SaaS IAM: Addressing Availability and Access Challenges
Prepared by
Edward Amoroso
Chief Executive Officer, TAG Infosphere, Inc.
Research Professor, NYU
Introduction To SaaS Based IAM
Modern enterprise teams must address the challenge of ensuring high availability and dependable access to resources in the context of their deployments of SaaS-based identity and access management (IAM). Commercial vendor Acsense is shown to provide effective commercial support for these important functional requirements.
Understanding the Shift to SaaS IAM
Many modern enterprise organizations are shifting their identity and access management (IAM) platforms to more SaaS-based deployments. Popular SaaS-based IAM platforms such as Okta, for example, offer many benefits, including high scalability, cost-effectiveness, and ease of use across different cloud services. They are also important in the context of the transition to zero trust architectures from traditional perimeters.
Benefits and Challenges of SaaS IAM
SaaS-based IAM platform solutions do introduce a number of technical and operations challenges, however. Among these include the important obligation to ensure continued operation and access to resources for all users if the SaaS-based IAM should experience operational issues such as a failure or outage. This article will discuss the importance of addressing this challenge for SaaS-based IAM solutions.
As will be shown, the solution from Acsense is well-suited to ensuring SaaS IAM resilience. The platform handles availability and access needs for well-known platforms such as Okta and is currently being deployed across a variety of organizations of different sizes and scopes. This is promising because SaaS-based IAM is now part of the infrastructure supporting most enterprise networks. This implies that enterprise resilience depends on SaaS IAM resilience.
The Importance of Availability in SaaS IAM
The level of availability for any platform, including SaaS-based IAM, can be measured in the context of the well-known shared responsibility model (SRM), made popular by the Cloud Security Alliance. The SRM explains that the availability of any applications and workloads that reside in modern public cloud hosted infrastructure is dependent on two types of underlying operational support:
- Vendor Support – This involves the work required to ensure that the underlying infrastructure operates as expected. Vendor support for infrastructure is one of the main value propositions for any public cloud service or SaaS-based application.
- Customer Support – This involves the more application, user, or data-specific work that is the responsibility of the customer. This model is evident in any public cloud or SaaS ecosystem where the customer owns how the infrastructure is used
Defining Saas IAM Availability Standards
Availability, in the context of SaaS IAM, refers generally to the ability of the service to be accessible and functional. The objective for most SaaS IAM solutions will be enterprise-grade, but increasingly, companies are so dependent on the availability of these services, that carrier grade availability might be required. Traditional carriers have always targeted so-called “five-9’s” of availability (i.e., less than six minutes downtime per year).The bottom line is that IAM service availability gaps are likely to exist between the carrier-grade requirements of customers and the enterprise-grade operation of vendors such as Okta. This is where solutions such as from Acsense are so important because they provide a safety net for enterprise customers of SaaS-based IAM solutions in the event of an outage, breakdown, or even disaster.
Maintaining Access in SaaS IAM Solutions
It is important to note that the availability objective is so critical because IAM solutions ensure that employees and other stakeholders have access to the systems and other resources necessary to accomplish their job. The overall mission of an organization can be brought into question if the IAM system is down, so IAM resilience emerges not just as a security requirement, but as a critical business concern.
It is worth mentioning that not all IAM outages will be service availability related. For example, user access issues emerge when an employee loses a multifactor device, or if some access issue emerges with a misconfigured policy by security administrators. Also, malicious threats to IAM are increasingly common as adversaries recognize the high value of attacking these systems.
Addressing SaaS IAM Resilience
Enterprise teams have good options to ensure improved resilience for their SaaS-based IAM deployment. Obviously, selecting a good IAM provider goes without saying, and most enterprise teams tend to work with major vendors such as Okta to support their IAM functional requirements. There are several actions enterprise teams can also take to improve their resilience in this area:
1. Establish IAM Policy and Governance – The best approach to ensuring high availability and high access for deployed SaaS-based IAM systems will involve establishment of corporate policies that are integrated with the overall organizational mission. This should be curated by governance from teams that include executives with the ability to drive decision making and action.
2. Ensure Proper IAM Resourcing – It should go without saying that enterprise teams are wise to ensure proper resourcing, including funding, to support this vital aspect of the enterprise security ecosystem. If resources are skimped during the planning and deployment stages, then the response costs after an outage or disaster will be much higher.
3. Select a World-Class IAM Resilience Partner – This is an important step, and we believe that Acsense represents an effective partner to ensure high availability and continued access for enterprise teams who have deployed a SaaS-based IAM solution such as from Okta. The Acsense solution works by providing a safety net for cloud-based and SaaS-based IAM to ensure rapid recovery from threats, misconfigurations, and the other types of issues discussed above. The company’s backup and recovery solution should be viewed as an essential component of any IAM deployment.
Ultimately, enterprise teams must recognize that their IAM system is now an essential component of their overall business infrastructure. As such, to achieve business reliance, teams must ensure IAM resilience – and the TAG team recommends that Acsense is a good option to achieve high levels of availability, access, and resilience for SaaS-based IAM, including from vendors such as Okta.
As always, enterprise teams requiring additional assistance in their source selection tasks should contact the TAG research and advisory team. Guidance can be provided in the areas listed above as well as other aspects of cybersecurity and related adjacent disciplines such as artificial intelligence.
About TAG
TAG is a trusted next generation research and advisory company that utilizes an AI-powered SaaS platform to provide on demand insights, guidance, and recommendations to enterprise teams, government agencies, and commercial vendors in cybersecurity, artificial intelligence, and climate science.
