Single Sign-On SSO Post ImageSingle Sign-On (SSO) has been on top of every technology executive’s to-do list for last five years. As IT professionals, we need to understand that this SSO to-do represents solving a problem that goes beyond something that a SSO solution can fix. The SSO initiative represents the need for IT to implement operational rigger and governance processes that ensure no one-off identity or non-integrated systems exist. These processes are then combined with a robust identity technology product suite to create what we refer to as an enterprise identity service. This service enables seamless identity integration with new and legacy tools, cloud platforms, and applications.

A majority of technology leaders share a similar vision of their identity services’ ideal state. However, for most IT groups this ideal operating state is far from reality. The majority of organizations I’ve worked with know and fear the risk of what identity management represents. A lack of governance and future-proof identity management technology combined with shadow IT, one-off vendor solutions, and cloud technologies have created a state of true emergency. In fact, we’ve been sounding the alarm for so long that we’ve become numb to it. Instead of making dramatic changes, we are accepting this as how it’s always been done, and every so often attempting to throw the latest identity technology at the problem hoping it will reduce some of the risk. This is where the SSO to-do comes from.

As someone who’s been driving large Amazon Web Services projects for the last five years, I tend to look to how AWS has solved the problem to give me some inclination on what the enterprise needs to do. AWS is actively reinventing how IT services are consumed and have not accepted the status quo as the way to do things. They’ve avoided problems with identity management by ensuring that a well-architected identity service is at the foundation of their platform. All AWS services such as databases, virtual machines, data warehousing, and business applications are integrated with their SaaS-based identity services called Identity and Access Management (IAM). Multi-factor authentication, certificates, and single sign-on web portals are standard and consumable identity features, which is where on-premise must get to now. Fortunately, both major public cloud providers AWS and Azure also realize this and are making their services available in hybrid-cloud scenarios.

What does this mean for IT? It means the solution to our identity problem is straight forward. Enterprises must implement identity management services from Azure and AWS, ensure that all new technologies know and utilize these services, and then systematically integrate all existing applications with this new platform.

For IT groups to shift to New IT, the dirty laundry of identity cannot be shoved to the side and ignored anymore. Instead, IT needs to utilize new cloud-based identity services and remove the heavily lifting associated with on-boarding and integrated legacy platforms with the new ideal state. If we don’t deal with this problem head on, we will fail to advance how IT operates and continue to see countless IT security breaches via identity governance failures.