InterComms :: International Communications Project
  Intercomms Issue 19
Issue 19 Articles

Solvatio logoThe Cloud and its Implications in Identity and Access Management

By John Williamson, TM Forum

PDF icon Download article as PDF

Identity and Access Management (IAM) is a big business, getting bigger by the day. According to the market intelligence company International Data Corporation (IDC), the global IAM market was already worth $4 billion in 2010 and, according to technology research firm Gartner Inc., it could be worth $11.9 billion by the end of 2013.

It’s not difficult to understand why IAM is looming large in the security calculations of industry, enterprise, government and even private individuals. The short answer is, as borne out by a raft of research, that it is not being addressed properly by most organizations, despite the evident serious consequences of failure to do so.

Securing Access

The obvious starting point is the pervasiveness of ICT, electronic networking and the Internet in supporting and enabling the functioning of many aspects of modern life in many societies around the world. With that comes a greater need to be able to identify and authenticate individuals accessing systems and resources, exchanging information or performing transactions.

The consequences of unauthorized accidental, malicious or criminal access to networks and resources can include serious disruption of operations, damage to corporate reputation or brand, major financial loss and, in the worst-case scenarios, potentially catastrophic impairment to a nation’s ability to function normally.

Web-based cloud computing, in which software, applications and processing power are accessed and bought in on an as-needed subscription basis, is proving a big hit with government agencies and commercial enterprises of varying sizes. One often cited estimate, from Forrester Research, predicts a market worth over $241 billion in 2020, up from $40.7 billion in 2010.

In principle the cloud brings a number of benefits to users, including lower capital expenditure (CapEx) and operational expenditure (OpEx), shorter implementation timelines, open-ended system scalability, and ready access to specialist expertise and technology refresh.

Cloud Control

There are, however, non-trivial concerns about cloud security that stem from a weakening of the end-user organization’s control of access, the sharing of resources with other, sometimes unknown, parties, and the disconnect between in-house hardware and off-site applications. It’s worth noting, though, that public cloud computing has the potential to improve the general security posture and capabilities of some organizations. Smaller ones, in particular, can profit from access to better skill sets and more advanced technologies than their in-house provision might otherwise cost-justify.

In the context of IAM, the cloud is something of a mixed blessing.

On the one hand, the attraction for end-user organizations is that cloud-based IAM can save time and money, improve security and reduce risk. This can be achieved through:

  • lower CapEx and OpEx, equaling lower total cost of ownership (TCO);
  • shorter system implementation times;
  • transfer of responsibility for maintenance, support, trouble shooting and technology updates;
  • access to a wider pool of expertise, both technical and regulatory.

On the other hand, in the case of the public cloud and the shared community cloud, there’s the rider that access control is often now at one remove from the end-user organization. As a number of observers have pointed out, it’s unlikely that most businesses and other organizations would be willing or able to locate and operate access solutions at the cloud service provider’s premises.

As such the cloud presents IT departments with an access dilemma, acknowledges Centrify Corporation, a company whose identity and access management products are designed to enable organizations to control, secure and audit access to cross-platform systems and applications using Active Directory.

“Many organizations are facing a Catch-22 when it comes to migrating applications to the cloud. They get the biggest ROI by moving business-critical apps that need to scale rapidly and on-demand,” reasons David McNeely, Director of Project Management, Centrify. “But these are precisely the applications that need the tightest security and access controls.”

Cloud IAM

But Catch-22 or not, cloud-based IAM is set to grow in popularity if the findings of a recent survey by Courion are on the money. This survey canvassed more than 400 companies worldwide and found that 64 percent were using cloud-based applications to achieve cost and efficiency advantages. It also indicated a big opportunity for IAM vendors offering alternatives to traditional implementation methods.

More than 50 percent of respondents handled IAM manually and 70 percent identified benefits of IAM in the cloud as including: improved speed of business operations; usability; cost; and access risk management. Courion believes this suggests that companies that provide alternatives to overcome the long implementation cycles and high costs associated with traditional IAM deployments are positioned to make inroads into a growing market.

Additionally, with more than 80 percent of respondents allowing access via mobile devices, there was significant opportunity to improve IAM operations as enterprises become more open and potentially exposed to greater access risk.

Again, according to a Gartner estimate referenced by cloud security company Symplified, IAM as a service (IAMaas) will account for 20 percent of all new IAM sales by the end of 2012, compared with less than 5 percent in 2011.

But using improved and automated systems to reduce the risk of interference with operations, financial losses and damage to reputation isn’t the only consideration driving IAM up the agenda of IT, networking and communications communities. Implementing better IAM capabilities holds the promise of enhancing enterprise IT efficiencies and quality, lowering operational expenditure (OpEx), and increasing workforce productivity through wider but controlled access to systems, resources and data. In the case of being able to grant wider, managed access to outsiders, such as self-service customers, there’s the potential for enhanced customer relationships and satisfaction, and higher revenues.

This article is by John Williamson, independent writer and researcher for TM Forum, and is excerpted from TM Forum's Quick Insights Report, “Identity & access management; Driving the business case.” TM Forum research and publications help the communications and associated industries with every aspect of their on-going transformation and business evolution. TM Forum research and publications are available at no charge to TM Forum members. Non-members may purchase TM Forum’s research and publications through TM Forum’s website at

Solvatio logoFor information please visit:

Upcoming Events
Valid XHTML 1.0 Strict
Other publications by Intercomms: