The challenge of planning an IAM strategy for multi-cloud environments to avoid risk

According to the Strata Identity and Forrester study, 78% of IT decision-makers said managing user identities between multiple clouds is the number one challenge.

The study found that the top driver for migrating to the cloud is the need to increase security and protect data – 70% of respondents said it is very important. Meanwhile, 28% of companies are using four or more public/private clouds today, but that is expected to more than double in two years to 65%.

“As cloud service providers improve their security and data protection offerings, decision-makers increasingly realize they can’t protect their firms’ data on-premises as well as they can in the cloud. But migrating existing IAM (identity and access management) tools and processes to multicloud IaaS, PaaS, and private clouds creates problems that firms must solve…” according to the Forrester study.

For example, nearly two-thirds of IT decision-makers said the complexity of their firm’s current IAM causes its employees to spend less time on innovation and impedes overall business agility.

“According to the Forrester study, firms can’t just lift-and-shift existing IAM tools from on-premises to the cloud,” said Eric Olden, CEO of Strata Identity. “Multi-cloud ecosystems are complex and create a broader attack vector, so companies must plan their IAM strategy carefully or risk leaving themselves vulnerable.”

The challenges of managing user identities

• 71% say managing many identities across a highly distributed environment is challenging or very challenging
• The most significant and commonly reported cloud IAM challenges are not having enough time and money (66%) and a lack of skills to support complex cloud-based IAM (62%)
• In addition, organizations struggle to manage and enforce consistent user policies (58%) and comply with changing regulations (56%), while lack of interoperability between IAM solutions and different clouds (48%), siloed identity user groups (40%), and rewriting apps to modernize or migrate to the cloud (39%) were other key concerns
• Before moving to the cloud, companies report facing significant hurdles that include rewriting apps to modernize or migrate (64%), integrating legacy on-premises systems and apps (62%), and deploying modern passwordless multi-factor authentication (62%)
• Among the top investment priorities for IT, decision-makers are deploying customer IAM (59%), implementing zero trust architecture (56%), and bolstering workforce identity to manage remote work threats (43%)
• The two top IAM cloud security practices employed by IT departments are IAM governance (65%) and IAM in the cloud (63%)
• Finally, 85% of respondents agree that having a low-code/no-code solution for IAM would allow an easier adoption of a zero trust posture, and three of the top requirements for cloud IAM cited by respondents were low-code tools that don’t require them to rewrite apps (60% said “very important”), automate IAM across multiple clouds (55%), and integrate cloud and on-premises identity platforms (43%)