As enterprises move to hybrid architectures that combine their traditional on-premise systems and new cloud services, they need to move to a single unified user identification and access management system (see graphic on right). Relying on multiple identification systems that require users to log in separately to different services on different devices turns what is intended as a unified architecture into “a collection of discombobulated and fragmented set of stuff to the user,” writes Wikibon Analyst Steve Chambers. It also creates security problems, negatively impacts productivity, and costs extra money, since multiple fragmented ID systems are not less expensive than a single log-on system.

Forward-thinking enterprises are moving from the traditional IT model to “the consumption cloud.” In this new model a single, trusted multi-step ID is employees’ passport to all the business services they need to do a job, just as a single log-on provides access to all of Google’s consumer services. Furthermore, it must extend across users’ mobile systems as well as work laptops or desktops and work across multiple locations. This is particularly important for employees who spend significant work hours outside the office, but even desk-bound employees may want to check their business email after hours or at a public location.

Multiple log-in systems annoy end-users and encourage them to use simplistic, easy-to-remember but insecure passwords. Multiple communications from different systems requiring periodic password changes can confuse employees and make them vulnerable to phishing and other malware. It also creates extra expense for IT managing those multiple IDs, particularly for new hires, promotions, and employees leaving the company. All of this increases security vulnerabilities.

ID systems that work across the hybrid cloud to provide a single secure, multistep user log-ins do exist. Chambers lists several in his report, while noting that his list is not exhaustive. The best of these provide advanced security features that, for example, flag unusual activity such as access from unexpected geographies in individual end-user accounts that might indicate that the account was hacked.

Read Chambers’ full report, “The Hybrid Cloud Identity Crisis”, along with other Alerts from the Wikibon analysts, on the new Wikibon Premium site.

Graphic courtesy Microsoft Corp.