Having a robust IAM infrastructure matters because organizations are constantly seeking ways to scale faster, be agiler and engage more effectively with their customers and partners. Per the rule of corporate chaos, we know that these objectives usually don’t happen in methodical fashion. Rather than having time to step back to define the architecture from a big-picture perspective, the typical stories that I hear about are IT teams subjected to a series of tactical projects driven by business owners with initiatives or priorities.
It’s this siloed, tactical approach to identity and access management that leads to so many “accidental architectures;” if an environment is hard to manage and secure you probably have an accidental architecture. These environments are rife with silos of functionality that makes integration of resources complex. Because accidental architectures are unable to provide a uniform way of controlling and delivering access, sooner or later your organization will run into “Access Fatigue,” meaning your business has come to a realization it’s time to be more strategic and invest in an Access Security Layer (ASL).
Network architects can think of the ASL as a derivative their traditional network security layer where key functions and services are modular while the administration is centralized. A well-designed ASL provides centralized Identity and Access Management functions to manage identities and accelerate application implementation. Some of you may have seen a Gartner report talking about this exact point called The Evolving Architecture of Modern Identity. Of course, the right approach is never to let your environment reach that level of identity and access control chaos.
As you can see from the diagram above, I’ve defined the Access Security Layer to offer three functional segments: authentication services, security gateway services, and identity services.
- Authentication services offer federation services for simple login. Modern applications, both internal and external, integrate with an identity provider to determine user identity and authentication. Advanced authentication services will allow for more sophisticated user verification including risk-based where the level of user verification matches the assessed risk.
- The security gateway acts as a proxy that can be a policy enforcement point and provides integration options to send data to applications. Additionally, the gateway can make multiple back-end applications appear like a single application to the end-user, which creates a better user experience. Finally, it serves as an additional layer of security.
- Identity services create, manages, and governs identities across the environment which is needed to automate business processes.
NetIQ offers mature and robust solutions that integrate all disparate applications into a single, centralized solution.
- With NetIQ Access Manager there is no need for additional authorization or authentication technology. IT simply has to plug into NetIQ Access Manager and all of that security and access control will be available to whatever application is being used.
- NetIQ Advanced Authentication adapts to organizations’ needs, giving them the freedom to use the applications that best fit their demands while providing the broadest platform coverage.
- NetIQ Identity Manager is a comprehensive solution for provisioning identities as well as