Digital identities and the open business
Transcript of Digital identities and the open business
-
8/22/2019 Digital identities and the open business
1/21
Copyright Quocirca 2013
Bob TarzeyQuocirca Ltd
Tel : +44 7900 275517
Email: [email protected]
Rob BamforthQuocirca Ltd
Tel: +44 7802 175796
Email: [email protected]
Digital identities and the open business
Identity and access management as a driver for business growth
February 2013
Identity and access management (IAM) systems are today used by the majority of
European enterprises. Many of these are still installed on-premise but increasingly they
are being supplemented by the use of on-demand IAM services (IAMaaS). The overall
uptake represents a big increase from when Quocirca last surveyed the market in
20091.
Whilst IAM is important for managing the access rights of increasingly mobile
employees, three other major drivers have encouraged businesses to invest despite the
tight economic conditions: the opening up of more and more applications to external
users, the growing use of cloud based services and the rise of social media. The ultimate
aim with all three is to nurture new business processes, thereby finding and exploiting
new opportunities.
This report presents new research into the use and benefits of IAM and the relationship
it has with these three drivers. The research is based on over three hundred interviews
with senior IT managers in medium sized to large organisations in a range of business
sectors across Europe. The report should be of interest to anyone wanting to better
serve all types of users, whilst still keeping control over applications and data.
-
8/22/2019 Digital identities and the open business
2/21
Digital identities and the open business
Quocirca 2013 - 2 -
Digital identities and the open businessIdentity and access management as a driver for business growth
Effective identity and access management (IAM) is seen as an essential tool for enabling open interaction between a business
and its users, be they consumers, employees or users that are employees of other businesses, such as partners or customers.
Many businesses now have
more external users than
internal ones
The majority of businesses now open up at least some of their applications to external users,
with 58% saying they transact directly with users from other businesses and/or consumers.
The scale of the business processes they are running that require this will often mean the
number of external users exceeds internal ones. This has led to a rise in the uptake of IAM
systems with advanced capabilities to handle multiple types of users.
Advanced IAM also helps
organisations embrace
cloud services and social
media
97% of organisations that are enthusiastic about cloud-based services have deployed IAM in
general and 65% are using IAM-as-a-service (IAMaaS); only 26% of cloud avoiders use any
form of IAM. The single-sign-on (SSO) capability of such services acts as a broker and a
central place to enforce usage policy between users and both on-premise and on-demand
applications. Many businesses also recognise the value of social media, with the top
motivation being to identify and communicate with potential customers.
Deployment of IAM has
increased markedly in the
last three years
When Quocirca last researched the IAM market in 20091, 25% had some form of IAM in
place, with 52% saying it was planned although, for many, those plans were delayed.
However, regardless of the ensuing tight economic conditions, 70% have now deployed IAM.
For 27% this is a totally on-premise system, however, 22% have already chosen to use a pure
on-demand system, whilst 21% have a hybrid deployment.
The number of sources of
identity is extending well
beyond in-house directories
Active Directory is the most widely used primary source of identity for employees (68% of
respondents). For users from customer and partner organisations the most common sources
of identity are their own directories (1112%). Secondary sources include the membership
lists of professional bodies, for example legal and medical practitioners (78%) and
government databases (23%). 12% use social media as a primary source of identity for
consumers, 9% say it is secondary. These fairly low use rates of alternative sources suggest
an untapped business opportunity, perhaps because currently deployed IAM tools do not
facilitate it.
IAM eases a number of
management challenges
The top IT management challenge eased by IAM is the enforcement and management of
access policy. However, it is also about improving the user experience by providing easy
federated access to multiple applications and enabling user self-service. Whilst there are
many benefits for businesses to be gained from effective IAM it seems likely that IT
departments are under-selling these benefits.
The benefits of IAMaaS, in
particular, are widely
recognised
The potential of IAMaaS is widely recognised even by those with pure on-premise IAM
deployments. Lower management and ownership costs along with improved employee
productivity top the list, with ease of integrating external users not far behind. Those who
make extensive use of cloud-based services are especially likely to recognise the benefits of
IAM in general and select IAMaaS in particular.
Conclusions
Having an identity and access management system in place is now seen as an imperative by many businesses to achieving a wide
range of IT and business goals. Those organisations that lack effective IAM are likely to lag behind their competitors in many areas
as more and more business-to-business (B2B) and business-to-consumer (B2C) transactions move online, cloud services become
the mainstream source of IT applications and services for many businesses and social media takes centre stage as a source ofidentity.
-
8/22/2019 Digital identities and the open business
3/21
Digital identities and the open business
Quocirca 2013 - 3 -
Introduction identity as the new perimeter
Identity and access management (IAM) is all about a
business authenticating and understanding its users.
This includes its employees, but also the growing
number of external users that a given business allows to
access its applications (Figure 1), both those installed
on-premise and those that are subscribed to as on-
demand services. Identity and access management
(IAM) systems are increasingly being seen as the bridge
between users and applications; either of which can be
inside or outside of the firewall that has traditionally
been the boundary of a given organisations IT systems.
This has led to the concept ofthe identity perimeter2.
Some organisations say they no longer even have office-
based employees, with all employees being consideredas mobile (just 8% said they had only office-based
users). However, the biggest change is the degree to
which consumers and the employees of customer
organisations are being given access; 58% of the
businesses surveyed have now opened up applications
to users from customer organisations, consumers or
both (the figure of 58% is derived by adding together
the numbers for those who interact with consumers and
those that interact with users of customer organisations
and subtracting from the total those who say they
interact with both). The main motivator is to transact
directly with these external users online (Figure 2).
IAM is also about making sure all users have convenient
access to the resources they require, whilst maintaining
appropriate levels of security and privacy and ensuring
compliance requirements can be met. It is not about the
creation and storage of identities per se. As this report
will go on to show, effective IAM enables the federated
use of a wide range of existing sources of identity. It also
provides the balance between opening applications up
to mobile and external users whilst making sure those
applications, and the data to which they provide access,
is appropriately protected.
The degree of transaction with external users varies by
sector. With growth in use of online banking, financial
services organisations are the most likely to be
interacting with consumers, with 54% already doing so,
along with government organisations, 49% of which are
already transacting online with citizens. Telcos (as
service providers) lead when it comes to direct
interaction with users in business customer
organisations with 48% doing so already, with
manufacturers coming in second at 42% with their
-
8/22/2019 Digital identities and the open business
4/21
Digital identities and the open business
Quocirca 2013 - 4 -
complex supply chains. The profile of interaction is
likely to change over time as the benefit of direct
interaction is increasingly recognised and more and
more products and services are sold directly.
Beyond the opening up of applications to externalusers, there are two other major drivers for IAM.
First, there is the increasing acceptance and take up
of cloud services (Figure 3). The research
unambiguously shows that those organisations that
are making wide use of cloud services have also
invested in IAM (see later section on IAMaaS). The
main reasons for this are that IAM eases the way
access to cloud-based services is granted and revoked
and once a user has logged on once they can be given
immediate access to multiple cloud services.
Second is the rising use of social media (Figure 4), which can help businesses to better understand customer
preferences and improve the overall customer experience. Many think there is huge business potential here;
however, the number one reason for working with social media highlighted by this research is being able to identify
and communicate with potential customers. Advanced IAM systems enable this by allowing users to make use of
their own existing identities, which in turn enables easier interaction and should lead to faster business growth.
Businesses need to recognise that the return on investment in IAM is not just improved security but an open ended
business opportunity knowing your users through their digital identities and then being able to maximise their
potential is the cornerstone for controlling interaction between a given business and the outside world.
You and your digital identity, the rise of social media
The age of bring-your-own-identity (BYOID)
For one group in particular consumers social
media is emerging as a key source of identity
(Figure 5). Real world examples of this include
organisations that have internet-centric business
models, for example music download sites such
as Spotify and charity giving sites such as
JustGiving, that allow users to login using their
Facebook identities; this makes it far easier for
users to sign up and for donors to part with their
money.
However, usage looks set to expand into more
conservative areas; for example, the UK
government is also evaluating Facebook as part of
the Identity Assurance (IDA) programme3, a way
of better enabling secure transactions between
public sector bodies and citizens. Is it even
possible in the future that Facebook or Google identities could be the basis for access to online banking? This would
not be such a huge step, according to a recent report from Virgin Media4, two thirds of UK banks have already
speeded up customer service through use of Twitter.
-
8/22/2019 Digital identities and the open business
5/21
Digital identities and the open business
Quocirca 2013 - 5 -
This has led to the emergence of the concept BYOID
(bring-your-own-identity), something that may well
extend beyond consumers all the way to employees in
the fullness of time. Before too long employees may take
their identities with them from one job to the next in asimilar way that many already do with their smartphones
and other access devices (BYOD bring-your-own-device
another industry trend that has already taken hold5).
Many may consider that an identity taken from a social
media site cannot be trusted. However, there are an
increasing number of services that can be used to
calculate the trust of such identities and set thresholds
for when they are accepted. Such sites calculate that, if a
user has been using the same Facebook identity for five
years and has accumulated a long back history of
communications, it is unlikely to be a fake. In fact,
because of the controls many social media organisations
place around creating accounts, using them to create fake
identities is more difficult than doing so through a
registration process that involves a new unique account
being created specific to a given service.
However, if social media sites are to be used as a source
of identity, businesses need to be savvy about how they
go about it. Marketing departments cannot expect to
convert users of third party social media sites directly
across to their own applications; neither can they expect
users to login multiple times or fill out several forms with
the same information. To truly embrace social media
requires it to be fully integrated with IAM systems and
used as a means of single-sign-on (SSO) to multiple
resources. Any company not using this effectively may be
losing sales.
The increasing use of IAM
Patterns of use for IAM
The three trends outlined earlier the opening up of applications, the rising use of cloud and growing importance of
social media added to an increasingly complex mix of identity sources, are all drivers behind the growing use of
IAM. Figure 6 shows that there seems to have been considerable investment in IAM since Quocirca last published
research in this area in 20091
(which was focussed on privileged user management). 70% of organisations now have
some sort of a system in place compared with around 25% just four years ago. Interestingly, around 50% said they
had plans for IAM investment in 2009; plans which seem to have come to fruition despite the ensuing tight
economic conditions. In a later section; The IAM empowered business, the report looks at the reasons IAM
systems are seen as important for achieving a range of IT objectives.
The use of on-demand IAM-as-a-service (IAMaaS) is on the rise; 22% say this is their primary way of implementing
IAM with a further 21% saying they have a hybrid on-premise/on-demand deployment.
-
8/22/2019 Digital identities and the open business
6/21
Digital identities and the open business
Quocirca 2013 - 6 -
This leaves 30% of companies with no IAM system at all, with smaller companies being the least likely (Figure 7).
They will find it hard to open up access to applications in the way that that their competitors have. In the past small
businesses may have considered that such systems were only affordable by large enterprises, however with the
increasing availability of IAMaaS, where payment is by use, cost should no longer be a blocker.
Authenticating users
The data shown in Figure 8 examines the attitude the respondents had to various aspects of authenticating users. It
is widely accepted that clearly establishing identities is essential. Overall, 84% of all respondents say the need to
do so is true for their organisation.
When it comes to checking identities,
77% are likely to use strong
authentication (this is especially true of
telcos and financial services). However,
only a small number of respondents say
they use hardware token providers (as a
primary source of identity), probablybecause of the cost. The main reason that
businesses will have turned to hardware
token providers as a source of identity in
the first place is because they are also a
source of strong authentication. Given
the importance attached to strong
authentication, many are probably
seeking lower cost software-based
alternatives that make use of spatial
and/or temporal co-ordinates or making
use of mobile phones (unsurprisingly,
telcos take a lead here too).
70% say they no longer rely entirely on
usernames and passwords to authenticate users (again, this is especially true of telcos). IP addresses are used for
authentication by 82%; if used alone this would be a concern because IP addresses can be spoofed by hackers who
want to make their attacks appear to come from legitimate locations. However, it is unlikely that IP addresses are
being used as a primary means of identity; they are probably just an additional attribute that may be used as part of
a strong authentication process.
As many as 54% say they sometimes transact without first establishing the identity of users. This was especially true
of telcos (83%) and financial services (77%). There may be good reasons for this, for example when asking for a
quote for insurance or mobile phone service plan many do not want to give all their details before seeing the cost.
However, it is likely that, in other cases, collecting such information is simply seen as too arduous, which it need not
be if the supporting IAM tools were in place. In many cases the customer experience could be improved.
-
8/22/2019 Digital identities and the open business
7/21
Digital identities and the open business
Quocirca 2013 - 7 -
Multiple sources of identity
Obviously, all organisations have some existing source of
identity for their own employees. For 68% of the
respondents to the current survey the main one is
Microsoft Active Directory (Figure 9). When it comes to the
broader community of users, Active Directory is less widely
used. For mobile users and contractors it is still likely to be
the main source, but less so.
Whilst Active Directory is widely used, it, and most other
directories, has not been designed to scale up for the
emerging use cases where some organisations are now
engaging with tens or hundreds of thousands of users from
other businesses maybe millions of consumers.
There are other challenges that are tricky to resolve with a
policy that relies on a single organisational user directory.
Many IT departments have to cope with mergers andacquisitions at some point; this may mean merging two
different directories. With federated IAM, both can be
maintained, at least in the short term, with both being use
as identity sources. Many cloud-based applications also
have their own directory of users, which can be integrated
as part of single overall user identity in a federated IAM
system and access provided via SSO.
A growing minority of organisations are already exploiting
other sources, either as a primary or secondary means of
identifying and authenticating external users (Figures 10
and 11). These include: The external directories of partner and customer
organisations are the most widely used primary source
of identity for users from customer and partner
organisations.
Professional body membership listings, for examplelegal and medical practitioners, are most commonly
used as a secondary source of identity for users from
customer and partner organisations.
Government databases are used to a limited extent, anopportunity that could be exploited further.
Social media, as pointed out in the introduction,
currently is most likely to be used for consumers butwith huge future potential for all types of user as the
age of BYOID dawns. As Figure 4 showed, identifying
and communicating with potential new customers is
currently a leading use case for social media, but there
is a range of others, including analysis of customer likes
and dislikes.
Of course, this still leaves many organisations with no source of identity for external users, either because they are
not engaging with them effectively through IT or because their current IAM capabilities do not allow them to, which
may mean they are missing out on potential rich seams of user information to help attract new business.
-
8/22/2019 Digital identities and the open business
8/21
Digital identities and the open business
Quocirca 2013 - 8 -
The IAM empowered business
The growing diversity of users and the
consequent range of sources of identity
underlines why so many organisations have
seen the need to invest in IAM tools that can
link multiple identity sources and provide
federated access based on policy.
Figure 12 shows how respondents rated IAM as
a means of enabling various IT management
requirements. Top of the list was the
enforcement of access policy for users; beyond
this it was about improving the user experience
through providing self-service and federated
access as well as ease of provisioning.
Scalability to cope with unknown numbers of
users was low on the list; for some this may be
because they do not understand the limitations
of existing directories, or because they do not
know there are tools that can help with this;
others may simply take it for granted as they have such tools in place already. The perception of IAM as an enabler
for access to cloud-based applications (software-as-a-service/SaaS) is also low, but the evidence of this research is
that it can be a key enabler for those that are making extensive use of cloud services.
Policy enforcement is generally achieved using advanced single-sign-on (SSO). Once a user is authenticated, all
relevant resources are opened up and their use audited. There is a benefit to customers in doing this; from the
earliest stages of interaction each individual can be assigned a unique internal identifier linked to a range of otherattributes, including their existing social and/or business identities, which, as far as they are concerned, is their
primary identity.
A new user can be provisioned once via SSO and have immediate access to both on-premise and cloud-based
resources from any device (dependent on policy). Perhaps more importantly, their access to all resources can be de-
provisioned in an instant when the need arises and there are no legacy passwords held in cookies etc. on their
devices.
SSO simplifies things for both the user and the access provider. It is about much more than a one-time validation of
an identity. An SSO system acts as a hub and, based on the parameters associated with a given identity, it can
control access to applications and data and enact policies about what a given user or class of users are entitled to
with that access. Those actions can also be readily audited. Because such policies can be based on the results ofanalysis of content, it is still possible to deny access to certain classes of information even when documents are
misclassified or stored in the wrong place.
To engage with external users it is often necessary to be able to extend the metadata that describes a user. When
this is the case, parameters can be added and used to decide what resources to allow or deny access to and, where
needed, additional criteria required by different applications associated with a given identity. Flexibility is important
as these parameters may change over time and new ones may need to be added.
Most recognise that to deploy advanced IAM and to make use of federated services requires standards (Figure 13).
LDAP, a general IAM standard for exchanging identity information between systems, topped the list, being seen as
-
8/22/2019 Digital identities and the open business
9/21
Digital identities and the open business
Quocirca 2013 - 9 -
essential or useful by 88% of respondents. However, 60% recognised the growing importance of SCIM, a standard
for simplifying identity management in the cloud.
Although IAM has many potential business benefits making it easier to attract new customers, increasing business
with existing customers, improved user experience and making business processes more efficient, all of which can
provide an overall competitive edge IT departments seem to be underselling IAM. Many seem more aware of theIT operational benefits than the business ones (Figure 14). Although just under half felt it was true that the business
is not interested in our IAM systems, it seems there are board members ready to listen.
Those that have not persuaded their bosses to take an interest may fail to get the go ahead for enhanced or new
investments. They should learn from the more insightful that are focussed on the business benefits and presenting
these as an opportunity. And there is good news for all; the task of securing investment has been made easier by
the increasing availability of IAM-as-a-service (IAMaaS).
-
8/22/2019 Digital identities and the open business
10/21
Digital identities and the open business
Quocirca 2013 - 10 -
The emergence of IAM-as-a-service (IAMaaS)
IAM-as-a-service (IAMaaS) is the provision of IAM capabilities on-demand over the internet; many such services
provide all the capabilities of an on-premise system with additional benefits unique to IAMaaS, which are
summarised in the next section (Table 2). Provision of IAMaaS may be direct from an IAM vendor or from a service
provider using a vendors product. The number of vendors offering IAMaaS has risen in the last 45 years and many
more buyers reviewing options for IAM will now be evaluating IAMaaS.
The recognition of the benefits of IAMaaS is widespread (Figure 15), more so than its actual use, which, as reported
earlier (Figure 6), was 22% for pure IAMaaS deployment and 21% for hybrid use, where IAMaaS is integrated with
on-premise IAM. This combination has its own set of benefits, also outlined in the next section (Table 3). This
understanding of the benefit of IAMaaS, even by those currently using a purely on-premise system or having no
current IAM system, suggests plenty of opportunity for the providers of such services or those considering deploying
them.
Just as with IAM in general, respondents to the current survey were more likely to recognise the IT rather than the
business benefits of IAMaaS, especially the operational cost savings (Figure 16). Many will also like the fact that, aswith most on-demand services, payment is out of operational expenditure (OPEX) rather than requiring upfront
capital expenditure (CAPEX). There was also widespread recognition that IAMaaS can lead to improved employee
-
8/22/2019 Digital identities and the open business
11/21
Digital identities and the open business
Quocirca 2013 - 11 -
productivity; for example access to a wide range of resources can be more easily made to an increasingly mobile
workforce.
All the business benefits of IAM in general making it easier to attract new customers, increasing business with
existing customers, improved user experience and making business processes more efficient also apply to IAMaaS.
Other benefits beyond the cost savings that apply to IAMaaS in particular include the ease of providing access to allusers, especially external ones.
As was pointed out in the introduction (Figure 3), the acceptance of cloud-based services in general is now
widespread. 22% of respondents can be considered to be cloud enthusiasts whilst another 23% can be considered
to be cloud avoiders. Contrasting these two groups and their views on certain issues has proved to be interesting
and will be the subject of a forthcoming Quocirca report6; for now, the current report will look at views on IAM in
particular.
First, respondents were asked about the importance of certain security technologies for providing access to cloud-
based services (Figure 17). Even cloud avoiders accept they have to use at least some cloud services and see the
need for audit trails and content filtering. Whilst cloud enthusiasts also recognise the same needs, they also widely
acknowledge the benefits of IAM, SSO and linking identity and content through policy. These are all integral
capabilities of most advanced IAM systems. In other words, cloud enthusiasts see IAM as essential for enabling their
use of cloud.
Also, as Figure 18 shows, the enthusiasts were far more likely to have deployed IAM, with 97% having something in
place compared to just 26% of avoiders. Not surprisingly, the majority of enthusiasts (65%) are choosing IAMaaS
either as their sole IAM capability or as part of a hybrid system. Of course, cause and effect may be debatable, we
use cloud therefore we need IAM or because we have IAM we can use cloud, but the linkage is clear. Cloud-based
services are going to continue to be seen as an effective way of delivering many IT services and IAM enables this. If
you are using cloud-based services in general, why not use them for IAM too? Why not IAMaaS?
-
8/22/2019 Digital identities and the open business
12/21
Digital identities and the open business
Quocirca 2013 - 12 -
The benefits of IAM
Deployed effectively, IAM benefits both the business and the IT department. IAM is the key to the opening up of
applications to external users, the exploitation of social media and the adoption of cloud services. The business and
operational benefits are listed in the three tables that follow; first for IAM in general, then IAMaaS in particular and
finally for hybrid deployments.
Table 1: Benefits of advanced identity and access management
BUSINESS BENEFITS OPERATIONAL BENEFITS
Transacting directly with customers is the number one
motivator for opening up applications to external
users, with 87% of respondents saying it was a primary
or secondary motivator. Advanced IAM enables
businesses to transact securely and efficiently with a
wide range of users.
Enabling federated access to existing and new
applications for both external users and employees is
seen as one of the top IT management benefits of
advanced IAM by around 80% of respondents.
Advanced IAM enables business growth and innovation
through supporting the simple creation of new online
revenue streams and increased customer satisfaction.
46% of respondents already recognised IAM as essential
to achieving certain business goals.
84% of respondents believe that clearly establishing
identities is essential in ALL cases before commencing a
transaction. Advanced IAM enables access to both
cloud-based and on-premise applications to be
controlled via a single identity.
The process of mergers and acquisitions can be eased
by the rapid sharing of resources, enabling the
federating of two different directories of users from
each organisation via IAM.
82% of respondents believe IAM is essential to
achieving IT security goals. Advanced IAM enables the
rapid provisioning of all types of new users and, as
important, their immediate and comprehensive de-
provisioning when the relationship with a given user
ends.
User self-service was seen at the number two
management benefit of IAM, selected by 81% of
respondents. Allowing users to reset their own
passwords and be automatically granted access to new
applications based on policy is good for user experience
and makes for more efficient IT operations. This
increases customer satisfaction and reduces operational
costs.
The opening up of a wide range of alternative sources of
identity via the use of open standards is essential to
achieving federated IAM. 88% say LDAP is essential or
useful and there is increasing awareness of SCIM, with
60% saying it is essential or useful.
-
8/22/2019 Digital identities and the open business
13/21
Digital identities and the open business
Quocirca 2013 - 13 -
Table 2: Benefits specific to IAM-as-a-service
BUSINESS BENEFITS OPERATIONAL BENEFITS
58% of businesses already provide direct access for
consumers, business partner users or both to their
applications. IAMaaS eases the provision of access as
such systems are designed for remote access from the
bottom-up.
Lower cost of management was the top benefit cited
for IAMaaS (52% of all respondents). As with any on-
demand service, IAMaaS systems do not require
installation and configuration, they can be rapidly
deployed and do not require specialist in-house skills.
As it is itself a cloud-based service, IAMaaS, in particular,
enables the easy federation of applications from
different cloud service providers for all types of user,
easing the creation of new partnerships. 59% of
respondents already recognised the benefit of this.
Lower cost of ownership was cited by 50% of all
respondents as a benefit of IAMaaS, which costs less to
implement than an on-premise system due to
economies of scale (shared infrastructure costs).
As the use of IAMaaS is easily scalable, it can be
expanded or contracted based on needs. For example,if a new consumer service is launched it may take off or
flop; either way an under or over investment will not
have been made.
As with most on-demand services, payment is out of
operational expenditure (OPEX) rather than requiringupfront capital expenditure (CAPEX). Costs are
therefore on a more predictable pay-as-you-grow
basis. This allows organisations to experiment with the
benefits of advanced IAM and prove the value without
major upfront investment, often by tackling a few
tactical projects in the early days
Identifying and communicating with potential new
customers is one of the top reasons for business use of
social media. Certain IAMaaS systems have pre-
configured links to many social media sites, enabling
easy integration into business processes and the
growing use ofbring-your-own-identity (BYOID).
IAMaaS improves IT productivity with no identity
infrastructure to manage; IT staff are freed up to focus
on other tasks and innovation.
52% of all respondents saw improved employee
productivity as a benefit of IAMaaS. It provides easy
access to a wide range of resources for all employees,
including those working remotely.
IAMaaS, like all on-demand software services, provides
immediate access to new features without the need to
install updates and the down time that can entail.
Table 3: Benefits specific to hybrid on-premise plus IAMaaS
BUSINESS BENEFITS OPERATIONAL BENEFITS
More sensitive applications can remain internalised,
with access rights restricted to those listed on theinternal directory only, whilst transactional
applications can be opened up to all via the IAMaaS
system. This is an aid to the 81% who see IAM as
necessary to achieving IT security goals.
Continued use can be made of existing legacy IAM and
directory deployments whilst advanced capabilities canbe integrated from an IAMaaS system.
IAMaaS systems are already integrated with many cloud
applications (e.g. Google Apps, Office 365 and WebEx).
They are, therefore, ready-to-go for the business
without have to rely on IT to configure or write
interfaces. Adding IAMaaS to an existing on-premise
deployment adds such capabilities at a click.
Many cloud-based applications also have their own
directory of users, which can be integrated as part of a
single overall user identity in a federated IAM system
with access provided via SSO, linked to on-premise
applications via existing internal IAM.
-
8/22/2019 Digital identities and the open business
14/21
Digital identities and the open business
Quocirca 2013 - 14 -
Conclusion
Having an IAM system in place is now seen by many businesses as essential to achieving a wide range of IT and
business goals. Primary amongst these are the opening up of more and more applications to external users, the
growing use of cloud-based services and the rise of social media. The ultimate aim is to nurture new business
processes, thereby finding and exploiting new opportunities. The number of businesses that have deployed IAM has
increased dramatically over the last four years.
Those organisations that lack effective IAM are likely to lag behind their competitors in these areas as more and
more business-to-business and business-to-consumer transactions move online, cloud services become the
mainstream source of IT applications and services for many businesses and social media takes centre stage as a
source of identity. IAM has moved from a security tool to become a business enabler.
The availability of IAMaaS has brought access to enterprise IAM capabilities within reach of smaller organisations
and, for larger organisations with legacy IAM and directory systems, IAMaaS can provide them with the agility to
embrace all these opportunities through integrating them into a hybrid system. This has led to a rapid growth in the
use of IAMaaS either as the sole way a business deploys IAM or as part of an on-premise/on-demand hybriddeployment.
However identity management is achieved, the majority of businesses now see it as essential. The statement made
at the start of this report, that identity is the new perimeter, is already a reality and will become more so as IT users
and applications disperse ever more and traditional IT security boundaries look more and more dated.
-
8/22/2019 Digital identities and the open business
15/21
Digital identities and the open business
Quocirca 2013 - 15 -
Appendix 1 country level data
Certain observations regarding the variation between organisations in different industry sectors have been made
throughout the report. Some comment has also been made on the variations between organisations of different
sizes, especially with reference to the deployment of IAM. These observations are made across all 337 surveys.
Appendix 1 shows some of the variations between countries, although it should be pointed out that for some
countries the samples are too small for significant conclusions to be drawn (see Appendix 2, Figure 31).
Open up applications, attitude to cloud and adoption of social media
Organisations in the Nordic and Benelux regions were more likely to be opening up their applications to consumers
than those from further south; Iberia and Italy (Figure 19). However, a strong motivator for all to do so was to
transact directly with customers (Figure 20). Conversely, Italian and Iberian organisations were the least likely to be
cloud avoiders (Figure 21), so all have good reason to look at IAM, albeit with the reasons for doing so varying. The
Nordics are leading the way with use of social media for identifying and communicating with potential customers
(Figure 22), which ties in well with their enthusiasm for opening up applications to consumers.
-
8/22/2019 Digital identities and the open business
16/21
Digital identities and the open business
Quocirca 2013 - 16 -
Deployment and use of IAM
The Nordics may find it easier to embrace open applications and social media if more of them put IAM systems in
place; they were some of the least likely to have done so. Overall, Iberian organisations were the most likely to have
done so and the most likely to have deployed IAM-as-a-service (Figure 23). UK-based organisations are hot on
strong authentication, with those in the Benelux region taking little interest (Figure 24).
Italians were the least likely to see IAM an important for providing federated access to external users, whilst, in line
with other findings, Nordics were keen. However, Italians were the most likely to extol the virtues of IAM for
simplifying access to SaaS-delivered applications (Figure 25). The need for scalability of IAM for unknown numbers
of users was most recognised amongst the countries with the largest populations (Figure 26), which makes sense,
whilst only in the Nordics and Israel did the majority think IAM was very important for access policy
management/enforcementalthough most saw it as at least fairly important.
-
8/22/2019 Digital identities and the open business
17/21
Digital identities and the open business
Quocirca 2013 - 17 -
Benefits of IAMaaS
Italians and Iberians were the most optimistic that the business was interested in their IAM systems (Figure 27) and
in all areas but the UK the majority felt there were benefits to be had from IAMaaS (Figure 28). When it came to the
benefits of IAMaaS, those from the Benelux region were again focussed on integrating external users, whilst Italians
were the most interested in saving a bit of money, although this was important to all (Figure 29).
Benelux, Israeli, Nordic and UK based organisations were the most likely to recognise the power of IAMaaS to open
up new revenue streams, whilst the French and Italians were focussed on new business processes. The Iberians took
little or no interest in either of these issues (Figure 30). That said, awareness of these business benefits needs to
increase across the board to bring them more in line with the operational IT benefits.
-
8/22/2019 Digital identities and the open business
18/21
Digital identities and the open business
Quocirca 2013 - 18 -
Appendix 2 demographics
The following figures show the distribution of the research respondents by country, size, sector and job role:
-
8/22/2019 Digital identities and the open business
19/21
Digital identities and the open business
Quocirca 2013 - 19 -
Appendix 3 references
1 Privileged user Management Quocirca 2009
http://www.quocirca.com/reports/430/privileged-user-management--its-time-to-take-control
2 The identity perimeter Quocirca 2012
http://www.quocirca.com/reports/791/the-identity-perimeter
3 UK Cabinet Office web site
http://www.cabinetoffice.gov.uk/resource-library/identity-assurance-enabling-trusted-transactions
4 - Social media continues to rise in popularity among high street banks Virgin Media study
http://www.virginmediabusiness.co.uk/News-and-events/News/News-archives/2012/Social-media-continues-to-
rise-in-popularity-among-high-street-banks/
5 Quocirca The data sharing paradox 2011
http://www.quocirca.com/reports/620/the-data-sharing-paradox
6 Forthcoming cloud report 2013
Quocirca will be publishing a follow-on report on the use of cloud-based services
-
8/22/2019 Digital identities and the open business
20/21
About CA Technologies
CA Technologies (NASDAQ: CA) provides IT management solutions that help customers manage and secure complex
IT environments to support agile business services. Organisations leverage CA Technologies software and SaaS
solutions to accelerate innovation, transform infrastructure and secure data and identities, from the data center to
the cloud.
IT Security solutions from CA Technologies can help you enable and protect your business, while leveraging key
technologies such as cloud, mobile, and virtualisation securely to provide the agility that you need to respond
quickly to market and competitive events. Our identity and access management (IAM) solutions can help you
enhance the security of your information systems so that you can improve customer loyalty and growth, while
protecting your critical applications and data, whether located on-premise or in the cloud. With more than 3,000
security customers and over 30 years experience in security management, CA offers pragmatic solutions that help
reduce security risks, enable greater efficiencies and cost savings, and support delivering quick business value.
CA CloudMinderTM
provides enterprise-grade identity and access management capabilities as a hosted cloud service
supporting both on-premise and cloud-based applications. Deployed as a service, CA CloudMinder drives
operational efficiencies and cost efficiencies through speed of deployment, predictability of expense and reduced
infrastructure and management needs.
www.ca.com/mindyourcloud
-
8/22/2019 Digital identities and the open business
21/21
Digital identities and the open business
About Quocirca
Quocirca is a primary research and analysis company specialising in the
business impact of information technology and communications (ITC).
With world-wide, native language reach, Quocirca provides in-depth
insights into the views of buyers and influencers in large, mid-sized and
small organisations. Its analyst team is made up of real-world
practitioners with first-hand experience of ITC delivery who continuously
research and track the industry and its real usage in the markets.
Through researching perceptions, Quocirca uncovers the real hurdles to
technology adoption the personal and political aspects of an
organisations environment and the pressures of the need for
demonstrable business value in any implementation. This capability to
uncover and report back on the end-user perceptions in the market
enables Quocirca to provide advice on the realities of technology
adoption, not the promises.
Quocirca research is always pragmatic, business orientated and
conducted in the context of the bigger picture. ITC has the ability to transform businesses and the processes that
drive them, but often fails to do so. Quocircas mission is to help organisations improve their success rate in process
enablement through better levels of understanding and the adoption of the correct technologies at the correct
time.
Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC
products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of
long term investment trends, providing invaluable information for the whole of the ITC community.
Quocirca works with global and local providers of ITC products and services to help them deliver on the promise that
ITC holds for business. Quocircas clients include Oracle, IBM, CA, O2, T-Mobile, HP, Xerox, Ricoh and Symantec,
along with other large and medium sized vendors, service providers and more specialist firms.
Details of Quocircas work and the services it offers can be found at http://www.quocirca.com
Disclaimer:
This report has been written independently by Quocirca Ltd. During the preparation of this report, Quocirca may
have used a number of sources for the information and views provided. Although Quocirca has attempted wherever
possible to validate the information received from each vendor, Quocirca cannot be held responsible for any errors
in information received in this manner.
Although Quocirca has taken what steps it can to ensure that the information provided in this report is true and
reflects real market conditions, Quocirca cannot take any responsibility for the ultimate reliability of the details
presented. Therefore, Quocirca expressly disclaims all warranties and claims as to the validity of the data presented
here, including any and all consequential losses incurred by any organisation or individual taking any action based
on such data and advice.
All brand and product names are recognised and acknowledged as trademarks or service marks of their respective
holders.
REPORT NOTE:This report has been writtenindependently by Quocirca Ltdto provide an overview of theissues facing organisationswith regard to IAM.
The report draws on Quocircasresearch and knowledge of thetechnology and businessarenas, and provides advice onthe approach that organisationsshould take to create a moreeffective and efficient
environment for future growth.