Hi, my name's Todd Petersen. I'm on the product marketing team at the Identity and Access Management Group at Dell Security. Today we're going to talk about software as a service application. And specifically identity and access management as a service and whether it's right for you and how you can decide what to do and what not to do.
So let's turn to the board. First thing we're going to talk about is what do you need to do? You've got a number of things that you have to do from an identity and access management standpoint. And whether you do that with on-prem software, with manual processes, or with the software as a service software, it doesn't matter. These things have to happen.
The first is you need to administer identities. You need to be able to set up accounts for people so they can access stuff. Give them the things they need to log on. You need to deliver access.
You need to allow those people to get to the things they need to do their jobs. Whether that's securely or not securely is up to you, but you want it to be secure. And whether that is convenient or inconvenient for the user is up to you, but obviously you want it to be convenient for the user.
Then you want to control access. Once they get to those things, you want to make sure that they only can get to the things they need to do their jobs. You don't want to over-provision people just because it's easier, because then they can get the stuff they shouldn't get to. People can steal their credentials and get the stuff that they shouldn't get to. So that's a bad thing.
And then ultimately, you'll want governance on that. You'll want to make sure that you're doing the administration of the identities, the access control, and the login stuff according to the rules. Doing it the right way, that's basically what governance means. Not just doing it but doing it right.
And what do you need to do all this to? You've got a whole bunch of on-prem things that people need to access. You want to control those. But you've got this growing population of cloud things. Applications and data out in the cloud that you need people to access.
So you've got to administer identities in both places. You've got to deliver access to both places. You've got to control access to both places. And ultimately you want to do governance to both places.
So that's where the challenge lies. And that's when you decide whether you're going to go with an on-prem solution or maybe a software as a service solution.
There's a number of use cases that we'll talk about on the next slide. Provisioning, single sign-on federation, multifactor authentication, privileged account management, process orchestration, attestation, and analytics.
All right. So let's turn to each of those use cases and talk about what would be the best solution for that.
So provisioning is the things you do to set up the accounts in the directories, in the applications, in the databases, you know. All of those things. Normally provisioning is done with manual processes, or with a number of tools to help, or with a unified enterprise provisioning tool that's most often done on-prem but not necessarily. It doesn't have to be.
If you've got the on-prem solutions, you need to make sure that it also covers your cloud properties. So as you're provisioning, you have to make sure that not just provisioning on-prem but also provision in the cloud.
The benefits of an on-prem solution that will work for the cloud has a rich feature set. It's got everything you've always wanted plus more. You control everything. It's all within the way that you set it up.
The challenge is you have control of everything. So you've got more stuff you need to worry about. It can be specific to your situation. It works well on legacy systems.
A negative, maybe it's a capital expenditure. It's a more expensive thing. Something that you have to budget for. And you've got slower deployments because it's all on-prem and you've kind of control that.
So you can then move from the cloud. This would be a MSPs offering, a managed service provider. It would be a hosted or managed offering. Those are available in a lot of single sign-on or federation scenarios. Some multifactors, some privileged account management. All these things are available in a managed offering but there's advantages and disadvantages to that as well.
The disadvantage is someone else controls. Actually, maybe that's an advantage. The disadvantage would be also that someone else controls because the risk is moved out of your world. It can be semi-custom. It can do much of the stuff you want, maybe not all of it.
It's tightly coupled with your on-prem stuff. It has opportunistic functionality, meaning it may not do everything you need but it might do enough. And it can be budgeted as an operational expense as opposed to a capital expenditure, so it might be much easier to get by the board and everything.
The third option is in the cloud, or the true software as a service offerings. The advantage there is that someone else controls it. But again, that's also the disadvantage. You don't have control anymore. The risks are higher.
It can do rapid deployment or change. Meaning that they are constantly revving and updating capabilities and the ability to do things. That's an advantage for you. It's very quick to do that.
It serves a digital transformation. Meaning that it will work with all these new things that keep coming to you. And it's actually maybe a piece of your digital transformation strategy.
One of the disadvantages, it usually has cookie cutter functionality. Meaning everybody who's using this service has a menu of things that they can do and they
06:48