Even enterprise organizations and software manufacturers find the implementation of Identity & Access Management (IAM) a hard nut to crack, but the operation of an IAM is also equally challenging.
It goes without saying that web applications require protection. Ever more applications are functioning not only as public websites, but also as transaction platforms with user-related information. They are being accessed by various users and administrators and often contain sensitive data or data of highly personal nature. Typical examples are e-health or e-government portals. The assignment and control of rights in such an application places demands on processes and technology.
From a technical point of view, we need to distinguish between authentication and authorization. This is also reflected in the involved components of an application. This means that authentication is typically performed independently of the application. After a successful login (user name, password, second factor), the user is assigned a role and referred on to the actual application. Role and other information are transferred securely, using tokens (SAML, OAuth, OpenID Connect). The authorization takes place within the application itself. This means that the application decides which data the user is allowed to see based on their role. The authorization is therefore application-related, but authentication is not.
Due to the above considerations and distinctions, IAM solutions have become an established feature in the industry. They act as an interface between user/administrator and the application, and ensure that only correctly authenticated users gain access to a system. Still, even such solutions involve a high degree of complexity with respect to configuration and operation. This in turn gave rise to the idea of offering «IAM as-a-Service» (IAMaaS).
With IAMaaS, a solution is made available to the customers that is constantly kept up to date, automatically adapts its capacity and provides the highest possible degree of availability. In addition to production lines, test- and playgrounds are also available. Furthermore, IAMaaS has the advantage that it does not need to be operated at the same location as the actual application. Therefore either the application itself can be protected via a VPN connection, or the user is being forwarded to the target application with a valid token. For cloud-based solutions, this means that, thanks to IAMaaS, the entry point for user login and the location of the SSL/TLS keys and user data, such as username, password and second factor, are stored in a known and correspondingly secure location.
As of October 2017, aspectra has been offering a comprehensive «Identity and Access Management as a Service» based on the Airlock IAM authentication platform, developed by Ergon. Thanks to secure, centralized and scalable identity and access management, our customers no longer need to install any software or hardware. The multi-redundant architecture distributed across two data centers guarantees maximum availability.
Intersted in IAM-as-a-service? Contact us to discuss your requirements and find a suitable solution.