All over the world, IT departments are trying to balance security concerns with continuous demands to streamline IT, reduce costs and respond to new business opportunities. It's no surprise that IT managers focus on three key areas:
protecting resources spread across enterprise and cloud
enabling a workforce that increasingly uses mobile devices
ensuring they're operating securely in an API economy
The natural place to turn is your organization's access management solution, but this solution often compounds your security issues instead of alleviating them.
Legacy web access management (WAM) products weren't designed with cloud infrastructure and mobile computing in mind. Most were developed nearly 20 years ago before cloud and mobile were part of the landscape, so this makes perfect sense.
It's also no surprise then that their architectures are outdated and increasingly brittle, leaving IT with a management nightmare and a never-ending money pit of upgrades.
Over the next several weeks, this blog series will cover these topics:
Identifying the deficiencies commonly seen in traditional access management systems from vendors like CA and Oracle, leaving them unable to support today's business models and IT initiatives.
Providing migration strategies to painlessly transition from WAM to a modern, extensible access management solution.
Detailing technical strategies for authentication during the transition to modern access management.
Exploring an Identity Defined Security approach in terms of SaaS, IaaS, APIs and expanded customer and partner access.
For starters, let's dive into the first two.
Deficiencies in Traditional Access Management Systems
CA and Oracle offer comprehensive and highly customizable WAM solutions for internal users and applications deployed within a firewall. But that customization and complexity works against you when you're tasked with new initiatives across cloud, mobile and APIs.
As applications move to the cloud, the complexity, use of proprietary protocols and chatty behavior of web agents and policy servers stand between you and success. Specifically, issues come up when connecting agents or proxies deployed at the IaaS back into on-premises policy servers. This results in costly network operations that increase request latency and significantly degrade user experience. Trying to move policy servers into the IaaS shatters an otherwise brittle system that is not prepared for an IaaS deployment. Ultimately, attempting to extend to IaaS is expensive, and it undermines the money you're trying to save. To learn more, watch our Cloud Readiness webinar.
Traditional Perimeter-driven IAM vs. Identity Defined Security
As you look to support native mobile applications and APIs, you're bound to uncover additional deficiencies in your legacy WAM. When new applications are deployed or older applications are upgraded, they introduce new APIs to support mobile applications and enable server-to-server communication. Older architectures weren't meant to protect these types of services. To retrofit, you'll need to deploy additional products or embark on an expensive upgrade to a higher-level suite. As a result, IT has to manage separate management tools, policies and datastores.
In sharp contrast, we've architected the Ping Identity Platform with Identity Defined Security practices to secure applications wherever they're deployed. Our Federated Access Management solution brings together multi-factor authentication (MFA), single sign-on (SSO), federation and web and API access management. Lightweight identity standards and protocols are used to support both on-premises IAM deployments and IaaS deployments. No matter how much IaaS your organization has adopted, Federated Access Management (FAM) can secure your applications and enable their migration to wherever is most cost effective.
Our FAM solutions directly address the shortcomings you face with your traditional WAM. FAM combines web and API access management into one package, where a single set of authorization and authentication policies are applied to both. This completely removes the duplication and complexity of two separate systems, as found in CA's WAM. Plus, it removes the need for a costly upgrade if you're using Oracle technology. To learn more about how legacy WAM products compare to Ping Identity's solution, see our comprehensive side-by-side comparison.
If you're still not convinced that it's time to rethink your legacy WAM, stay tuned. In the next article of this series, you'll learn just how easy it can be to migrate toward a modern access management solution.
Want to learn more about Identity Defined Security? See how it stacks up here.