KuppingerCole Report
By Richard Hill

IAM for the Hybrid Reality. Efficiently Managing On-Premise IT and the Cloud.

Most organizations today run in a hybrid IT environment. However, their IAM solutions have repeatedly been built for the traditional on-premises IT. IAM needs to become a service that supports the hybrid IT infrastructure organizations run today. This whitepaper describes the paradigm shift, the customer needs, and a solution to help businesses move forward in this hybrid IT environment.

Commissioned by Saviynt

1 Executive Summary

Traditionally, the IT environment has run within the walls of their perimeter. The Identity and Access Management (IAM) solutions were developed to address the business needs of this closed environment. Identities were managed and stored on-premises and made available only to local access control systems to ensure individuals just have access to resources they need.

As business needs extend beyond business-to-employee (B2E) to include business-to-business (B2B) and business-to-consumer (B2C), and more recently business-to-IoT (B2IoT) use cases, federation extended the reach of where identity and access controls reside. And Single sign-on (SSO) systems gave users the ability to authenticate not only across multiple IT systems but organizations too.

With the advent of cloud services (IaaS, PaaS, SaaS), organizations were given new options for their IT infrastructure, platforms, and software. Motivated by the business need to increase IT elasticity, flexibility, and scalability while reducing cost, businesses took to the cloud giving IT a new challenge to protect both identities and access to resources in a cloud environment.

Adding to the sphere of what modern IT IAM systems need to protect is enterprise controlled mobile devices, and BYOD also needs to be addressed, as well as the bow wave IoT devices coming their way. And as organizations start to move from a perimeter-based security model to a perimeter-less one, greater emphasis will be placed on what you know about the user and the devices they use.

The hybrid IT environment is the new reality that is here to stay for the foreseeable future

Identity Governance and Administration (IGA), was initially driven by regulations such as SOX that required organizations to ensure separation of duties (SOD) as a means to prevent accounting fraud, not to mention the other mandates such as ITGC, HIPAA, HITECH, FedRAMP, PCI, FFIEC. Tracking the user Joiners/Movers/Leavers, user account reconciliations and user access to resources became required to keep an organization in compliance.

As an organization’s infrastructure, platforms, software, and its data increasingly spans across the traditional enterprise boundaries into the cloud to create this hybrid IT environment, so should IAM and IGA. Although cloud providers give varying levels of security and monitoring of users, the enterprise needs to have clear visibility on what users have access to and what they are doing with it, while applying consistent security controls regardless of whether it’s in the cloud on or on-premise. The management of user identity, access, and its governance must evolve into a service that can address this new hybrid IT reality.

Saviynt provides a fully featured platform that can meet the demands of this hybrid IT environment by adding governance to many types of cloud services. It presents capabilities that allow IT to manage access rights across the enterprise and the cloud, as well as adding a risk-aware, threat-aware, intelligent and analytics-driven functionality to the platform.

2 Highlights

  • Insight on the shift from on-premise to the hybrid IT environment
  • Identifying the significant IAM capabilities
  • Overview of the role of Access Go ...
Login Get full Access

3 Access Governance Today

Identity is at the core of any information security system and Identity and Access Management (IAM) gives the capabilities to manage these identities, ...

Login Get full Access

3.1 On-Premises IAM

Traditionally, the IT environment has run within the walls of their perimeter. The Identity and Access Management (IAM) solutions were developed to ad ...

Login Get full Access

3.2 Cloud IAM

With the advent of cloud services (IaaS, PaaS, SaaS), organizations were given new options for their IT infrastructure, platforms, and software. Motiv ...

Login Get full Access

3.3 Access Governance

Identity Governance and Administration (IGA) was initially driven by regulations such as SOX, that required organizations to ensure separation of duti ...

In the simplest terms, access governance manages who has access to what data, applications, and services. It must monitor and report on potential risk ...

Login Get full Access

3.4 The Hybrid Reality

The reality of today is that most organization’s IT data, applications and services are spread across both on-premises and cloud environments. Inevi ...

Login Get full Access

4 Emerging Access Governance Capabilities

Access Governance not only requires a solid foundation built upon strong strategic governance concepts, but it also requires powerful tools that can g ...

Login Get full Access

4.1 Cloud Access Security Broker (CASB)

Organizations are embracing the use of cloud services because of the benefits that they can bring in terms of speed of deployment, flexibility and pri ...

CASB solutions provides support for the cloud. It is inserted between cloud services and the on-premises organization that are using them. It improves ...

Login Get full Access

4.2 Analytics

Analytics has become a loaded term in that it has come to mean a broad range of things, but in its narrowest sense it is the ability to perform data a ...

Login Get full Access

4.3 Intelligence

Intelligence gives the ability to make access decisions that can be acted upon based on the patterns and trends found through data analytics. We have ...

Login Get full Access

4.4 Required Capabilities of the Hybrid IT

Traditional on-premises IAM that focus solely on internal IT are no longer sufficient with the advent of cloud services. Of course, there will still b ...

Login Get full Access

5 The Saviynt Approach to the Hybrid IT Challenge

Saviynt is the next-generation IGA platform that not only provides traditional identity governance, but also combines the ability to govern a user’s ...

Login Get full Access

5.1 Access Governance

Saviynt addresses the need of Access Governance to extend beyond the traditional boundary of an enterprise, as well as across infrastructure, applicat ...

Login Get full Access

5.2 Analytics & Intelligence

Saviynt is a risk-aware, threat-aware, intelligent platform driven by analytics. Their intelligence through analytics adds value to their modules such ...

Login Get full Access

5.3 Saviynt's Approach to CASB

Saviynt seeks to extend its support for the cloud with its next generation capabilities to improve on the CASB solution. It does this by filling the g ...

Login Get full Access

5.4 Integrations

Among others the Saviynt platform integrates with:

  • IDaaS (Identity as a Service) systems like Microsoft, Ping, Okta
  • Service specific Cloud Acce ...
Login Get full Access

6 Summary and Recommendations

The hybrid reality is upon us. IT organizations, not already in the midst of leveraging cloud services, need to plan and prepare.

The need for ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.