Curious to learn more? Register to join ForgeRock’s Damian Flannery and Keith Lax for a webinar on December 5 at 1:00 PM EST. Moderated by IdentityNORTH Chair Aran Hamilton, Making the Move from Legacy IAM to Modern Digital Identity – on Your Terms will include practical advice and resources on how to begin the modernization journey.
So long, legacy systems! In the rapidly evolving digital age, the time has come to modernize on-premises identity and access management (IAM) systems.
Across industries, organizations of all sizes are moving data and applications to the cloud, yet some still store part of their IT infrastructure on premises. These companies, as a result, are left having to maintain an environment with multiple IAM point solutions, often including a combination of legacy on-premises applications and more contemporary, cloud-based applications. This is becoming increasingly costly as well as burdensome, as end users are required to remember multiple passwords, while IT staff grapple to keep up with help desk requests and assisting with password resets.
Research from Forrester regarding IBM’s IAM Services points to a 60 per cent reduction in help desk support requests, and a 96 per cent reduction in maintenance hours to support IAM software and hardware. By moving to a cloud-based IAM program, the study noted, organizations are able to automate many of the steps that are involved in managing and assigning access rights.
Flannery discussed the evolution of identity. In the past, all users were plugged into a well-defined corporate network, where the system administrator would decide who had access to what. This evolved to include employees and partners, further extending this network. With the advent of the internet, this was eventually opened up to consumers.
As the perimeter has disappeared and there are now multiple identities and applications, this has opened up another layer of complexity. Today with the IoT (Internet of Things), there are now devices to consider, as well as people.
For a real-life use case, he presented the example of their partnership with the city of Richmond, B.C. The City offers various online services such as paying taxes, paying parking tickets and garbage pickup. While beneficial to residents, each was being developed in a silo, with a different portal and account. Users would be required to remember multiple passwords and enter data multiple times, which led to poor adoption.
The City approached ForgeRock with this problem, and together, they decided to provide one single portal for citizens to log into, and allow their identity to move between the various services offered. This lead to the creation of the MyRichmond portal, built out of microservices and a modern architecture, and advantage using components that were being developed and shared across the entire infrastructure. By aggregating disparate municipal services into one single portal, citizen adoption doubled.
There are four basic pillars of successful modern IAM systems:
- Simplify – Take advantage of lightweight deployment and provide a frictionless user experience, only introducing friction as a last resort. It is also important to also support the legacy apps, finding a way to expose them to the new modern identity and access management infrastructure.
- Secure – Context and relationships are key to identifying users. For instance, users would not be asked to authenticate if they are just going to work to look at their schedule, but would be asked to authenticate if they were going to send a quote to someone else.
- Scale – As millions of users now need to be supported, it is necessary to be able to perform billions of transactions, and build systems accordingly.
- Extend – Support an infrastructure that can be deployed anywhere. The concept of omnichannel is also important, as there are multiple devices, such as laptops, desktops and mobile phones, to consider, and a modern IAM must be able to support all of these devices.
Lax emphasizes the importance of synergy between these various components. “Looking across the industry, there are traditional siloed players who only offer services such as single-sign on, they are all starting to bleed into different aspects of identity and access management because they understand the value of leveraging these different pieces.”
“This is where a consistent platform offers a lot of benefits so systems can easily talk to one another.”