Addressing the debate for Identity Access Management: on-prem, cloud or hybrid?

Each approach has its strengths and weaknesses even in the face of cloud centricity. Is there a one-size-fits-all solution?

Since the days of on-premises infrastructure, identity access management (IAM) in local networks and servers has been the most common approach, given that storing sensitive information and data onsite offers organizations a sense of increased security.

However, as cloud technologies mature and digital transformation via cloud computing becomes the ‘next big thing’, IT administrators and leaders now have to rethink how they manage identity authentication, authorization and access.

While it is true that cloud technologies offer many advantages over on-prem—such as flexibility, scalability and agility—is a cloud IAM a one-size-fits-all solution?

More importantly, does the rise of cloud digitalization mean on-prem IAM is no longer relevant? The answer may not be so straightforward.

Cloud IAM vs on-prem IAM

Every IAM deployment is unique, with each approach bringing its strengths and challenges.

Many organizations maintain that cloud solutions are more cost-effective than their on-prem counterpart, attributing it to the flexibility of only paying for what they use and peace of mind from not worrying about costly maintenance or hardware.

This is true to some extent, but organizations need to consider the following caveats:

• public cloud providers charge a fee each time data is moved in and out of the cloud, and such costs can stack up quickly. On-prem solutions may then be a better option if the organization does not have massive amounts of data to deal with, or if scaling is not part of their business goals yet.
• In terms of extensibility and scalability, cloud solutions have the edge over on-prem. Organizations on a cloud IAM system can support larger volumes of end users and activity from multiple locations and have the flexibility to scale data requirements up or down according to changing business requirements, maximizing resource management and cost-efficiency. By working with a managed services provider (MSP) to provide cloud IAM solutions, organizations can leverage their MSP’s industry knowledge and expertise to achieve greater levels of regulatory compliance, and free up resources to focus on their core business.
• On-prem IAM solutions have their own strengths: While migration to the cloud can be a tedious and time-consuming endeavor fraught with latency issues and cloud outage risks, hosting data on servers that are closer to end users or even designing them to run locally on end user devices removes the unpredictability from the equation and circumvents the latency issues.

The final caveat is that the global shift towards hybrid working has contributed to factors that justify the adoption of cloud-based IAM solutions. From employees connecting to the organizational network through outdated or insecure home devices, to the inability of having IT teams going into the office to fix technical issues on data centers, organizations can no longer get away with simply having on-prem systems.

What about hybrid solutions?

With the different strengths and weaknesses of the two different approaches to IAM, would a mix of approaches—hybrid IAM solution—help organizations achieve the best of both worlds? Here are some considerations:

• A mix of on-prem and cloud IAM solutions can be less expensive and resource-intensive than going full private cloud. Having both control and access across cloud and on-prem applications creates an integrated IT environment that allows data to be shared between on-prem systems and those maintained in the cloud. More importantly, it also helps organizations bridge the gap between on-prem and cloud paradigms, providing them with the scalability and features of a cloud environment while maintaining an on-prem footprint that many enterprise security departments are more comfortable with.
• Also, not all cloud providers are created equal. Adopting a ‘mix-and-match’ approach (more commonly known as multi-cloud approach), can allow organizations to take advantage of specific services that each provider is known for.

Ultimately, when it comes to choosing the infrastructure for IAM deployment there is no one-size-fits-all solution. It all comes down to the requirements and objectives of the organization for a solution to work. Costs and flexibility aside, the solution’s ability to support different devices and various authentication methods must be weighed as it can greatly influence the scalability of the business.

As technology continues to advance and adapting becomes a necessity, organizations must carefully weigh out the various pros and cons against their business goals in the decision-making process to achieve their maximum digital potential.