How Capital One Put Identity in the Cloud
Identity is an essential part of organizational digital strategy and plays a key role in ensuring goals are met with regards to employee experience, technology integration and security. With the emergence of SaaS and cloud technologies, as well as an increasingly remote workforce, identity security is mission critical for every organization—and achieving it often appears to require a choice between one of two types of solutions: identity as a service (IDaaS) or software.
At a high level, IDaaS is a cloud identity solution that requires no infrastructure and offers companies tremendous time to value without any maintenance requirements. An on-premises software solution, on the other hand, delivers value in the form of scalability, performance and customization to handle enterprise environments, and is a reliable fit for enterprises that require maximum uptime and control.
However, choosing between these deployment options doesn’t have to be a binary decision. In the enterprise segment where legacy resources remain prevalent, pure IDaaS options may need to be extended with on-premises, perhaps due to regulatory and compliance requirements or uptime mandates. And for those enterprises that require simplified application management, pure identity software options may need to be joined with cloud deployments to achieve agility, innovation and automation benefits.
You should be able to choose a solution that allows you to blend these deployment options to fit the best needs for your enterprise architecture. You should be given independence and choice to switch between models and control where your identity is deployed. That’s what Capital One did when they moved their Ping Identity infrastructure to the cloud on AWS, and through this process, effectively accomplished workforce identity transformation.
Capital One’s Journey
Capital One was already a Ping customer when they decided to move their identity infrastructure to the cloud as part of an internal cloud-first initiative. The bank had multiple instances of Ping software spread across various regional datacenters and initially tried to place those versions into an AWS environment. But the process was cumbersome, and they wanted to automate it and simplify the manner of applying changes at that scale.
The bank quickly settled on containerization as the method to deploy our software in their AWS cloud. In doing so, they were able to achieve identity automation for when instances of Ping needed to be spun up to meet demand. By the same token, when demand waned, automation enabled instances to spin down to keep costs under control.
Operational improvements were also significant. The team was able to respond more quickly to onboarding needs by enabling self-service application onboarding and management for developers and eliminating repetitive, manual tasks.
This was all accomplished without sacrificing any control or uptime. Resources can be brought online or offline in rapid succession, especially compared to traditional deployments—when you notice an issue you can fix it and push it live while meeting uptime goals. Capital One also manages all their environments from a single point of visibility, which has improved the efficiency of the team and allowed them to tackle more strategic work.
The details of how the Capital One team was able to successfully and securely shift their Ping Identity infrastructure to the cloud on AWS will be detailed in our upcoming webinar “Capital One’s Cloud Security Journey with Ping Identity on AWS.”
Ping’s Three Cloud Your Way Options
Like Capital One, many organizations—even large enterprises—see the value of cloud deployments and some even have “cloud-first” internal mandates. They want to reap the deployment benefits of IDaaS but don’t want to sacrifice the control and customization benefits of software. At Ping, we recognize our clients’ long-term cloud vision and their diverse requirements. That’s why we have provided different cloud deployment options to suit your organizational needs and enable you to switch accordingly.
Express Cloud
An IDaaS solution for rapid and easy deployment, PingOne allows you to onboard applications and users in a matter of minutes. This is best suited for our newer organizations without a great deal of legacy infrastructure or ones that are new to Ping and want to try out our leading cloud single sign-on (SSO) and cloud multi-factor authentication (MFA) capabilities.
PingOne Cloud SSO supports thousands of SaaS applications and open standards such as SAML and OpenID Connect. PingID Cloud MFA is used by enterprises at scale, with some deployments exceeding 100K employees. With PingOne Express Cloud, you can add strong authentication capabilities without needing to set up local servers or provision hard tokens.
With PingOne Cloud, you also get access to a cloud directory and/or the option to connect to existing on-premises directories. Adaptive authentication and identity intelligence is included by default and supports a wide range of factors. Last but not least, you can extend MFA to protect your VPN.
Advanced Cloud
In the best-of-both-worlds approach between IDaaS and software, our software is hosted in a single-tenant cloud in AWS that gives you the ultimate control and privacy without having to worry about the maintenance of an on-premises deployment. You can manage your identity infrastructure through a single interface.
PingOne Advanced Services (formerly PingCloud) provide advanced capabilities via an authentication authority to centralize your identity management. An essential part of that is empowering your developers via self-service capabilities and reducing the administrative burdens on your IAM teams.
From an admin standpoint, you get the benefits and simplicity of IDaaS but the power of enterprise identity you expect from software. In some cases, you can see your spending optimized versus what you would see by deploying in a public cloud. You can meet all your operational requirements, whether they be running multiple dev environments, using regional datacenters or abiding by regulations.
Your Cloud
If you prefer to host our software in the cloud of your choice, we make that possible too via containerization. We have pre-packaged Docker images, Kubernetes orchestrations, server profiles, and reference architectures of our software. This provides organizations the ultimate flexibility and independence of deployment while enabling DevOps processes.
Containerization enables your organization to automate and scale deployment of all Ping products. You can create repeatable environments for instances where demand peaks or new applications are rolled out. The best part is that you can deploy containers to any environment and quickly move them if needed.
Ping can be deployed to all cloud environments, including the big 3. We complement many Microsoft products, including all forms of Active Directory, and support your Microsoft and non-Microsoft apps alike. We offer similar integrations for Google and support G-Suite and Google Cloud Identity.
If you’re an AWS customer, there is a specific program to take advantage of. By using marketplace credits, you can rapidly deploy Ping within your environment. Not only are we an advanced AWS technology partner but we also leverage AWS for the deployment of our own cloud infrastructure. For more info visit us on the AWS marketplace.
Accelerating Your Cloud Strategy
At Ping, we believe that you don’t have to choose all or nothing when it comes to identity. Hybrid IT is a reality for almost every large enterprise, where resources are stretched across SaaS, cloud and on-premises datacenters. IAM solutions designed with hybrid IT in mind can deliver much needed agility, security and productivity for your enterprise.
But don’t just take our word for it. Tune into the replay of our webinar with Capital One to learn first-hand about their journey of putting Ping in AWS.
