One of the growing challenges CIOs and CISOs must grapple with as they expand their use of cloud services is how to rationalize their collection of identity, access and privilege control systems operating across their network environment.
The days of relying on and patching separate identity, authentication and privilege access services are becoming a thing of the past, says Eric Brown, cybersecurity director for enterprise identity and access management at SAIC, a Fortune 500 technology integrator specializing in government IT modernization and engineering services.
“For professionals like me, having to deal with a single vendor that can help me secure an identity from multiple facets, whether it’s OTP (one-time password systems), smart cards and authenticator applications, that becomes very, very desirable,” he says in a new podcast produced by CyberScoop and underwritten by Axiad.
Replacing multiple existing systems with a single platform can often go against the grain of traditional practices. One reason for that, argues Bassam Al-Khalidi, co-CEO & co-founder of Axiad in the podcast, is that publications and analysts still tend to focus on best-of-breed solutions and capabilities within the identity and access management (IAM) technology market.
“There is no category for that one platform across the board… that will address the different use cases, whether it’s privileged-non-privileged device authentication, user or application authentication,” and which can manage all levels of security across multiple cloud environments, says Al-Khalidi.
SAIC represents one of a growing number of companies that have decided to move away from multiple systems and turn to an outsourced technology like Axiad to manage their identity and access requirements.
“We took a step back… and were able to look at the dynamics of what [Axiad] had to offer, and how they could actually augment the team that performs all these functions at SAIC. And when we looked at that augmentation, we realized that it would increase the productivity of the team, allowing them to get more creative on the solutions, while maintaining a higher level of security,” Brown says.
He also saw added value in the fact that Axiad focuses on “constantly improving their platform for the maximum security allowed in the environments that we work in,” including multi-factor technologies, that can also support SAIC’s customers in ways that were proving harder to do using a combination of IAM solutions.
“Having a single dedicated platform that allows you to move to the cloud without inheriting new risks of being in the cloud… is kind of like having your own castle, rather than being an apartment in a large apartment complex,” says Al-Khalidi.
Al-Khalidi explains, “There’s a lot of cloud authentication products or services out there in the market, but [organizations often] end up getting an authentication service for their general population, maybe a different type of service for their contractors, a different solution for their admins or key stakeholders, and then another solution to manage their devices and applications,” he explains. “So even though they are moving to the cloud…they still have the burden of trying to integrate cloud to cloud. And now you’re inheriting more risk.”
He and Brown discuss some of the practical considerations for adopting a single platform approach and some of the lessons SAIC learned making the transition.
Listen to the podcast for the full conversation on preparing agency networks to support IT modernization priorities. You can hear more coverage of “IT Security Modernization” on our CyberScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by CyberScoop and underwritten by Axiad.
Bassam Al-Khalidi, co-CEO and co-founder of Axiad, a leading trusted identity solutions provider for enterprises, government, healthcare and financial organizations. Bassam has had an extensive career leading identity and access management solutions teams before co-founding Axiad over a decade ago.
Eric Brown, cybersecurity director – enterprise identity and access management at SAIC, has more than 20 years of experience managing enterprise information systems, implementing disaster recovery and business continuity strategies and leading systems engineering teams in highly pressurized and challenging environments.