Access management is critical to any effective identity and security strategy, but the complex nature of access management continues to challenge Information Technology (IT) departments. Securing access to a diverse set of applications, services and data is particularly complex given the expansive nature of Internet technologies. The emergence of cloud computing, mobile computing, and social identity technologies has only heightened the need for access controls, because these technology trends are transforming the way organizations access and expose business critical services and data.
As access management requirements have evolved, IT departments have often deployed a mix of point solutions, each of which met some critical requirement for application and information security. This patchwork of access management technologies has left IT with highly complex environments to manage, stretching IT resources and budgets and hindering the ability of IT to meet the needs of the business. With urgent demands for new IT services, departments in many organizations bypass IT altogether. The concept of “Shadow IT,” often associated with Software-as-a-Service, is causing major security and governance concerns for organizations.
Over the past 15 years, the market has produced a collection of point products for access management, which operate independently to fulfill specific access requirements for each protected domain or resource. However, such an independent approach is not viable to satisfy requirements for Enterprise Software Systems of the future, which are demanding increased interoperability to achieve a seamless experience. In many areas, this change is being driven by the advent of cloud and mobile computing, which has transformed the way organizations access and expose business-critical applications, services, and data. Additionally, pressure to leverage social identities is taxing traditional access management deployments and highlights the need for improvements in the art.