a good thing!
There was a time when tools like CA, IBM and Oracle were the de facto standards for access management, promising greater productivity and security. But just like the flip phone was once the pinnacle of mobile phone technology, those days are long gone. And even specialized in-house or custom-built IAM tools grow more obsolete by the day as new digital resources become more diverse and threat vectors expand.
Giving an increasingly diverse and remote workforce access to corporate resources also presents security challenges. You need to make access consistent and convenient, but you can’t do so at the expense of security. Meanwhile, you’re also being asked to support access from multiple devices, including personal ones, which introduces new risks.
The traditional enterprise approach would enlist the use of a VPN for remote access. But in today’s threat landscape, the use of VPNs can cause more problems than they solve. Because they grant users access to large segments of the corporate network, VPNs can expose an employee to more resources than their role requires or warrants. This makes VPNs an attractive target for bad actors and increases the attack surface they can exploit.
The accelerated adoption of cloud technology is also forcing organizations to re-evaluate how they secure resources that reside on-premises and in the cloud. While legacy IAM solutions provide protection for on-prem resources, most struggle to extend beyond VPN or remote access, leaving them unable to support web and mobile apps, APIs, Linux or Unix servers, Windows login, offline multi-factor authentication (MFA) and other use cases.