banner

Thales Blog

The four steps to modernizing your IAM environment and moving to cloud-based access management

February 17, 2021

Danna Bethlehem Danna Bethlehem | Director, Product Marketing More About This Author >

Before the onset of COVID-19, enterprises already had Identity Access Management (IAM) controls in place for company stakeholders working remotely. Enterprises secured applications and digital assets through Single Sign On (SSO), Virtual Private Networks (VPN) or Web Access Management (WAM). But this architecture was designed for only a small number of employees to work outside of company headquarters — with limited access to applications beyond the on-premises network perimeter.

However, the pandemic forced enterprises to adapt quickly as most of the workforce shifted to working at home. This posed new challenges for IT teams and CIOs who hadn’t planned on such a massive change.

Migrating Legacy IAM system challenges

Security concerns are not to be taken lightly. Cyber attacks are more frequent and sophisticated. The 2020 Verizon Data Breach Investigations Report reported that web application attacks doubled to 43%, attacking cloud-based data. The same report attributed over 80% of breaches being caused, in part, by lost or stolen credentials.

With the increase of cloud-based applications and distributed computing models, legacy IAM is no longer efficient. Directing cloud access traffic through an on-prem solution overloads the network and slows overall traffic. Relying on a VPN or WAM for cloud access can increase the risk of lockout if the VPN stops working. What’s more, privileged user management would need to be stepped up.

Best practices for migrating IAM management tools

Switching or migrating to a cloud-based access management solution is inevitable for organizations that want to adjust to, and secure modern IT environmentsEnterprises can institute the following best practices to make the migration from legacy IAM to a cloud-based solution seamless and cost-effective:

Leverage MFA Methods

By using a wide variety of Multifactor authentication (MFA) methods, enterprises can maintain their investment in existing methods, rather than ripping and replacing. These can include authentication standards such as RADIUS, OpenID and SAML — all delivered from the cloud. Enterprises can also support passwordless authentication methods via FIDO or certificate-based authentication.

Employ Zero Trust Security

Businesses need to assume that nobody is trusted. Assessing and validating identities at the login point for each application will allow for distributed access decisions per application, per policy and per access scenario.

To be able to provide an agile and granular approach to user authentication, the IAM solution should provide adaptive approaches. Policies should request step-up authentication as the risk increases based on contextual data gathered by the user’s device sensors. This can include network ranges, operating systems, user collections and geolocations.

Implement Access Management as a Service

Enterprises using cloud-based access management and authentication can benefit from cloud efficiencies and modern access management technologies. Cloud-based access management protects cloud-based applications at the access point. Delivered from the cloud, access management and authentication as a service is easy to deploy and accelerates time to live, as well as return on investment.

Cloud-based SSO

As opposed to on-premises SSO, cloud-based single sign on offers a frictionless logon experience without sacrificing security. Enterprises can leverage cloud-based smart SSO combined with contextual information and step-up authentication.

4 Steps for Migrating from legacy IAM solutions to cloud-based access management

Enterprises can migrate from legacy IAM solutions to a cloud-based access management solution such as SafeNet Trusted Access. Not all enterprises can move their apps all at once. Therefore, taking a phased approach can match the needs of specific groups within your organization. Here are four specific steps organizations can take:

Step 1: Take inventory

Map out all on-premises and cloud services so that you can gain better visibility on what to protect.

Step 2: Map out control

Determine the sensitivity of each app and identify the type of users who typically access these apps. For example, are they privileged, C-suite or regular?

Step 3: Identify authentication and access control

Which cloud apps do users access via a VPN, WAM or on-premises SSO? As legacy apps might not support modern federation protocols, you might need to leverage agents or gateways to support legacy apps.

Step 4: Prioritize apps and user controls

Which apps and user groups should be implemented first? By enabling direct access to cloud services through a cloud-based AM solution such as SafeNet Trusted Access for most of your users, you will be able to immediately reduce traffic on your network and secure these services at the access point.

By adhering to these four steps, you’ll be able to set up your cloud-based service.

SaaS access management is here to stay

The onset of the pandemic required enterprises to move quickly in setting up secure and convenient remote access management. However, SaaS access management is here to stay. According to Gartner, 74% of enterprises plan to permanently move to working remotely even past the COVID-19 crisis.

Consequently, enterprises can embrace a flexible and secure cloud-based access management platform. To learn more about how to migrate your legacy IAM infrastructure effectively without compromising on security, IT and user convenience, download our “Migrating from legacy IAM to modern Access Management: Guidelines and Best Practice” white paper.