software. SaaS, which is used interchangeably with software on-demand, is already more pervasive then most people realize. Salesforce.com, WebEx, and Fidelity Investments 401K.com are among the best known examples of SaaS on the corporate side. eBay is prominent on the consumer side and might well be the largest provider of software on-demand.
SaaS provides many additional benefits compared to other delivery models. They include:
Increased service levels Lower investment cost Shorter time to value Improved business continuity and disaster recovery Better access to advanced capabilities Less risk
The most common SaaS offerings are business applications such as messaging, CRM, ERP, and HR, as well as security applications such as threat management, end-point security, and virus protection. While clients derive significant value from application technology as a service, interoperability technology as a service provides exponential value. This paper addresses the challenges, value, and viability of interoperability technology as a service, and specifically, Identity as a Service (IaaS).
Infrastructure Technology as a Service
When architected correctly, infrastructure technology provides enterprise interoperability, which is required to transform application technology stovepipes into a cohesive platform for efficiently managing business processes. Interoperability brings organizations the benefits of uniform services, global acceleration, reduced complexity, and remote management, while securely and affordably enabling additional strategic services.
Generally, interoperability comes at a high cost: an extensive integration effort, especially across domains. The cost and complexity of integrating disparate applications and infrastructure components is often so great that it negates any value. For this reason, Global Outsourcers and Service Providers have been slow to adopt infrastructure technologies as lines of business.
Ideally, infrastructure technologies would quickly and cost-effectively interoperate with local and remote systems and fully leverage contemporary standards such as SOA to further reduce integration time and cost. Additionally, they would be able to run within open-source environments to predict and minimize ongoing operational costs. A technology with these attributes would eliminate the barriers to entry for offering infrastructure technology as a service.
Fischer International Identity: Identity as a Service (IaaS) 2 Case in Point: Identity Management
Identity Management (IdM) enables organizations to automate the management of identities, access rights, and resources across multiple IT applications and business processes. Given all the systems, applications, networks, domains, user accounts, locations, etc. that IdM must manage, it would be easy to assume that simplified interoperability is a core capability of every Identity Management solution. Not true.
The Identity market has been evolving over the last decade. The standard vendor approach to creating Identity products has been to develop and / or acquire various vertical applications, such as password management, provisioning, compliance, etc., as the market evolved. Vendors continue to invest inordinate amounts of time and resources integrating these disparate components (see Figure 1) without providing additional value, such as interoperability across enterprise systems. Without interoperability as the foundation, IdM solutions cannot easily cross firewalls, domains or enterprises, and are far too complicated and expensive to support in a managed-services environment. As a result, the client must settle for a very expensive and highly inefficient on-premise solution that is generally not flexible enough to extend to the entire enterprise. This is validated by numerous customer experiences and analyst reports which cite the struggles of organizations to deploy and maintain their IdM solutions while failing to obtain the expected ROI and other business results.
Figure 2 illustrates the impact of using standard IdM solutions to provision new employees. Automated provisioning and compliance are enabled only within the domain where the Identity solution resides. Outside the domain, account creation, policy / separation of duties (SoD) validation, auditing, etc. must be performed manually, or by replicating expensive and inefficiently scripted point products. The result is non-compliance, low quality, high labor costs, lost productivity, delays, and increased risk. By definition, Identity as a Service must traverse domains since a Service Provider must perform IdM remotely for people and resources at client sites, which means IaaS is not feasible with traditional IdM architectures. Figure 1: Standard Identity Management Architecture: Fuse Disparate Applications
Fischer International Identity: Identity as a Service (IaaS) 3
The Viability of Identity as a Service (IaaS)
The viability of IaaS is contingent on the technology. Specifically, the Identity Management solution must have the following attributes and capabilities:
Highly interoperable with both web services-enabled and non-web services-enabled systems Delivers standards-based and SOA-compliant technology Leverages open-source technologies Seamlessly and securely crosses domains as a single solution Allows clients to retain their desired levels of control Provides common administration, compliance, and audit services Supports multi-tenancy models Deploys rapidly and using lower-cost resources Provides ease of change management and support Simplifies provisioning through a robust tool that eliminates scripting and programming Securely enables remote deployment and management
Figure 3 depicts an identity solution with the capabilities necessary for Identity as a Service. The interoperability platform automates Identity Management regardless of the number of domains, firewalls, or the complexity of each organization's IT environment. It also incorporates the entire enterprise, from older legacy systems to "state-of-the-art" web services-enabled applications. Enterprises served by this solution derive benefits as if widespread adoption of standards (SOA, SAML, SPML) has already occurred, regardless of whether any of these standards have actually been utilized by the connected systems and applications. This architecture also leverages open-source technology as well as virtual environments and can be configured to deliver robust services at an affordable cost. Figure 2: Provisioning a New Hire Employee Using a Standard Identity Management Product
Fischer International Identity: Identity as a Service (IaaS) 4
Fischer Identity is built on the only architecture that addresses the business requirements for Identity Management and the only architecture that makes Identity as a Service viable.
Summary
Identity Management is a strategic technology, and one that most organizations are planning to deploy within the next 18 months. Advances in Identity technology make IaaS a viable sourcing alternative. Now, organizations can benefit from this robust and affordable alternative to expensive IdM software-as- a-product product deployments. Organizations that adopt IaaS can significantly expedite and automate compliance and reporting, simplify business processes between partner organizations, as well as provision and manage clients, employees, and partners access rights via a secure on-demand solution. IaaS enables organizations to realize the full value of Identity Management by simplifying what has traditionally been a very complex and costly proposition.
Rene Bacherman is President and CEO of Fischer International Identity, LLC. Fischer's flagship product, Fischer Identity, is the only Identity Management solution designed to enable cross-domain provisioning, IaaS, and Managed Identity Services.
Figure 3: Identity Management as Service (IaaS) Architecture
Fischer International Identity 3073 Horseshoe Drive South Naples, Florida 34104 239-643-1500 www.FischerInternational.com
Document MCW-06-151C: April, 2008
2008 Fischer International Identity, LLC. All rights reserved. Fischer International, Fischer International Identity, Managed Identity Services, Identity as a Service, IaaS, the Fischer International Logo, Global Identity Architecture, DataForum, Fischer Global Provisioner, Built for Business...Yours, and all other Fischer product or service names are the trademarks and/or registered trademarks of Fischer International. All other company, product, or trade names are the property of their respective owners. Built for BusinessYours