The cloud dominates today's technology conversations. It is the new paradigm for flexibility, scale and cost management. As these concepts mature, companies start favouring a hybrid approach for their technology strategies. Some systems are better suited to stay on-premises, while others are a natural fit for the cloud.
Then there are technologies where the choice to migrate might seem easy yet is instead full of ambiguity. Identity management is one such area - it may appear as a clear candidate for cloudification, but companies soon discover a more complicated situation.
"I often meet with companies that started a transition towards cloud identity management but then realise it's not a seamless process," says Paul Green, Principal Consultant at Performanta. "They expected a one-for-one transition. But identity management depends on a company's specific requirements and setup. Since identity integrates with many other systems, shifting to the cloud might not work out very well. It can - but it's a question of good design and not just picking the right products."
Good identity management design
Is the cloud a good choice for identity management? That depends on your environment and how different systems interact with each other. Green highlights several scenarios that impact these choices:
Legacy: Identity management for legacy systems can struggle if they rely too much on the cloud.
Established ID systems: It's tricky to duplicate established on-premises management systems into the cloud.
Customisation: On-premises identity management systems often offer more customisation and integration scope than cloud alternatives.
Systems relationships: Identity management systems interconnect with other services, often HR systems, to verify identities and permissions - maintaining these relationships in a cloud migration could be difficult.
"I'm definitely not saying you shouldn't use a cloud-based identity management system," Green explains. "But the transition between the two is not one-to-one. Cloud systems have great advantages: they are quicker to deploy and they are very flexible for things such as remote working. But this market is still maturing its capabilities and you can't do everything in the cloud as you can with an on-premises system."
The disparity between on-premises and cloud identity management isn't only about capabilities and features. Identity Management is a process that engages several systems, and their relationships with each other often dictate how the process works.
"Let's say you use an HR system to help manage identities. If that HR system is on-premises, using a cloud identity service can be cumbersome. But if you are using a cloud-based HR platform, integrating with an on-premises management system poses different problems. There is also a lot of scope in the middle - you can authenticate cloud-based permissions with on-premises identity management or use cloud identity authentication to authorise access to on-premises systems. It's this variability that catches people off guard. They expect a simple transition then run into design complications and insufficient future-proofing."
The future of identity management
Since identity is emerging as the dominant control play for digital environments, identity management has evolved into a fundamental part of technology and security strategy. This is clear if you look at the plans of Microsoft:, says Green:
"Microsoft recognises the convenience of the cloud. They recognise the power of the cloud and why customers would try to shift as many workloads as possible to the cloud. Today, you can administer things like access reviews and governance directly from the cloud. But they also recognise that identities often need to coexist both on premises and in the cloud. And therefore, the identity management solution needs to facilitate that."
This complexity also explains why well-established solutions such as the Microsoft Identity Manager haven't simply dropped on-premises in favour of the cloud. It's more complicated than that - and companies will avoid headaches if they aim at identity management fit for a hybrid environment.
"While we are moving more towards the cloud, it's not just a question of adopting a new service. There are several factors to consider including whether you should be going cloud-native in the first place. When I have a conversation with a customer, it's around digging into what the requirements are. A cloud-native solution isn't impossible. But I need to understand what systems they have, where those systems authenticate, whether they're legacy or newer."
Identity management is the critical piece of every secure hybrid environment. It mitigates threats from cybercrime and employee negligence, and it provides reliable access to company systems for people in the office and elsewhere.
Taking identity management into the cloud can be compelling and even a great strategy. But don't mistake it for flicking a switch. You'll run into unexpected complications and struggle to deliver a future-proof identity environment suited to your organisation's growth. Talk to experts such as Performanta, and get your identity management right the first time.