Question

identify 'as a service' business

which "as a service" type stands out as the most prolific? Why do tou think this is so?

Answer 1

• IDaaS covers a range of identity management capabilities, and typically includes essential, standardised features like simple customer registration / login screens, Multi-factor Authentication (MFA), Single Sign-On (SSO) , and self-service user account management.

• It can also make it much simpler to support existing digital identities from third party Identity Providers (IdPs) like Banks, national IDs, service providers like Google, Facebook, LinkedIn, and identities that exist in enterprise directories.

Identity-as-a-Service is a cloud-based, managed service, meaning that an organisation employing SaaS IAM would not need to worry about managing deployment, security, configuration and maintenance in-house. Maintaining inhouse IAM is costly – there are hardware, network, development and expensive expertise costs to consider.

Why would Any business need IDaaS

Safeguard against data breaches

• The vital function of Identity-as-a-Service is to better secure and use identity data and identity credentials, and to secure system access to privileged users only. This includes both internal and external users – like customers, partners and contractors.

• Most breaches occur due to the theft and unauthorised use of identity credentials or weak access control workflows. Identity-as-a-Service helps strengthen the ‘identity as the perimeter’ concept by enforcing policies about credential management and introducing stronger levels of authentication when circumstances demand them.

• Data privacy has recently been (and will remain) a much-discussed topic, with data breaches making news headlines every day. Data breach scandals damage an organisation’s reputation, no matter what size, driving away business – not to mention huge regulatory fines (such as those as a result of GDPR non-compliance).

• IDaaS secures systems by ensuring users are who they claim to be (e.g. with MFA), alongside streamlined management of access to avoid unnecessary risk (e.g. SSO).
  
  Compliance with regulation

• it’s not just breaches that constitute regulatory non-compliance.

• Organisations must ensure that they are transparent about their data practices and give users control over their own data – again, made possible with SaaS IAM through features such as self-service account management.

  User Experience

• The benefits of IDaaS do not only represent cybersecurity team priorities – they also cover usability and customer experience priorities, which could fall under many departments’ jurisdiction – such as marketing.

  For example, it can be leveraged to create the easiest registration processes for customer facing applications on the market – a crucial point in converting visitors to customers – giving users intuitive sign-up and authentication options, such as support for existing digital identities (social, enterprise, federated, national etc.). Identity provider options will vary between SaaS IAM solutions.

  Once a customer is registered, having them hop between connected applications using the same identity is then possible using Single Sign-On, another core IAM capability.

  Expertise on demand

• IAM is a complex subject matter, built on many standards (i.e. OpenID Connect, SAML, OAuth, WS-Federation). Plus, the standards and their implementations are constantly evolving. This represents considerable cost to the organisation trying to keep up.

• Embedding IAM capabilities into your application with SaaS IAM means your developers don’t have to reinvent the wheel doing what the IAM provider has already successfully achieved for many customers; they can just plug-in all the necessary pre-existing expertise via APIs.

• This dramatically reduces time and money spent on in-house development, and the risk of it going wrong.

• It is this ‘expertise on demand’ that has driven SaaS growth across many industries in recent years, and identity is no exception.

• Gartner estimates that SaaS IAM will augment or replace 60% of software-delivered IAM implementations globally, up from 20% today, and will be the chosen delivery model for more than 80 per cent of new access management purchases globally by 2022 (source: Gartner Magic Quadrant for Access Management, August 2019).
  
  

  Multi-Factor Authentication:

  The term multi-factor authentication (MFA) means there are more than two factors involved. This offers the most security. It's no longer about either flatly granting or denying access based on a factor or two; it's about granting a degree of access from a spectrum of possibilities, based on multiple data points and factors derived from the login attempt, such as third-party hardware tokens, biometrics, and SMS.

  The downside of most MFA systems is that they can disrupt end users, who may need to re-authenticate throughout their workday or coordinate both hard and soft tokens to verify access. For every factor of authentication you add, you boost security, but at the cost of making your user experience worse. MFA systems can also be cumbersome for IT teams, who have to manage integrations with multiple applications or systems.
  
  Single Sign On:

• Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a name and password -- to access multiple applications. SSO can be used by enterprises, smaller organizations and individuals to ease the management of various usernames and passwords.

• In a basic web SSO service, an agent module on the application server retrieves the specific authentication credentials for an individual user from a dedicated SSO policy server, while authenticating the user against a user repository, such as a Lightweight Directory Access Protocol (LDAP) directory. The service authenticates the end user for all the applications the user has been given rights to and eliminates future password prompts for individual applications during the same session.