I just returned from the Gartner IAM Summit in Vegas. As usual, good content, smart and engaged attendees all packed into a godawful hotel.
But I digress. What really impressed me at the event is how easily lessons are forgotten. Recall, IAM is all about eliminating silos and managing all identities, entitlements and credentials together. That seems like common sense, no?
Apparently not. As soon as you say the magical word “cloud” you can forget these lessons and reintroduce new silos. For example, I learned that Microsoft has added a (preview) feature for privileged access management on Azure. I was also reminded that Okta, mainly a vendor with federated SSO to SaaS apps (good!) delivered itself as SaaS (cool!) offers IAM capabilities to create/delete accounts on SaaS apps, but
The lesson is pretty simple: you should have a single IAM system to create/manage/delete accounts, entitlements and credentials everywhere, not just on-premise and not just SaaS. Creating new silos is silly – there is no technical reason for such constraints. What’s the user experience supposed to be? Go here to manage these accounts and go there to manage those? “Here” and “there” being collections of apps identified by where they happen to be hosted? That’s not exactly a great approach to usability.
So remember folks: if something made sense before the “cloud” it makes sense when you move some of your compute workloads to someone else’s servers.