What is Web Access Management (WAM)?

Web access management (WAM) is a form of access management that authorizes users for web applications. Prevalent in the 1990s and 2000s as web applications became more mainstream, WAM solutions provided enterprises much needed control to ensure that the appropriate users had access to the right web-based applications. However, with the rise of APIs, mobile and cloud-based applications, WAM solutions are becoming less able to handle modern enterprise business demands.

Migration from legacy web access management to modern identity and access management (IAM) solutions solves the problems associated with products at the end of their lifecycle. IAM reduces costs, increases security and performance, improves flexibility and scalability, and provides a better, more reliable user experience. Let’s review the history of WAM and why transitioning to a modern IAM solution is important.

A common legacy WAM deployment architecture would control application access by deploying agents (small software packages or plugins) on each web server, so that the agents can communicate back to centralized policy servers to enforce access control.

This deployment approach was designed to secure web resources hosted on-premises in enterprise data centers. In these environments, you could install and upgrade agents on server resources that you controlled, and the network traffic between agents and centralized policy servers also occurred on local networks you controlled.

Legacy WAM products born in the 1990s and 2000s have largely failed to keep up with modern business requirements and have been lacking in innovation. During this time, modern access management solutions were developed to specifically address the rise of APIs, mobile and cloud. Because WAM came from a different era and was built to solve different types of problems, it's not best suited to solve modern access issues. In the cases where a legacy WAM solution is functionally able to provide a solution, the end result is typically fragile and expensive.

WAM solutions that can still be purchased today are typically just upgraded and patched, without new product releases. Some of the most well-known solutions even have official end-of-life dates, forcing enterprises who use those solutions to seek out vendors with modern IAM solutions.

The original WAM solutions were built when smartphones didn't exist and the vast majority of enterprise IT infrastructure resided on-premises. Why does this matter? Because security concerns were quite different at that time. Internet connections were slower, employees didn't work from their mobile phones and work was typically done at an office within a secured network perimeter.

But as Internet bandwidth and connectivity improved, employees started to use mobile phones everywhere and access their work applications in the cloud. The shift from corporate offices to working from home, coffee shops and other public places started before the pandemic, and the traditional model of network perimeter-based security became less relevant. During the pandemic, working from home to access resources and conduct online meetings using personal devices became common when corporate-issued devices weren’t available. Those same devices were used for shopping online, connecting through social media and other activities that used cloud-based applications and APIs.

While legacy WAM products were designed during the days of network perimeter-based security, modern access management solutions have been designed in the age of mobile, cloud and identity-driven security.

The legacy WAM approach encounters limitations when you don't have the same control over remote cloud-based apps, mobile apps or APIs. Modern access management solutions control access to all these different apps and APIs by supporting agent-based and proxy-based deployment models. A proxy-based model alleviates the need for installing agents on each server, and instead routes all access requests through a centralized server that leverages standard communication protocols like HTTP or HTTPS.

This option provides additional flexibility for situations specific to an enterprise's current and future needs. Learn more about modernizing your access management solution in this short video.

Modern access management also supports and integrates with other complementary identity and access management (IAM) capabilities. As identity-driven security grows in importance, modern access management solutions integrate seamlessly with advanced multi-factor authentication (MFA) and single sign-on (SSO) solutions. Today's modern access management solution provides authorization for a user to access a wide range of on-premises and cloud-based apps and services, while MFA and SSO provide secure authentication to ensure users are who they say they are. Modern solutions are also becoming increasingly intelligent and can use a variety of criteria to determine whether or not to grant access to a user.

Given the investment you have already made in your legacy web access management (WAM) solution, you may be hesitant to move to a newer solution. Top reasons to make the move include:

Extended Capabilities with Modern IAM Solutions

Users need to access on-prem, SaaS, API and/or cloud services from any device at any time. Modern IAM solutions are broader in scope than legacy options and offer centralized administration.

Capabilities of IAM include:

• Authentication and single sign-on (SSO)
• Access security and management
• Directory
• Identity verification
• Consent collection and data privacy management
• Risk management
• API security

With a bundled single sign-on (SSO) and multi-factor authentication (MFA) solution, your IT team only needs to learn one new tool for centralized administration. Modern IAM options are available for customers (CIAM), employees and partners, which can be integrated for a holistic solution.

Scalability and Lower Costs with Modern IAM

IAM solutions are available for hybrid environments, making the transition to the cloud easier. A cloud-based solution, cloud IAM, eliminates the need for expensive, on-prem equipment and in-house experts. IAM can also be purchased on a subscription basis with an Identity as a Service (IDaaS) provider, allowing you to scale quickly for new customers and employees. WIth improved authentication and access control, you limit threats and attack vectors.

Lack of Vendor Support Increases Risks and Costs for Legacy WAM

Vendors have stopped investing in older platforms, which puts the burden on your team to build and maintain custom integrations. It can be difficult to find experts to work on legacy products, which are more vulnerable to security flaws and the latest threats and attack vectors. Regulatory compliance can also be a challenge with legacy systems, and penalties for non-compliance can be expensive and damage your reputation.

Reduced Speed and Agility with WAM Systems

WAM cannot easily bridge between on-premises and cloud-based resources, which limits your deployment, infrastructure architecture options and ability to integrate with newer solutions. WIthout WAM vendors investing in new products and services, your ability to provide employees, customers and partners with seamless, secure access to resources will continue to suffer. Newer authentication technologies, such as Google Authenticator and Touch ID, and customer engagement tools may not be compatible with legacy systems.

Modern IAM Improves the User Experience

Modern IAM improves the employee and customer experience and increases workforce productivity. IAM allows for faster rollouts of new apps and services, and a personalized customer journey. With SSO, IAM also reduces reliance on passwords for multiple accounts, minimizing the need for frustrating, time-consuming password resets. Modern IAM also supports MFA and the shift from passwords to passwordless authentication.

Modern IAM Supports Evolving Industry Protocols

Modern IAM solutions work with standard industry protocols, including OAuth 2.0, SCIM, FIDO2, JWT, and OpenID Connect. These protocols are used to facilitate token-based authentication and the move to passwordless authentication.

The rapid improvements in technology have enabled a new breed of modern access management solutions, and also dictated the need for a successor to legacy WAM. Some WAM products already have official end-of-life dates while others continue to operate on a patch-and-fix model. On the other hand, modern access management solutions continue to innovate and make use of new technologies, such as GPS on mobile devices to provide context-based access policies.

Watch this brief video to see how a modern IAM solution simplifies administration and brings together your portfolio of applications.

Enterprises have an increasingly diverse portfolio of applications spanning SaaS, public cloud, private cloud and on-premises software. Modern access management solutions are designed to be flexible to handle these diverse portfolios and future business growth. In the end, this provides an improved user experience, improved security and a more scalable solution than legacy WAM.

Learn more about modernizing your legacy system and the benefits of modern access management.