The last time I witnessed a reboot of identity and access management (IAM) infrastructure was 1996. Web applications had taken hold and intranets and extranets were buzz words. The security industry responded with web access management (WAM), provisioning, strong authentication and directory services. The industry has since built on these technologies to deliver identity federation, risk-based authentication and identity and access governance. All these IAM technologies have served us well but a wave of new developments has revealed the need for a rethink:
- Web Access Management tools are struggling to keep up with exponential growth in number of users and applications (especially SaaS apps) as well as mobility of users. Static authentication and access policies are just not suitable for a highly dynamic set of access patterns and ever-changing risk profiles.
- Provisioning technologies that operate on the principle of taking user information from one system and replicating it somewhere else are reaching their productivity limit as large numbers of applications are delivered from the cloud. Provisioning systems were built to operate within a corporate network boundary.
- Organizations are experiencing the substantial burden of integrating identity federation with dozens of cloud services. Every organization is duplicating the repetitive tasks required to establish identity integration with every cloud service.
Our challenge is to leverage and enrich the existing IAM tools to deliver the foundation for tomorrow’s IAM. We believe this can be done. We know this can be done. Today, RSA has announced availability of three solutions that demonstrate how RSA is delivering the IAM infrastructure for the next 15 years.
- RSA has already integrated the RSA Access Manager (WAM) technology with RSA Adaptive Authentication (risk-based authentication). We are pleased to announce that this integration has been deepened to add the ability to authenticate users using one time passwords sent via out-of-band email. The combination of WAM and risk-based authentication represents a new breed of risk-aware web access management that is enabling organizations to confidently roll out clouds for consumers and partners.
- As identities grow in number and richness of context, the ability to provide a single source of truth about the user will become one of the most fundamental building blocks of IAM infrastructure. RSA has entered the identity management market by offering the RSA Adaptive Directory. This is a familiar technology –virtual directory – that will be immensely important as the foundation upon which other IAM apps will depend. In the context of the new IT, it will enable organizations to harvest identity information across the enterprise and expose it securely and flexibly to partners and cloud services.
- Last year at RSA Conference, we announced the RSA Cloud Trust Authority (CTA) that would enable a new efficiency by providing the function of a cloud-based access broker. Today, we have released the first component of the IAM component of CTA – RSA Adaptive Federation. This is a federation-as-a-service product that would enable unprecedented ease of use and minimize the effort required for integration with SaaS apps.
Seen in isolation, these technologies are very effective but the sum of these solutions is certainly larger than the parts. We call this sum Adaptive IAM. Adaptive in the face of cloud and mobile. Adaptive in the face of ever-changing risk profiles. Adaptive in the face of the increasing number and richness of identities.
We, at RSA are lucky to have the opportunity to build on a great legacy and deliver the future. These new solutions are only the beginning.