Top 10 Legacy IAM Challenges, Part 2: Achieving a Secure, Stable Directory
In part 1 of this blog post series, I demonstrated just how much the business environment has changed recently and how legacy web access management systems struggle to keep pace.
The impacts of these changes are widespread. A second area in which enterprises are feeling the limitations of legacy IAM systems is directory environments. As applications, devices, protocols and users multiply, and as a wider array of users access mission-critical resources, the old methods of siloed identity management generate unacceptably large organizational costs in terms of security, productivity and the bottom line.
Your enterprise needs to modernize its identity infrastructure, and a key part of that process is transitioning from an outdated set of siloed, unreliable identity management systems to one that is secure, high performing and accommodating of modern initiatives.
As your business grows, so does the amount of information you collect and store--and it's happening on an astounding scale that shows no sign of slowing down. Globally, we're entering a new era of data growth with more identity data than ever before. Research firm IDC predicts that the volume of data worldwide will hit a massive 163 zettabytes by 2025, up tenfold from what it is today.
As your enterprise adds more structured and unstructured identity data to your legacy system, your directory has difficulty providing the flexibility, performance, reliability and scale you require. Constant schema overhauls kill productivity. Latency and response time worsen. So does downtime, leading to negative impact on vital business operations.
Your organization needs a modern directory that supports the needs of today and the future. It must be able to accommodate diverse attributes and unstructured data, handle growth from the increasing numbers of users, devices and applications, and have high availability through usage spikes, both expected and unexpected.
While most legacy directory systems don't have the authentication capacity for apps in the scale required for customer use cases, there's another consideration to take into account: the types of applications your organization must support.
Previously I mentioned the explosive growth of REST APIs, which web access management (WAM) solutions have trouble supporting. The issue extends to legacy directory servers. New applications and development teams often prefer developer-friendly REST APIs, which outdated directory deployments cannot support. The same is true for other modern protocols and authentication flows, including LDAP v3 and SCIM 1.1.
In addition, if you're storing partner and customer identities (and who isn't these days?), rigid schema make it difficult to incorporate attributes for their access to apps. Simply put, a legacy directory solution cannot support the requirements of modern applications.
Data breaches continue to wreak havoc on industries worldwide. According to the Ponemon Institute's "2017 Cost of Data Breach Study: Global Overview" study, the average total cost of a data breach is $3.62 million. Your organization can't afford a directory that puts you at that type of risk, but that's exactly the situation you're in with an outdated solution.
A lack of native security features, including request rate limiting, tamper-evident logging and encryption in three stages (at rest, in motion and in use), exposes your organization to the prospect of costly security breaches. And when combined with siloed, inconsistently enforced security policies and a general lack of oversight, these decentralized identity systems become gateways for stolen credentials.
A modern, secure directory solution will protect your enterprise from a diverse set of threats. It encrypts at the data layer end to end, for all three stages, and it governs access to data and monitors use with tamper-evident logging. Plus, it allows you to enable limited administrative accounts with customizable alerts, further protecting you from harm.