The evolution of Identity and Access Management

By Lucy Wright - December 04, 2020

Organisations are adopting cloud technologies at a rapid rate; not only because of the current pandemic but because its benefits are now so well recognised and far reaching.

Cloud solutions are a cost-effective way of leveraging the most current and powerful software and applications. Not only that, they also offer flexibility, scalability and reliability that traditional on-premise systems don't. 

But because cloud networks can be comprised of lots of separate components with a wide range of uses, and are often configured in different ways, new challenges around identity, governance and access management have emerged. As the cloud environment has evolved and expanded, identity and access management has also had to evolve to keep up. IDAM solutions have become more sophisticated, and sometimes complex, in response to the ever-changing security and identity landscape, and to keep networks and data safe. 

Identity has always been part of the IT landscape. In these early days of networking, every terminal had an address so that the right data packets could be sent to it. And until just a few years ago, most businesses deployed an on-premise IT infrastructure which could be effectively managed in-house. IT teams could keep track of which users were using which tools, along with new joiners and leavers that needed identities creating and offboarding, respectively.

As the number of people working remotely or on the go increased (and more user endpoints and devices needed to be secured), so did the risks and challenges around IDAM.

In the late 2010s, with digital environments and endpoints diversifying, a Zero Trust approach to IDAM became popular. The approach provided, and continues to provide, an additional layer of security and reassurance for enterprises concerned about the security of their network and data. But its emphasis on authenticating all user requests, no matter where they originate, can act as a barrier to productivity, as users need to satisfy numerous criteria before being able to access what they need. 

It quickly became clear that a rigid on-premise IT infrastructure which needed users to be on certain devices to log on to the network was not the most dynamic or flexible approach to IT. To ensure productivity isn't blocked, organisations have looked for more flexible methods of user authentication. Fast forward to 2020 and organisations today need to adopt the cloud to stay competitive; but they also need to reassess and redefine their IDAM strategy as part of their cloud adoption strategy.

Organisations which aren't fully operating in the cloud yet often use a combination of legacy on-premise systems and cloud solutions, which can further complicate IDAM. Adding even more complexity is the use of third-party vendor apps and solutions, which bring with them lots of benefits but also challenges. As digital environments become more diverse, user activity is becoming more difficult to monitor. IT teams can easily lose track of user privileges and how many user accounts are redundant and need offboarding; and the lack of visibility can leave networks vulnerable to malicious attacks. So, IT teams today are faced with the task of striking a fine balance between providing granular access to different applications, both in the cloud and on-premise, on a variety of endpoints (user and enterprise-owned), without hindering user productivity.

Enter biometrics. Biometric authentication, such as facial recognition technology and fingerprint ID, is becoming increasingly popular and replacing traditional passwords in a range of digital environments, from smartphones to home electronics to passport control.

AI (Artificial Intelligence) and ML (Machine Learning) are also being more widespread, with a growing number of organisations now leveraging these technologies as part of their IDAM strategy. Monitoring the network perimeter using AI means anomalies can be identified in real time and resolved almost immediately, enhancing the security of the network. ML can identify and analyse user trends and behaviour to spot unusual activity.

This is a potted history of the evolution of IDAM, but even on this whistle-stop tour of some of the defining moments of identity management over the last couple of decades, the evolution of IDAM in response to the changing working landscape is clear. But to make IDAM a success in your organisation, the solutions which are available need to be deployed within a clearly defined IDAM framework, with policies enforced and widespread user compliance.

Next steps

It's clear that today, a 'one size fits all' approach to IDAM doesn't work. The unique infrastructure of your organisation will have its own challenges and subsequent solutions that are most suited to addressing these.

Core's Identity Workshop is the ideal starting point for your organisation to redefine your IDAM strategy, using the powerful IDAM capabilities of Microsoft 365. 

Powered by Microsoft and delivered by Core experts, our workshop brings M365's identity and access management solutions to life, with demos and expert advice that puts you in control of IDAM in your organisation. Qualifying customers can have their workshop funded by Microsoft. 

Book your workshop today on the link below or contact us for more information.


subscribe to our blog 2

Sign Up for our Blog

We promise that we won't SPAM you.