Identity Access Management (IAM) is at the core of the modern complex and highly distributed IT environment in any organization, and these solutions do way beyond managing user identities and granting access to resources. They are at the core of business and transformation strategies, as well as human resources and security, as over 60% of attacks are now willingly or unwillingly carried out by insiders.
A mature IAM program is well customized to a business’s objectives and the unique circumstances surrounding it can reduce the risk of data breaches involving identities. A proper IAM implementation will help ensure regulatory compliance, reduct cost of performing audits, increase visibility through streamlined reporting and bring a hint of a smile to your tired yet kind systems administrator's face by reducing the IT overhead.
But many organizations fail to experience any of these gains due to fragmented, stagnant and incomplete IAM programs that have been developed over time using point-technology solutions. As a result, businesses are exposed to the risk of major losses and miss the competitive advantage of an agile and connected workforce. Luckily, there are some holistic tools on the market that can aid the journey - and the best of them work in tandem.
IdentityIQ is the only piece on this list built from the ground up with the purpose of being a fully integrated IAM solution. It leverages a unified governance platform to provide a common data repository as well as role, policy and risk model management, giving you a solution that’s easier to deploy, easier to maintain and easier to use. In theory.
Great app and third party integrations
Complex and requires skilled talent to get the most out of it
CyberArk Core Privileged Access Security
The CyberArk Core Privileged Access Security solution provides organizations with the ability to take a risk-based approach to credential and session management. Users can transparently enforce least privilege principles and lock down domain controllers to defend against both internal and advanced persistent threats. It also provides SSH key management capabilities, making users able to provision and de-provision SSH key access, know which SSH keys are compromised in the event of an attack, and grant varying levels of control to all entities.
Great fairly intuitive UI
Easy and secure credential vaulting
Well suited for audit requirements
Can be expensive
Reporting is not great
Okta Identity Cloud
Identity Cloud from Okta is a behemoth suite of products that are meant to provide comprehensive IAM solutions to workforce and customers of an organization. The suite includes 12 products: Single Sign-on, Adaptive Multi-factor Authentication, Lifecycle Management, Universal Directory, API Access Management, Advanced Server Access, Customer Authentication/Authorization, User Management, Multi-Factor Authentication, Lifecycle Management and B2B Integration. As you can imagine, it's pretty comprehensive.
Adaptive and flexible MFA
Great SSO implementation and app integrations
Multiple levels of administrative rights
Fairly simple setup and rollout
Real-time provisioning and de-provisioning
Little control over syncing with Active Directory (either manual or every hour)
UI can be confusing and/or outdated
Lacks access governance, user access certifications and segregation of duties
Limited Role-Based Access Control features
Idaptive Next-Gen Access Cloud (Centrify)
Idaptive’s Next-Gen Access Cloud uniquely combines SSO, adaptive MFA, endpoint & mobile context and behavioral analytics in a single platform. Unlike other identity and access technologies that offer piecemeal solutions, Idaptive uses real-time access data and machine learning to understand risk, so customers can make smarter decisions at scale about who they let into applications and services.
Great Multi-Factor Authentication (MFA) implementation
Great Single Sign On (SSO) implementation
Great intelligent automation features
Somewhat lacks app integration
In our humble opinion, the winner is the fairly recent integration alliance among SailPoint, Okta and CyberArk which, if deployed correctly, will provide some of the best-in-class combined IAM features for any organization. Specifically,
Okta provides secure access for entire businesses via single sign-on (SSO) and multi-factor authentication (MFA)
SailPoint provides identity governance, security, operational efficiency and compliance to enterprises with complex IT environments
CyberArk provides comprehensive privileged access protection, monitoring, detection, alerting and reporting on all privileged users
As end users demand access to everything from everywhere at all times, IT scrambles to keep the network secure and in compliance and CISOs struggle to enforce policies, visibility and security controls, this approach will hopefully allow you to balance the needs and demands of all these key parties to your business.