Q&A: The importance of Identity and Access Management

As companies become distributed and employees want to work from anywhere, Identity and Access Management (IAM) is critical to security and efficiency.

OneLogin was one of the first companies to deliver IAM solutions in the cloud, and works with large brands such as Condé Nast, Pinterest, and Steelcase to manage and secure millions of identities around the world.

We caught up with David Meyer, VP of Product at OneLogin, to discuss OneLogin Desktop, its industry first Mac and Windows product launching at RSA Conference. We also asked David about why companies need IAM and how enterprises are adopting the cloud.

Why do companies need Identity and Access Management (IAM)?

Companies need to move faster and more seamlessly than ever before. That means providing partners, employers, and clients with immediate, secure access to what they need, when they need it, wherever they need it. Identity and Access Management (IAM) enables them to do just that, granting IT total control, security, and compliance without friction.

IAM enables the access of multiple applications on devices, from anywhere, in the cloud or not, with a single cloud-based management system. The minute you begin your job, you already have access to all of your apps, and the minute you leave the company, they all go poof. So the business gets the speed they need, but the company maintains its integrity.

What are some of the options for IT buyers on the IAM Market?

Traditional identity options installed on-premise are expensive and time-consuming. Some companies choose to build their own using open-source tools, and then realise how complex the problem really is. DIY solutions usually fail.

Now there is a new option — to run it all in the cloud using tools like OneLogin. This way you can set up your key applications in a matter of hours. If you use cloud apps (hint: we all do), you should base your identity foundation in the cloud as well. It’s a natural fit.

What are some common downfalls in traditional IAM?

There are a few common downfalls we often see.

One is proprietary software that gets you locked into vendor-specific implementations and makes it nearly impossible to switch. Another is taking up developer and IT implementation time and the high costs associated with rolling out unnecessarily complex solutions. There’s also a lack of redundancy and scalability that hinders productivity and creates a lot of risk for data loss or a security breach.

Projects often fail because the tool doesn’t cover the whole application, and employees have an inconsistent experience that creates frustration and inefficiency. Some examples are when employees have to set up an app login more than once, the login solution doesn’t work for every use case in the app, or it’s difficult for the employee to get set up externally when working from home or while traveling. The problem escalates when users are forced to work around IT (Shadow IT, when they set up their own systems that IT won't provide), creating risk and security issues.

What should companies consider when choosing an IAM solution that fits their needs?

A growing list of companies are offering identity solutions today, but many have a hidden agenda. Their solution may be lock-in (proprietary), lock-out (closed to other vendors) or it may control the account, which makes you vulnerable and helpless when anything goes wrong.

Identity needs to connect everything you have, so it needs to be fully heterogenous and standards-based. You might want to log-in using Facebook to access Google Apps. Or log-in via Google to access Office 365. An open, no-bias identity provider is motivated to make that happen, not a stack player.

Another important qualifier is a history of innovation. Identity and Access Management is a market that changes so fast that you have to buy into the solution you think will change with the times in order to protect your financial investment and the day-to-day experience for your employees.

Can you discuss the difference between the legacy approach vs hybrid approach vs cloud approach?

A legacy approach is traditional on-premise software that is bought and installed. It is familiar, and an older architecture that runs in the customer’s data center. This slows you down and requires hefty costs for achieving things like high availability.

A cloud approach means you are relying solely on cloud solutions, so you don’t need to install anything. This may work for a young company with few employees such as a small consulting firm with all remote workers, but that’s an unusual breed, and this kind of solution doesn’t meet the needs of most companies.

A hybrid approach means cloud solutions that extend to on-premise locations where required, such as existing on-premise apps that have not yet migrated to the cloud, or hardware integration such as Wi-Fi in the office. This provides the best of both worlds: fostering growth and adopting the speed of the cloud e.g. for app integration, cloud scalability, and high availability which is typically more than most companies are able to accomplish on their own, while keeping existing investments in legacy and slowly migrating them to the cloud.

What are some of the trends you see in the IAM market that is guiding your product roadmap?

There are several major trends we see driving the IAM market in 2016.

First, organisations need to roll out cloud app access very fast and in more complex organisations.

There’s also a critical need for hybrid deployments. Companies that were not born in the cloud often need to adopt a flexible cloud solution without risking their existing investments, so that they can migrate gradually to the cloud at their own pace. Often the use case is complex, involving legacy on-premise web apps and multiple on-premise directories that are difficult to unify.

Another big priority for IAM this year is mobile and IoT, and the need to extend Identity-as-a-Service (IDaaS) to the device. People are increasingly reliant on their mobile devices and using them to work remotely. The ability to quickly and securely access cloud applications from one’s smartphone or tablet is a must. This transcends the dated security models of on-premise-only access, and drives IT organisations to better control access from mobile devices — things that require the most robust security given that they are easily lost or stolen.

Who is OneLogin? Please provide background. What is being announced?

OneLogin was one of the first cloud-based IAM players, and we’ve been around since 2010. Our mission is to secure connections across all users, all devices, and every application, helping enterprises drive integrity and operational velocity across their entire app portfolios.

We have more than 1400 enterprise customers in 44 countries including Condé Nast, Pinterest, and Steelcase.

We recently announced OneLogin Desktop, which is the industry’s first cloud-based replacement for on-premise Active Directory and LDAP directories. Desktop Login makes it easier than ever for employees to use a unified login for Mac and Windows devices.

OneLogin is devoted to serving companies that were born in the cloud, as well as those that are migrating to the cloud. These enterprises increasingly find that an on-premise directory grossly overcomplicates their IT infrastructure. Firewalls, VPNs, redundancy, security patching, add-ons, and backups of the directory are a major headache in contrast to the ease-of-use they have gotten used to with cloud applications. OneLogin Desktop was developed in light of the demand for an easy, cloud-based option.

Are there are products like this on the market? For Mac? For PC? How is OneLogin different or better?

A number of companies have tried to create a product like this, but none of them have been able to fully extricate the cumbersome nature of Active Directory into a native cloud solution. That’s what we’ve created with OneLogin desktop. It’s important because employees want a consumer-centric experience. They want work to be as easy to manage as their personal apps and mobile devices. As I mentioned earlier, it’s a big trend for 2016 that IAM companies need to address. That’s our vision: to create a frictionless environment where businesses are protected, and employees can bring their best selves to work without worrying about a complex identity process.

David Meyer, VP of Product at OneLogin