{"id":394,"date":"2014-12-01T19:50:48","date_gmt":"2014-12-01T19:50:48","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=394"},"modified":"2014-12-01T19:50:48","modified_gmt":"2014-12-01T19:50:48","slug":"five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/","title":{"rendered":"Five Ways to Make Identity Management Work Best Across Hybrid Computing Environments"},"content":{"rendered":"<p><a href=\"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/12\/Five-Ways-to-Make-Identity-Management-Work-Best-Across-Hybrid-Computing-Environments.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/12\/Five-Ways-to-Make-Identity-Management-Work-Best-Across-Hybrid-Computing-Environments-150x150.jpg\" alt=\"Five Ways to Make Identity Management Work Best Across Hybrid Computing Environments\" width=\"150\" height=\"150\" class=\"alignleft size-thumbnail wp-image-396\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/12\/Five-Ways-to-Make-Identity-Management-Work-Best-Across-Hybrid-Computing-Environments-150x150.jpg 150w, https:\/\/solutionsreview.com\/identity-management\/files\/2014\/12\/Five-Ways-to-Make-Identity-Management-Work-Best-Across-Hybrid-Computing-Environments-60x60.png 60w, https:\/\/solutionsreview.com\/identity-management\/files\/2014\/12\/Five-Ways-to-Make-Identity-Management-Work-Best-Across-Hybrid-Computing-Environments-70x70.png 70w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/><\/a>Dana Gardner, Principal Analyst at Interarbor Solutions, has an article out at IT-Director.com about how to make Identity and Access Management work in hybrid computing environments, where you have SaaS, cloud, managed hosting, and on-premises systems coexisting within a single IT framework. Gardner interviewed Darran Rolls, CTO of SailPoint Technologies in order to tease out 5 principles for hybrid computing environment IAM. The interview appears lengthy, and rather than regurgitate it in different form, I&#8217;ve boiled down what the 5 principles are and added some description based on the article.<\/p>\n<p>1. Focus on People, not the Account<\/p>\n<p>Here is Rolls&#8217; take on this principle:<\/p>\n<blockquote><p>Identities are people, not accounts in an on-line system. And something we learned early in the evolution of IAM was that in order to gain control, you have to understand the relationships between people\u2014identities, and their accounts, and between those accounts and the entitlements and data they give access, too.<\/p>\n<p>So this tenet really sits at the heart of the IAM value proposition\u2014it&#8217;s all about understanding who has access to what, and what it really means to have that access. By focusing on the identity\u2014and capturing all of the relationships it has to accounts, to systems, and to data\u2014that helps map out the user security landscape and get a complete picture of how things are configured.<\/p><\/blockquote>\n<p>As Gardner later adds, this means having visibility into the people, and increasingly machines, that own the accounts requesting access. This naturally flows into principle 2.<\/p>\n<p>2. Visibility is King, and Silos are Bad.<\/p>\n<p>Roll&#8217;s:<\/p>\n<blockquote><p>The first part is the idea that visibility is king, and this comes from the realization that you have to be able to capture, model, and visualize identity data before you have any chance of managing it. It\u2019s like the old saying that you can\u2019t manage what you can\u2019t measure.<\/p>\n<p>The second part is around the idea that silos of identity management can be really, really bad. A silo here is a standalone IAM application or what one might think of as a domain-specific IAM solution. These are things like an IDaaS offering that only does cloud apps or an Active Directory-only management solution, basically any IAM tool that creates a silo of process and data. This isolation goes against the idea of visibility and control that we just covered in the first tenant.<\/p><\/blockquote>\n<p>The main issue with silos can be boiled down further: &#8220;You can\u2019t see the data if its hidden in a siloed system.&#8221;<\/p>\n<p>3. Manage the complete lifecycles of both identities and every account an identity has access to.<\/p>\n<p>Rolls identifies Joiners, Movers and Leavers, or JMLs, people with identities and accounts whose just-described activities can create the sort of back doors and gaps that create trouble, according to Rolls:<\/p>\n<blockquote><p>As you might expect, when gaps appear in that JML lifecycle, really bad things start to happen. Users don\u2019t get the system access they need to get their jobs done, the wrong people get access to the wrong data and critical things get left behind when people leave.<\/p><\/blockquote>\n<p>Add in temporary workers and the need to be able to quickly and accurately grant and remove access becomes apparent.<\/p>\n<p>4. Consistency for all users, devices, and access to applications.<\/p>\n<p>Rolls:<\/p>\n<blockquote><p>Consistency here means that you get the same basic user experience, and I use the term user experience here very deliberately, and the same level of identity service, wherever you are. It has become very, very important, particularly as we have introduced a variety of incoming devices, that we keep our IAM services consistent.<\/p><\/blockquote>\n<p>Gardner adds and Rolls agrees that consistency has to be &#8220;implemented and enforced&#8221; from your back end infrastructure and not on devices, because devices change too frequently.\u00a0 The back end should include your cloud and SaaS systems in addition to your on-premises systems.<\/p>\n<p>5. The end-user experience is everything in IAM.<\/p>\n<p>Users today expect seamless access. Additionally, they &#8220;also expect identity management services, like password management, access request, and provisioning to be integrated, intuitive, and easy to use,&#8221; according to Rolls. Self service is one way to go about this, so long as the user interface and experience is &#8220;consistent, seamless, intuitive, and just easy to deal with.&#8221;<\/p>\n<p>However you go about creating an excellent user experience, the end goal is user buy in. Otherwise, users will &#8220;opt out&#8221; and try to find easier ways to do things that circumvent your security set up and leave you vulnerable.<\/p>\n<p>Rolls&#8217; company, Sailpoint, is a leading provider of IAM solutions and is included in Solutions Review&#8217;s Solutions Directory as well as our Buyers Guide, which you can find <a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\">here<\/a>.<\/p>\n<p>For Dana Gardner&#8217;s piece and his full interview with Darran Rolls at IT-Director.com, click <a href=\"https:\/\/www.it-director.com\/enterprise\/technology\/content.php?cid=15013\" target=\"_blank\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dana Gardner, Principal Analyst at Interarbor Solutions, has an article out at IT-Director.com about how to make Identity and Access Management work in hybrid computing environments, where you have SaaS, cloud, managed hosting, and on-premises systems coexisting within a single IT framework. Gardner interviewed Darran Rolls, CTO of SailPoint Technologies in order to tease out [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":396,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>5 Ways to Make IAM Work Best Across Hybrid Computing Environments<\/title>\n<meta name=\"description\" content=\"5 best practices and principles for making IAM work in complicated business and technology environments by SailPoint Chief Technology Officer Darran Rolls.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Doug Atkinson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/\",\"name\":\"5 Ways to Make IAM Work Best Across Hybrid Computing Environments\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/12\/Five-Ways-to-Make-Identity-Management-Work-Best-Across-Hybrid-Computing-Environments.jpg\",\"datePublished\":\"2014-12-01T19:50:48+00:00\",\"dateModified\":\"2014-12-01T19:50:48+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae\"},\"description\":\"5 best practices and principles for making IAM work in complicated business and technology environments by SailPoint Chief Technology Officer Darran Rolls.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/12\/Five-Ways-to-Make-Identity-Management-Work-Best-Across-Hybrid-Computing-Environments.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/12\/Five-Ways-to-Make-Identity-Management-Work-Best-Across-Hybrid-Computing-Environments.jpg\",\"width\":600,\"height\":270,\"caption\":\"Five Ways to Make Identity Management Work Best Across Hybrid Computing Environments\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Five Ways to Make Identity Management Work Best Across Hybrid Computing Environments\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae\",\"name\":\"Doug Atkinson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=mm&r=g\",\"caption\":\"Doug Atkinson\"},\"description\":\"An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.\",\"sameAs\":[\"https:\/\/solutionsreview.com\"],\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/doug-atkinson-4\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"5 Ways to Make IAM Work Best Across Hybrid Computing Environments","description":"5 best practices and principles for making IAM work in complicated business and technology environments by SailPoint Chief Technology Officer Darran Rolls.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/","twitter_misc":{"Written by":"Doug Atkinson","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/","url":"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/","name":"5 Ways to Make IAM Work Best Across Hybrid Computing Environments","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/12\/Five-Ways-to-Make-Identity-Management-Work-Best-Across-Hybrid-Computing-Environments.jpg","datePublished":"2014-12-01T19:50:48+00:00","dateModified":"2014-12-01T19:50:48+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae"},"description":"5 best practices and principles for making IAM work in complicated business and technology environments by SailPoint Chief Technology Officer Darran Rolls.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/12\/Five-Ways-to-Make-Identity-Management-Work-Best-Across-Hybrid-Computing-Environments.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/12\/Five-Ways-to-Make-Identity-Management-Work-Best-Across-Hybrid-Computing-Environments.jpg","width":600,"height":270,"caption":"Five Ways to Make Identity Management Work Best Across Hybrid Computing Environments"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/five-ways-to-make-identity-management-work-best-across-hybrid-computing-environments\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Five Ways to Make Identity Management Work Best Across Hybrid Computing Environments"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae","name":"Doug Atkinson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=mm&r=g","caption":"Doug Atkinson"},"description":"An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.","sameAs":["https:\/\/solutionsreview.com"],"url":"https:\/\/solutionsreview.com\/identity-management\/author\/doug-atkinson-4\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/394"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=394"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/394\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/396"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=394"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=394"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=394"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}