In the new world of cloud based Identity Management traditional IdM concepts are being left behind for simplicity.

1. Drew Koenig
Drew.koenig@icloud.com
www.binaryblogger.com
@BinaryBlogger

2. Identity Lifecycle Management
The concept encompasses the processes and technologies
required for provisioning, de-provisioning, managing and
synchronizing digital IDs, as well as features that support
compliance with government regulations.
Technologies that fall under the ID lifecycle-management
rubric include tools for security principal creation, attribute
management, identity synchronization, aggregation and
deletion.

3. Evolution of Identity
Employees
Perimeter
Partners
Federation
Consumers
Perimeter-less
Cloud/SaaS
Things
Mobile
Relationships
Attributes, context, stateless
IdMAsAn API
IDaaS
“Legacy” IdM
Customer Relationship Mgmt. Identity Relationship Mgmt.

4. • The concept of Identity Management is being tagged to solutions that in the
legacy, distributed models would never get away withIf the business focus is on
governance workflows around provisioning you are going to look for a different
set of IdM tools than if you are looking for authenticating (SSO) between
partners.
• Technically those scenarios fall under Identity Management
• “Cloud” has become the most dangerous and expensive word in IT. The worst
brochure buzzword ever created.
• The visually impressive, easy to demo concepts has oversimplified IAM,
information security and compliance in the eyes and minds of the decision
making leaderships… who tend to not be technical.
• IDaaS is the marketing buzzword of the Cloud Revolution. Can they call
themselves an Identity Management solution?
• Gartner feels it’s different enough to create a new Quadrant for IDaaS from IdM, why?
Blurred Lines = Confusion

5. • IDaaS models are more focused on expanded federation and federating
identities than traditional IdM.
• Some IDaaS services market themselves around integration with legacy IdM
systems.
• Most IDaaS solutions only create but are missing the rest of what we
need from provisioning systems.
• IDaaS with authentication capabilities?
• AUTHaaS with identity management capabilities?
• Which makes more sense when the same story is told from two angles?
IDaaS – IdM or SSO?

6. • IDaaS, like Federation, and other access management solutions,
compliment your overall Identity Lifecycle, not necessarily drive it nor are
they currently a one stop shop for compliance.
• Anything can create an account, few things can do it properly (per your
rules) and meet audit and compliance requirements.
• Governance is not addressed fully in IDaaS.
• If IDaaS is part of your solution, you will need to find other solutions to fill
in the governance gaps.
• In theory you can have a 100% cloud IDaaS solution however the reality is
there is always going to be a need for extensions from IDaaS into your
perimeters.
• The more applications you service on premise, the less likely they will all be moving
to a SaaS model either because of usage, cost to move, or ability to move.
• Make sure it makes sense to your business requirements.
Distinction between IdM and IDaaS

7. • IdM is the core IT security problem and solution of the future.
• Employees and Partners
• Consumers
• Things
• Systems
• BYOD
• BYOC
• BYOId
• Cloud expansion to the Internet Of AllThings which is not about quantity but about
interoperability and interconnectivity between all things.
• Who is everybody, how can I prove it?
• On premise – Identity Provider, provisioning, identity warehouse, proprietary governance
roles and rules
• Cloud – IDaaS, Access Management, Service Providers
• Listen to the messaging carefully, explore the capabilities and remember that IdM is a
business function as well as an IT and Info. Sec capability.
Best Of BothWorlds