1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 4 4 Copyright... 5



Similar documents
EXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015

1 Introduction Product Description Strengths and Challenges Copyright... 5

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

ObserveIT User Activity Monitoring

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report

EXECUTIVE VIEW. KuppingerCole Report. Content. Related Research

1 Introduction Product Description Strengths and Challenges Copyright... 5

NextLabs Rights Management Platform

Cloud User and Access Management

EXECUTIVE VIEW MYDIGIPASS.COM. KuppingerCole Report. by Alexei Balaganski August by Alexei Balaganski

Protecting the keys to your kingdom against cyber-attacks and insider threats

VENDOR REPORT by Martin Kuppinger April Atos DirX. KuppingerCole

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

LEADERSHIP COMPASS by Martin Kuppinger January Enterprise Single Sign-On. KuppingerCole Report

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

Cloud Management Platform Market Map 2016

Identity and Access Management for the Cloud

CA Technologies Strategy and Vision for Cloud Identity and Access Management

Simplify and Secure Cloud Access to Critical Business Data

Connecting Users with Identity as a Service

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Novell Cloud Security Service Reducing Risk by Securing the Cloud. Stefan Stiehl Senior Sales Technology Specialist

NCSU SSO. Case Study

The Aim of IAM: Mycroft s XSpectra Delivers Identity & Access Management to Midmarket & SMBs

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Key Issues for Identity and Access Management, 2008

secure user IDs and business processes Identity and Access Management solutions Your business technologists. Powering progress

RFP BOR-1511 Federated Identity Services - Response to Questions / Answers

RSA Identity Management & Governance (Aveksa)

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

Access Management and Federation

Sun and Oracle: Joining Forces in Identity Management

The Top 5 Federated Single Sign-On Scenarios

IDENTITY & ACCESS MANAGEMENT IN THE CLOUD

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

<Insert Picture Here> Oracle Identity And Access Management

The State of the European Public Cloud Market

Understanding Enterprise Cloud Governance

SAP Cloud Identity Service

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Delivering value to the business with IAM

Identity and Access Management

Hybrid Cloud Identity and Access Management Challenges

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Effective Azure Migration Moving Applications to the Cloud

Centrify Cloud Connector Deployment Guide

Guideline on Implementing Cloud Identity and Access Management

LEADERSHIP COMPASS by Martin Kuppinger January Enterprise Single Sign-On. KuppingerCole Report

Oracle Role Manager. An Oracle White Paper Updated June 2009

How To Build An Operating Software For The Enterprise

Oracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Collaborating with External Users

SaaS / Managed Services Market trends and adoption challenges

WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM)

Microsoft Azure for IT Professionals 55065A; 3 days

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

managing SSO with shared credentials

The Challenges of Managing Multiple Cloud Identities and Enterprise Identity by BlackBerry

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

White Paper. Getting ahead in the cloud. the need for better identity and access controls

IDC MarketScape: Worldwide Federated Identity Management and Single Sign-On 2014 Vendor Assessment

agility made possible

How to Get to Single Sign-On

Identity and Access Management for the Hybrid Enterprise

Leverage Your EMC Storage Investment with User Provisioning for Syncplicity:

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

nexus Hybrid Access Gateway

Securing the Cloud through Comprehensive Identity Management Solution

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Deliver Desktops as a Service! With VDI 2.0!

Research. Identity and Access Management Defined

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

IT as a Service Emerges as a New Management Paradigm in the Software-Defined Datacenter Era

Security of Cloud Computing for the Power Grid

CLOSER st Int. Conf. on Cloud Computing and Services Science: The Cloud Service Supply Chain

White Pages Managed Service Solution Rapid Global Directory Implementation. White Paper

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

The Four "A's" of Information Security

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta Inc. 301 Brannan Street San Francisco, CA 94107

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s

People-Focused Access Management. Software Consulting Support Services

Business Transformation for Application Providers

When millions need access: Identity management in an increasingly connected world

Business-Driven, Compliant Identity Management

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

KuppingerCole Product Research Note. Virtual Forge CodeProfiler. by Prof. Dr. Sachar Paulus March 2012

How To Manage A Plethora Of Identities In A Cloud System (Saas)

Speeding Office 365 Implementation Using Identity-as-a-Service

SINGLE & SAME SIGN-ON ASPECTS

How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment

Transcription:

This document is licensed to iwelcome KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 iwelcome Identity & Access Management as a Service iwelcome delivers Identity and Access Management as a Service. The company, based in the Netherlands, runs all services from data centers located within the EU and covers a broad set of features for both managing identity and access for cloud and on-premise services. by Martin Kuppinger mk@kuppingercole.com April 2015 Content 1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 4 4 Copyright... 5 Related Research #71,031 Advisory Note Cloud IAM more than just Single Sign-On to Cloud Applications #70,998 Advisroy Note The New ABC for IT: Agile Business, Connected #70,969 Leadership Compass Cloud User and Access Management

1 Introduction iwelcome, a company headquartered in the Netherlands, was founded a few years ago and is backed by venture capital. The company has built its own platform for what KuppingerCole calls Cloud User and Access Management, a central functionality within the broader scope of Cloud IAM. The company, since its beginning, has managed to win a number of large and prominent customers, particularly in the Benelux area, and is now expanding into other regions. Both Cloud computing and Identity and Access Management (IAM) can trace their beginnings to the late 1990 s. Cloud computing began as web services then developed into Software as a Service (SaaS) later expanding to cover such areas as Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) even, within the last couple of years, Identity (Management) as a Service (IDaaS/IDMaaS). IAM began with Provisioning applications and later expanded to include some, or all, of: Single Sign-On (SSO); Web Access Management and Identity Federation; Various forms of Access Control (_BAC) Role-based, Attribute-based, Rules-based, Risk-based, etc.; Governance, Risk and Compliance (GRC) including Access Governance; Strong and adaptive Authentication; And a number of other services, depending on who is defining them. Without specifically looking at functionality, we can see that many different architectures are being described when talking about Cloud IAM (aka IDMaaS, IDaaS, ): Is the service on-premises, in the cloud or a hybrid? Is the service controlled by the enterprise or by a third party as a managed service? Are only employees covered, only external users, a partial mix (employees and partners, but not vendors or customers for example) or are all entities using the organization s resources managed within the single system? Is access managed for only on-premise services, cloud-based services or both? If there are multiple identity data stores, are they synchronized or federated, and are they only cloud-based or can they be hybrid - on-premise and cloud? Kuppinger-Cole believes that in the future there will be at least two distinct approaches to Cloud IAM that overlap in their core functionality. One is Cloud-based IAM/IAG that provides Identity Provisioning and Access Governance capabilities as a Cloud service. These services in fact are a direct counterpart to established on-premises Identity Provisioning and Access Governance solutions they feature the same concepts and provide these as a real multi-tenant cloud service or, more frequently, as a managed service. These types of solutions also provide good out-of-the-box integration with on-premise systems, allowing management and governance for identities and access to these services. The second group of solutions primarily focuses on managing what we call the new ABC: Agile Business, Connected. They focus on managing external users, such as business partners and customers, and their access to Cloud services and on-premises web-based applications. Commonly, these services are a combination of identity federation, self-service registration, directory services, and access management solutions, all provided as a Cloud service. Page 2 of 6

While both groups of solutions might converge in the long run, both provide far more functionality than just Cloud Single Sign-On, which will not remain sufficient for success in business. In fact, the iwelcome offering is a mix of both concepts, which qualifies for the emerging market segment of Cloud User and Access Management, while providing strong support for existing on-premise environments such as Cloud-based IAM/IAG solutions do. Thus, it is a good fit for customers that want to move their IAM infrastructure to the cloud while supporting both the existing infrastructure and upcoming cloud services. 2 Product Description iwelcome is a company based in the Netherlands that provides a Cloud User and Access Management service. The service is run from datacenters within the EU, hosted by Interoute. It is built on a number of standard products, particularly from the Open Source community, which are extended by iwelcome. Furthermore, iwelcome adapts these tools so that they can be run in a multi-tenant environment that can be easily customized. Basically, the offering consists of two layers: The iwelcome Identity Portal which gives access to the functionality for both end users and administrators through a web interface; The backend services that provide a set of functionality. The Identity Portal is the out-of-the-box starting porting for using the iwelcome platform. Users have their individual landing pages that grant them access to their applications, both cloud services and onpremise applications. Here, users can, for instance, configure their accounts and reset their passwords, but also request additional access to applications. Furthermore, iwelcome provides an extensive set of Restful APIs for accessing the functionality and allows for massive customization. Particularly larger customers tend to integrate iwelcome functionality into existing portals and applications using these interfaces. Administrators can also use this portal. They can manage users, access reports, review access, and monitor the environment. In particular the review or recertification capabilities are noteworthy here, given that this capability is quite rare in Cloud User and Access Management today. The portal is based on a number of backend services. These include: Single Sign-On to both on-premise and cloud applications; Strong authentication based on the iwelcome Authenticator App and, in addition, a number of authentication mechanisms such as SMS, GRID, etc.; Support for risk- and context-based (adaptive) authentication allowing controlled access based on the current risk and context; Role-based access control; Access Governance capabilities, including reporting and recertification of access, supporting common audit requirements; Logging and reporting capabilities plus a monitoring service for the current state of the environment; Page 3 of 6

User management for integrating with on-premise identity stores and flexibility, including the ability to add custom workflows and delegated administration; and Identity Federation. The approach taken by iwelcome allowed them to quickly start offering a service for Cloud User and Access Management, while also supporting integration of external users. iwelcome provides strong support for self-registration and social logins, including wizards for guiding new users. Further capabilities include access to the registration process via restful APIs and automatic proofing and updating of attributes from trusted attribute providers. A significant portion of iwelcome customers are using the platform for consumer-centric use cases. The biggest challenge of iwelcome s approach might be support for a growing number of tenants. All tenants are technically segregated, which is positive from a compliance and governance perspective. Furthermore, iwelcome has a well thought-out approach to scaling and relies on a common backend, not forking development for individual customers. Overall, the clear segregation provides advantages from a security perspective, while still providing the cloud advantages of multi-tenancy and elasticity to the customers. Furthermore, iwelcome provides strong integration back to existing on-premise IAM services. This also includes tight integration with primary Windows authentication. iwelcome s founders have a strong background in IAM integration. They leverage this knowledge and have a pan-european partner network to ensure integration capability. The list of Cloud services supported out-of-the-box is still rather small, but includes a number of complex business applications. In addition, iwelcome provides strong standards support for rapid integration of Cloud services. We expect to see a quickly growing number of such preconfigured integrations. 3 Strengths and Challenges With its Identity & Access Management as a Service offering, iwelcome provides a strong feature set in the emerging Cloud User and Access Management market. The solution is well thought-out and continuously improved. While the number of out-of-the-box connectors to cloud services is relatively small, compared to some other players in the market, integration of other services is quite easy based on the standard Identity Federation support and SSO capabilities of iwelcome. Furthermore, iwelcome is quite experienced in complex integrations. iwelcome will also potentially benefit from the fact that their services are run from EU-located datacenters. This is quite attractive for EU-based customers, which should definitely have a look at iwelcome. The datacenters are not owned by iwelcome, but well chosen. Overall, iwelcome is an interesting player in the emerging Cloud User and Access Management market with specific strengths, particularly their integration of Access Governance services and their strong support for on-premise environments. They might play an interesting role in the future evolution of that market. Notably, iwelcome provides a strong product offering that is not only interesting to EU customers, but has a strong feature set of its own, thus being an option for customers from all regions. Page 4 of 6

Strengths Strong integration back to existing onpremise IAM services Tight integration with Windows authentication and existing identity stores Run from EU datacenters Well thought-out approach for covering security and privacy concerns particularly of EU customers Integrated Access Governance capabilities including recertification Strong support for consumer-centric use cases Challenges Still limited number of preconfigured out-ofthe-box integrations to Cloud services, but strong standard support for simple integration based on SAML, SCIM etc. allowing for rapid integration Only third party datacenters as of now, however all based in the EU (which might be a challenge for customers in other regions) 4 Copyright 2015 Kuppinger Cole Ltd. All rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them. Page 5 of 6

This document is licensed to iwelcome The Future of Information Security Today KuppingerCole supports IT professionals with outstanding expertise in defining IT strategies and in relevant decision making processes. As a leading analyst company KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business. KuppingerCole, founded in 2004, is a leading Europe-based analyst company for identity focused information security, both in classical and in cloud environments. KuppingerCole stands for expertise, thought leadership, and a vendor-neutral view on these information security market segments, covering all relevant aspects like Identity and Access Management (IAM), Governance, Risk Management and Compliance (GRC), IT Risk Management, Authentication and Authorization, Single Sign-On, Federation, User Centric Identity Management, eid cards, Cloud Security and Management, and Virtualization. For further information, please contact clients@kuppingercole.com Kuppinger Cole Ltd. Sonnenberger Straße 16 65193 Wiesbaden Germany Téléphone +49 (211) 23 70 77 0 Fax +49 (211) 23 70 77 11 www.kuppingercole.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information