Enterprises aspire to free themselves of IT infrastructure, but they're still responsible for identity and access management.
Many IT leaders dream of getting out of the IT business. This means moving the enterprise to a "cloud first, mobile only" environment.
The "cloud first" concept means getting out of the data center business and leaving it to the organizations and solutions that are optimized for managing those environments and applications. And because the majority of enterprise employees are mobile and highly distributed, "mobile only" is a simple fact of business today.
Research firm IDC predicts that 70% of companies will embrace a cloud-first strategy by the end of 2016, up from 55% today.
Netflix, for instance, has decided to close its final data center and operate entirely in the cloud. The video provider's streaming business had been 100% cloud-based for customer-facing systems "for some time now," according to a company statement in The Wall Street Journal. But it completely retired its data centers this summer.
The Weather Company has also redesigned its big data platform, forecasting systems and applications to run natively in a cloud environment. The company said that this strategy allows them to scale while maintaining control over the environment and costs, and to create developer-friendly APIs that teams can use to create new products without worrying about infrastructure.
Alaska Airlines built on its cloud-first, mobile-only vision using Microsoft's Azure platform to take an existing employee-facing web app to devices, making it available to its highly mobile workforce wherever they are.
"We don't want to maintain the underlying infrastructure--the OS, patching, upgrading and all that," said Mike Lorengo, director of app architecture, in a recent presentation. "Instead, we want to focus on delivering business value quickly." The airline now has five apps running and plans to add more.
Even gate agents will have mobile devices vs. terminals to be able to move out from behind the counter and help customers more easily with tablets or mobile devices. Native mobile applications are the preference for all applications. They may use a web form, but they still rely heavily on APIs to give a simple, compelling user experience.
In all of these cases, identity and access management is critical to the success of the cloud first, mobile only initiative.
No doubt, cloud infrastructure requires a level of security beyond the capability of most on-premises deployments. However, cloud providers stress that security is a shared responsibility between vendors and customers. Vendors have an obligation to ensure data centers are built to the highest level of reliability and security, but it's also on the enterprise to ensure they use best practices in areas they have control over, such as authentication and access control, which are beyond the control of the cloud vendor.
What's wrong with traditional web access management (WAM) systems?
Traditional WAM systems are not designed to secure apps outside of the corporate firewall. Most of these systems use an agent-based architecture, where the agent or plug-in must be installed on the web/application server as a means to provide access. This architecture works inside the firewall but does not scale as apps migrate from data centers to cloud environments.
Today's access management solutions must be able to handle access and security demands as applications move to the cloud. The solution should be lightweight, with centralized policy for all internal and cloud-based web, mobile and API resources. It should support both a proxy (or gateway) architecture as well as lightweight agents that can be deployed anywhere, including cloud environments like AWS.
Industry analysts say that while many companies are blazing trails to the cloud, it may take a decade for other companies to move existing apps to SaaS or cloud-hosted environments. In the meantime, hybrid environments will dominate the enterprise landscape and require access-security solutions to match. Check out Ping's Identity Defined Security solution, and you'll see how you can secure access to enterprise data in harmony.