With increasingly regular news of commercial hacking and data breaches, there is no doubt that information security is now a top boardroom priority. This, coupled with the potential negative financial and reputational impact of regulatory non-compliance, has created greater scrutiny around the security of sensitive data and how it is accessed. As a result, businesses are now investing heavily in digital identity solutions on both the B2B and B2C side – and simple use cases like single sign-on (SSO) have become a crucial first step in the digital identity transformation process.
By deploying SSO, or simple identity management features such as password policy enforcement or self-service password reset portals, companies are not only able to increase security and improve user experience, but also cut costs across the business. For example, according to Forrester, a single manual password reset costs over £50 each time – an issue that can be dramatically reduced by using digital identity tools like SSO. Yet when it comes to implementing these, in-house developers often find they lack the time and resource to integrate identity features into apps quickly and securely enough.
With that in mind, more companies are turning to Identity-as-a-Service (IDaaS) solutions: cloud-based authentication and identity management software that is delivered through a third party. Put simply, IDaaS enables developers to bring their apps to market quicker and more securely, while simultaneously allowing them to spend more time on innovation – rather than reinventing the wheel each time on creating identity functionality.
Prioritising time to push boundaries in app design and user experience is crucial, as these are the core elements that maximise its chance of success in market. This explains why IDaaS is rapidly on the rise, with Gartner recently predicting that it will be the chosen delivery model for more than 80 per cent of new access management purchases globally by 2022.
API-based IDaaS: plugged-in expertise
A core benefit of the latest IDaaS offerings is that they are API-first. Third party APIs essentially provide on-demand expertise that would otherwise require resource-heavy in-house development.
Traditionally, organisations would build identity management functionality internally, or take a more risk-averse approach by making use of existing technology stacks. However, while software stacks are highly effective for more sophisticated and larger scale identity use cases, cloud-based IDaaS is ideal for common implementations, like SSO, which require fast integration and standardised feature sets.
It can take a long time and a diverse set of skills to gain experience in niche areas that are driven by standards, such as identity. Building an identity management solution requires the consideration of several complex areas, including an in-depth understanding of identity standards like OpenID Connect and infosec policies around delegation of authority and password management.
However, by leveraging APIs, organisations are essentially ‘plugging-in’ standards-based, customisable functionality to their existing technology, with a wealth of knowledge and experience already built in. Consequently, APIs save developers a significant amount of time and allow them to focus on creating the company’s “special sauce”.
Bridging between developer and security teams
With developers being increasingly briefed to build revenue-generating apps to incessantly shorter deadlines, a solution that allows them to get on with their jobs and create high quality and secure output is vital. In an era of rapid innovation and security pressures, IDaaS not only enables developers to integrate identity solutions into those apps securely and quickly, but also, importantly, frees up the time for them to focus on key business competencies.
As customers engage with an app, protecting and managing their ID data is of utmost importance, so executing identity management successfully is key. If this process is not managed carefully and accurately, it can lead to data breaches, GDPR fines and a loss of trust from customers. When it comes to getting an app to market, tension can arise between the development team that is focused on user experience and building new functionality and the security team that is responsible for ensuring the final product is secure and safe to use.
In high-pressure environments, security considerations are often deprioritised by developers, which means that when the app enters the security review process, it can often be held up by security teams for extended periods of time. During this process, they identify weaknesses that, if exploited, could potentially lead to hackers accessing important customer data. However, this could be avoided if the two teams collaborated on objectives from the beginning of the project.
With developers always looking for simple use cases, and with an ever upwards trend of SaaS adoption, IDaaS can provide a streamlined security route by delivering on-demand identity expertise. As a result, these solutions can do a lot to alleviate internal friction and ultimately bridge the gap between developers and security teams.
For companies looking to manage access securely, while at the same time providing it in the most user friendly way possible, IDaaS is the ideal solution, as it delivers such cloud-based Identity and Access Management. What’s more, it also helps developers marry their application development and time-to-market objectives with robust, proven embedded security.
Simon Wood, CEO, Ubisecure