1

IDENTITY & ACCESS MANAGEMENT CLOUD MIGRATION: BRIDGING THE GAP

White Paperwww.gooddoglabs.com

2

03

040406

08091011

INTRODUCTION

LEVERAGING THE CLOUD BUILDING THE IAM BRIDGE TO THE CLOUDABOUT MICROSERVICES

ABOUT IAM MICROSERVICESABOUT GOOD DOG LABS, INCREFERENCESGET IN TOUCH

Text Copyright ©Good Dog Labs Inc.

Images Copyright © unsplash.com

CONTENTWhat this White Paper is about...

3

INTRODUCTION

At its start, Identity and Access Management technologies were focused on supporting basic single sign on, identity provisioning and access management capabilities for fulfilling related security, operational efficiency and compliance needs. These IAM solutions were, in most cases, poorly adopted and they focused primarily on single sign on and provisioning technology; they came with high costs and were bringing limited value to the enterprise. Their project-based deployment and compliance-driven approach allowed them to manage very few systems and applications. This made it difficult, sometimes almost impossible, for an organization to meet its security and compliance demands effectively and efficiently. Standardized, centralized and completely automated IAM solutions that were designed to minimize risks, costs and improve the efficiency of an organization were still unattainable.

Today, most organizations are well aware of their identity, governance, and compliance requirements and while compliance is still a major driver in all IAM initiatives, Identity and Access Management is moving its focus towards entitlement management, integrated identity lifecycle governance, and efficient implementation of logical and physical access controls. Organizations are finally starting to see some of the benefits from their investments in IAM but are still faced with many challenges. Program-based deployment with manual provisioning, access and approval workflows that often lead to ineffective processes that are time consuming and with higher costs of provisioning and de-provisioning.

As Identity and Access Management continues to evolve, it is obvious that organizations need broader and enterprise-based solutions that are highly adaptable to technology changes such as cloud computing and the rise of mobile technology. The future of IAM will need to have a Perimeter-less* based deployment model and a capability-driven approach that will continue to leverage existing technologies and bridge new ones in order to realize higher benefits for the same capital and operational costs.

*Perimeter-less: no boundaries between on premise and cloud IAM deployments

4

LEVERAGINGTHECLOUD

makes it easier to share infrastructure capabilities to its users. By moving to cloud IAM, companies free themselves from the limitations of traditional IT infrastructure (high cost of maintenance, slower, and longer build times) which gives them an increase in business agility, flexibility and productivity.

While cloud IAM services offer real value and provide multiple benefits, many companies have made significant investments in on-premise IAM solutions. How can these companies then see the benefits of switching to cloud IAM without losing the time and money that they have invested in developing and customizing their on-premise IAM solution? Migrating all applications to the cloud is a great way to reduce costs and seize the benefits that cloud IAM and SaaS can bring but it is not always practical. By taking a methodical and measured approach, companies are looking for ways to utilize cloud-based solutions while keeping some of their old applications on-premise. This hybrid IAM solution offers the best of both worlds by utilizing the best practices of an on-premise IAM solution with the cost savings and efficiency of cloud IAM services. The result is a solution that combines the traditional control and data privacy of the on-premise IAM ecosystem with the scalability and agility associated with IAM cloud services.

The continuous and constant increasing costs of IT and its infrastructure has moved us from traditional computing to the cloud computing age. This has led most companies to wanting to leverage the cloud, solely because moving from the on-premise to cloud IAM brings them a solution that is scalable, flexible and easily manageable from anywhere. Cloud IAM has much better network capabilities and allows seamless collaboration through preexisting cloud-based solutions. For example, if a new application is added to a cloud network, users can use it almost instantly and without any delays because cloud IAM

BUILDING THE IAM BRIDGE TO THE CLOUD

Identity and Access Management can be a manual process and still be effective in meeting the company´s needs, but the cost of labor in these situations is high and will certainly outweigh the cost of the technology. On the other hand, managing and securing user identities in the cloud can become complicated. As enterprises are switching more and more of their IT infrastructure to the cloud, the process of managing user identities and permissions is getting more complex by the day.

5

While research from IDC predicts that as high as 70 percent of CIOs will embrace a cloud-first strategy by 2016, in order to get there, companies need to move at their own pace over a number of years, with many living in a hybrid environment for quite some time.

Making the decision to move from the on-premise IAM model to a hybrid or cloud IAM solution and making the actual move can be difficult, time-consuming, expensive and with questionable end results. Commercial off-the-shelf IAM solutions can be great for most companies that are looking to automate their IAM processes and move them to the cloud. While the performance of these solutions is far superior from on-premises systems, product licensing and maintenance fees can be high and carry long-term contracts.

At the same time cloud adoption is on the rise, two new significant trends are quickly taking their hold in the IT industry – DevOps and Microservices. DevOps is a software development approach that increases collaboration between developers and operation teams and its adoption has increased from 54 percent in 2013 to 62 percent today. This increase will continue as companies increase their cloud maturity. In a research conducted by InfoWorld, Microservices have been listed as one of the most important new trends in technology. Microservices are services that are designed to be used as components of a lager suite of applications, which means that each microservice serves only one directed purpose.

GoodDogLabs follows these new industry trends and with its team of IAM experts has developed a completely new approach in bridging the gap in migration from on-premises identity and access management to hybrid and cloud-based IAM solutions. These solutions are solely based on new paradigms such as IAM Microservices and DevOps based implementation methodologies.

This approach can be implemented by leveraging the following steps:

• IT & Organization Planning Phase• Continuous IAM Delivery Design Phase• Development & Operations Alignment Phase• IAM Automation Phase• Continuous Testing Phase• Continuous On-Premise to Cloud Implementation Flow

IT and Organization Planning or, as we like to call it, IAM Pre-Assessment is the most important step in every Identity and Access Management implementation. Assessing the current IAM capabilities allows us to make your existing IAM environment as efficient and effective as possible, as well as giving us the ability to automate your IAM infrastructure components such as identity maps, access certifications and associated business processes. With this approach we create a complete assessment map of your capabilities and needs as well as develop a Critical Chain project plan necessary to implement your bridge to IAM cloud models. Based solely on DevOps, this plan will accelerate your IAM implementation by as high as 60 percent or more. In addition to assessing technology capabilities we also help build and accelerate collaboration between the business organizational outcomes with your core IT initiatives. This will identify critical business outcomes that will be enabled by the Identity and Access Management technologies and related implementation strategies.

The Continuous IAM Delivery Design Phase is where we design your IAM Bridge that will lead your implementation

6

from its current state to a state-of-the-art Identity and Access Management solution, which accommodates current and new standards based technologies for Cloud automation, orchestration, and application containerization. By using autonomous IAM Microservices (IAM.Dockables), we convert your IAM capabilities and your existing deployment methodologies to a DevOps oriented continuous deployment IAM assembly line.

During the Development and Operations Alignment Phase, our team of IAM experts will build the integration points between your existing IAM implementation, your new IAM Microservices, and operations team for a completely aligned continuous deployment approach. This process is conducted in such a way that there is no business disruption at all while enabling continuous deployment of new business enhancing IAM functionality such as new ways to interact with business partners, consumers, and cloud based services.

IAM Automation Phase is where we build a continuous delivery model with the help of application containerization and automation technologies such as Docker, Chef, Puppet Labs, and CoreOS Rocket. This approach does not only automate the setup, configuration and IAM components but it also automates your business processes as well.

The Continuous Testing Phase is conducted during the process of transforming your current on-premises IAM ecosystem to an IAM Automated Assembly Line model. The goal of this phase is to ensure continuous quality and integration of your new IAM solutions in any model (On-Premise, Hybrid, and Cloud). Integrated and automated tests are executed into business applications and automated quality control triggers are added.

The continuous on-premise to cloud IAM implementation flow (IAM Assembly Line) stage is the realization of a fully orchestrated, monitored, audited, and containerized IAM assembly line in which all IAM services may navigate seamlessly between on-premise, hybrid, and full cloud models. New business applications in the portfolio will leverage autonomous IAM Microservices that are pre-integrated with current and future IAM standards while accounting for application access from mobile devices.With vast amounts of time and money that companies have to invest, questionable ROI and end-results, it was obvious that the current approach of IAM implementations needed to change. GoodDogLabs’s approach follows newest technology and market trends, giving you the ability to reduce implementation and maintenance costs while seizing the best that the IAM industry has to offer while helping you future proof your applications and IAM investments.

ABOUTMICROSERVICES

“Time is our most precious asset, we should invest it wisely”.- Michael Levy. While it is difficult to define what time is, most decision makers are certain of one thing: they do not have any. While every decision maker is focused on “big things” such as increasing revenue, big data, and smart analytics, it is not unusual that they will not even glance at something called Microservices.In short, Microservices are a powerful and a considerably new architectural approach to developing a single application as a

7

suite of small services, each of them running its own task. They are built around business capabilities and can be deployed by fully automated deployment processes.

To realize the advantages of Microservices, we first need to compare them to standard applications that are built as a single unit. While these applications are still considered mainstream and successful, the problems arise when there is a need to change something. This often requires building and deploying a new version of the server-side application. As more and more applications are moved to the cloud, people can be frustrated with them because even a small change to one part of the application requires the rebuilding and redeployment of the entire application.

A couple of decades ago the software industry, found out the need to build systems by joining together various components. During the last couple of years, considerable progress has been made in this field. Microservices are the result of that progress, allowing applications built using Microservices to be as decoupled and as cohesive as possible.

Microservices architecture uses dependent libraries but their primary way of componentizing software is by breaking it into autonomous services. The main reason for using services as components is that services can be independently deployable. With this approach, a change to a single component will not require the rebuilding and redeploying of the entire application. This innovative and, as we like to say it, “futuristic approach” is real and many companies are using it today, however it is still not mainstream for Identity and Access Management systems, but due to all the benefits it carries, it will soon become the only approach that you would consider taking.

Microservices CharacteristicsIndependent, Automated, and Scalable• Enables Componentization• Organized around the business applications capabilities• You build it, you run it! • Smart API layers• Decentralized data layers

In the supply chain application example below, every business func-tion is autonomous and provides an independent service. The ship service only knows how to ship a product, the inventory service only updates inventory, and the charge service only knows how to charge for products. If one service changes , it does not negatively effect the other services. All services become more nimble and agile lending themselves to automation and orchestration.

8

ABOUT IAMMICROSERVICES

scalable. With its smart and decentralized API layers, these IAM Microservices are organized and deployed as part of a business application and not an “after thought” any more. Each IAM Microservice enables a very specific set of business capabilities and are inherent to the business application composition.

Our IAM Microservices are lightweight fast and orchestrated in such a way that allows you to easily bridge the gap between Cloud based IAM, mobile, social and enterprise identities while securing your native applications in the process. While there are many recognized and robust IAM solutions on the market, the obvious question that comes to mind is: Why IAM Microservices?

Simple. Most companies are not getting the benefits that they have signed up for, especially when compared to the investment they´ve made and the time to value that they´ve expected. Customization can be time-consuming and expensive due to complexity of classic IAM solutions. Instead, GoodDogLabs´ IAM Microservices allows for easy deployment, customization, personalization, and are built to enable you to deliver an automated and easy cost-effective cloud transition for all your business applications.

With all the benefits that Microservices bring, the next logical step was to introduce this model to Identity and Access Management.

GoodDogLabs´s IAM approach is to use a DevOps based implementation and IAM Microservices model to build an IAM solution that is independent, fully automated and easily

EachIAMMicroserviceenablesaveryspecificsetofbusinesscapabilitiesandareinherenttotheapplicationcomposi-tion. Take the supply chain example below. A set of independent services in the chain perform a shipment transaction, update inventory, and charge the customer for the order. The IAM Microservices are inherently used in this chain. In addition, any changes to IAM industry protocols may be introduced seamlessly without effecting the system as a whole. TheIAMMciroservicesrecognizemultipleIAMsystemsthereforenotforcingyoutouseaspecificIAMvendor.Imple-mentation velocity is increased due to a continuous and automated IAM delivery model.

9

ABOUT GOOD DOG LABS.

Good Dog Labs, Inc. was founded in 2014 by information security and Identity and Access Management industry veterans. We are changing how IAM is delivered today to secure business transactions and identities by providing advisory, implementation, and product services that together form an Automated Identity and Access Management Assembly Line.

Our two founders combined have more than 24 years of information security and Identity & Access Management experience and years of IT service management methodology experience.

The team has experience in leading large teams in providing innovative information security solutions and assisting clients with information security strategy and execution. Our passion is helping clients in all industries to design, implement, automate, and monitor information security and IT governance systems and programs.

All of our experience is a result of working with security solution vendors such as IBM, CA, RSA Security, Aveksa, Cyber-Ark, Dell, NetIQ, Thor Technologies (Now Oracle OIM), and identity federation vendors where we have led engineering, consulting, professional services teams to deliver Identity & Access Management , information security products, and solutions to global clients.

10

• 1. IDC (2013) IDC Releases Market Predictions for 2014: CIO Agenda [online] Available from: http://www.idc.com/getdoc.jsp?containerId=prUS24481913 [Accessed 27 February 2015].

• 2. Right Scale (2014) 2014 State of the Cloud Report: See the Latest Trends on Cloud Adoption [online] Available from: http://www.rightscale.com/lp/2014-state-of-the-cloud-report [Accessed 27 February 2015].

• 3. Knorr, E. (2014) 9 key enterprise tech trends for 2015 and beyond [online] Available from: http://www.infoworld.com/article/2851469/cloud-computing/9-enterprise-tech-trends-for-2015-and-beyond.html [Accessed 27 February 2015].

REFERENCES

11

Phone : +1 (877) 713-1186Email : info@gooddoglabs.com www.facebook.com/gooddoglabs www.twitter.com/gooddoglabs www.linkedin.com/company/good-dog-labs-inc-

Good Dog Labs, Inc.45 Prospect Street, 5th FloorCambridge MA 02144

GET IN TOUCH WITH US