Over time, organizations have built and purchased a variety of systems to support the business.  These systems, invariably, are not tied to central identity management systems which prevents the company from addressing the challenges they face in the market today. 

A comprehensive identity management solution allows organizations to:

• Have a holistic view of identities both internal and external to an organization and what they can do within the enterprise
• Help ensure compliance to regulatory requirements
• Help reduce the cost of audits
• Improve security and deters the risk of identity theft
• Improve organizational efficiency – End users can benefit from features such as Single Sign On and Self Service. Operations teams can manage identities from a central location, as well as define and enforce policies from a central location

Limitations of current solutions

The identity management market place is currently dominated by a few large vendors.  While these solutions are capable, they were often architected a decade ago and have grown significantly through acquisitions.  These solutions bring with them their own challenges and it’s unusual for customers to spend eight times as much in professional services fees vs licensing fees to deploy an IDM solution. The limitations of these solutions are highlighted below.

• High total cost of ownership – High licensing fees based on individual users makes it expensive for medium to large enterprises.  This type of licensing model also makes IDM cost prohibitive for external facing applications that may have large user counts.
• Often based on proprietary implementations and not standards which can create integration issues and a larger learning curve.
• Growth through acquisition can represent integration challenges within the vendors' own stack. Common examples of this are the discrepancies found in policy models between the identity management and access management components of a stack.
• Functional limitations:
• Lack of native support for SOA initiatives
• Weak audit capabilities
• Workflow is a proprietary implementation that is limited to identities and not a true workflow engine that can integrate with the rest of the enterprise
  
• Limited support for RBAC or it requires the purchase of an add-on module
• Federation is not integrated fully with access management
• Limited support for fine grained authorization and often requires the purchase of another product
• Integration is limited to use of APIs that only support Java and C/C++ 

OpenIAM Value Proposition

OpenIAM’s Identity and Access Management stack has been designed and developed from scratch to offer customers a cost effective, easy to use IAM solution.  OpenIAM provides customers with the following benefits:

• Comprehensive Identity and Access Management framework
• Enable sophisticated capabilities to adapt to security threats
• Control access to sensitive documents
• Monitor utilization of business services 
• Flexible audit solution to monitor events across the enterprise and meet regulatory mandates
• Improves Operational Efficiencies
• Improves End-User Productivity
• Permits incremental adoption and existence with existing technology investment
• Service architecture allows corporations to use as much or as little of OpenIAM as they desire
• Architecture allows integration and reuse of existing services
• Low total cost of ownership
  

Adopt incrementally

An important feature found in OpenIAM is the ability to use as much or as little of it as you want to. This is a direct result of its own Service Oriented Architecture (SOA).   Each of the core features in OpenIAM is available as a discrete service that is exposed through the Enterprise Service Bus (ESB). For example, Authentication is a service. Same is true for password management, authorization, audit and others.  This allows applications in the organization to make a choice between which services they want to use.  Since many organizations may already have an IDM system, OpenIAM can initially be used to augment missing features in these solutions.  This approach minimizes the scope and risk of a project for the end corporation as the two solutions can co-exist.  The diagram below shows how OpenIAM can be configured to make use of existing services that an organization may have already invested in.

SOA Security

As organizations are tasked with becoming more responsive to market demands, a large number of organizations are adopting SOA. This architectural philosophy will allow companies to reuse existing services and deliver new business services to customers faster.  As part of this adoption, there exists a new challenge in protecting this architecture. Not only do we now need to manage where internal users can go within the enterprise, but we also need to manage external users or partners that may be coming in through a trusted federation relationship.

OpenIAM  can help protect these SOA initiatives. The access manager provides the ability to implement federated relationships as well as protect these layers of the architecture – services, web applications, portals, etc.  These layers are protected using specs such as WS-Security, SAML, WS-Trust (security token service), and XACML (access control).

Simplified Integration

Identity management systems are often faced with integration challenges. These could be in the form of connected systems for provisioning and password management, or integration for authentication and authorization services.  OpenIAM’s standards based service architecture makes these forms of integration significantly easier than with proprietary solutions.   Customers can access these services, which are exposed through the ESB, regardless of the technology that is being used.

Another benefit offered by OpenIAM is the result of a stack that has been built internally from the ground up. All of the components of OpenIAM share a common infrastructure and common approach to how problems are addressed.  This common architecture eliminates integration issues or conflicts that our customers are forced to face when working with a vendor stack that is largely the result of acquisition.

Potential Cost Savings

In these increasingly challenging economic conditions, organizations are increasingly tasked to do more with less. OpenIAM offers a very significant cost savings to traditional IAM solutions while allowing you to adopt a platform that will grow with the business’s changing needs.  Recent customers have saved well over 50% in comparison to the current market leaders.
 

Conclusion

In these challenging economic conditions where IT resources are often constrained, OpenIAM provides a comprehensive identity and access management solution that can meet your current needs and adapt as the needs of the enterprise change.