Top 10 Legacy IAM Challenges Holding Back Your Enterprise

Top 10 Legacy IAM Challenges Holding Back Your Enterprise

February 5, 2018
Andrew Goodman
Sr. Product Marketing Manager

As an identity and access management (IAM) professional, you know that legacy systems such as CA Siteminder, Oracle Access Manager and RSA Access Manager weren't designed to handle today's business environment. Consider how much the landscape has changed in recent years:


  • APIs have seen explosive growth. Forbes dubbed 2017 "The Year Of The API Economy1," and with good reason. Public APIs alone shot up from roughly 5,000 three years ago2 to more than 19,000 and counting today3.
  • Enterprises are shifting from traditional environments to the cloud at an astonishing rate. McKinsey's IT-as-a-Service Cloud and Enterprise Cloud Infrastructure surveys4 demonstrate that enterprises are transitioning IT workloads "at a significant rate and pace to a hybrid cloud infrastructure, with off-premises environments seeing the greatest growth in adoption."
  • Remote employees are increasingly common. In a decade, the number of remote workers jumped 115%5, making the traditional workplace firewall progressively unpractical for a significant percentage of employees.


Throw in a rise in complex partnerships, the surge in mobile apps and BYOD, and it becomes clear that your identity and access management solution won't keep up in this fast-changing world.


But what are the biggest reasons organizations are replacing their legacy identity systems? In this four-part blog series, I'll look at troublesome capability gaps within legacy web access management (WAM), directory and multi-factor authentication (MFA) technologies. I'll also go into detail on why the administrative, hardware and productivity costs of these solutions add up to more than you bargained for.

We begin with legacy web access management solutions.

Three Critical Web Access Management Problems

Click here to see the full infographic

Problem #1: Difficulty protecting resources in the cloud

The worldwide cloud services market will expand to the tune of $305.8 billion this year, according to a recent Gartner study, and this shift to the cloud comes with benefits such as scalability, customization, mobility and more. But common on-premises legacy WAM deployment, with its heavy infrastructure footprint, is difficult to replicate in a cloud environment.

Therefore, protecting cloud resources will demand a complex lift and shift on the part of IT. Mirroring the heavy database infrastructure for session storage, policies and encryption keys is complex and expensive to manage. And leaving policy servers on site creates latency from the VPN to the cloud and leaves you with infrastructure you no longer want to manage.

A modern IAM solution, however, is lightweight and cloud-ready. It provides cross-domain access security with a proxy (access gateway), or an agent-based approach allowing you to deploy access security without making DNS or network changes. And it's able to scale, whether your resources are hosted on-premises or in the cloud.

Problem #2: Trouble securing RESTful services and APIs

Web access management (WAM) solutions were designed to protect simple web resources hosted in enterprise data centers, and they do that job well. But the WAM solution of yesterday falls short when it comes to today's requirements, and one area in which that is painfully clear is RESTful services and APIs.

Legacy WAM solutions generate proprietary cookies and tokens, and today's native mobile apps and REST APIs have difficulty translating these tokens. This expands the need for custom development with each web service you wish to protect, further locking you into a solution not built for today's challenges. An ever-growing pile of technical debt can quickly become an urgent problem considering today's shortage of cybersecurity talent.

Given that an estimated 81.5% of total APIs are REST APIs, the ability to secure RESTful APIs is essential to your digital enterprise. A modern access management solution provides the flexibility your organization needs to support this rapidly proliferating group of programs and services.

Problem #3: Limited partner and customer access

As companies consider an expanding need to give not just employees but also their customers and partners seamless and secure access to internal, cloud and third-party applications, they need a nimble, flexible and scalable IAM solution to support their business drivers.

Many of our customers who use a legacy WAM solution like CA Siteminder for their employee access to web applications have found that the solution does not allow them to quickly connect their partners and customers to a host of applications and services. The legacy technology requires an additional bolt-on technology to support federated single sign-on (SSO). It takes weeks or months per connection vs. hours or days--and in some cases, SSO doesn't work at all.

These days, enterprises need to balance security with convenience for their customers and partners. Striking that balance requires a scalable, high-performance IAM solution.

Boosting agility with modern access security

Legacy web access management systems are holding you back. They hamper roll-outs of APIs, mobile apps and re-deployments of apps in the cloud. Security in today's digital world requires a new approach.

Fortunately, modern access management can provide the scalability and flexibility your enterprise needs to support your larger corporate objectives. To learn how, download your copy of "The IAM Pro's Guide to Building A Business Case For Modernizing Legacy Web Access Management."

Also, be sure to keep an eye out for the next blog post in this series, on the pain points of legacy directory solutions.