Identity-as-a-Service (IDaaS). What is it?

We are already familiar with many terms in the world of cloud technologies, such as Platform as a Service (PaaS), Software as a Service (SaaS), Infrastructure as a Service (IaaS). The last to join this list was the phrase “Identification as a Service” (IDaaS).

First, why do we need IDaaS? More and more companies associate their development with cloud technologies, so they need to find a balance between identification in the cloud and on-premises, not to mention how to manage it. IDaas is designed to solve this problem.

In addition, IDaaS can have a positive effect on reducing the cost of IAM (Access Control Solutions) solutions. And that's not all. IAMs are all over the place with complexities, both in terms of business and technology. For example, the concept of Bring Your Own Device (BYOD) comes around the world. According to this concept, users can enter the enterprise network around the world from any personal device, such as a laptop, tablet or smartphone. Obviously, this causes a lot of controversy about security and access control.

Many services in companies, such as administrative, security and audit services, are trying to create their own security solutions in order to reduce financial costs. But these solutions are not so effective due to poor management and control over them, which makes it possible for unauthorized intruders to enter the organization’s network.

Several public incidents are already known in the world, which entailed losses of tens and hundreds of thousands of dollars, as well as large reputation losses. As an example, we can cite the case of Dropbox, an employee of which used a password to enter the internal system of the company, with which he previously logged in to LinkedIN. The password for the account was obtained by cybercriminals and used to log into Dropbox. It is estimated that they took possession of more than 68 million employee accounts and all of them were sold on the black market. So, in 2016 it turned out that all these Dropbox accounts were posted on the Internet.

This case shows how managing employee credentials can protect company assets from hacking. So, since 2012, cloud technologies have been growing at a significant pace, thereby bringing to the forefront the protection and management of credentials.

All of these aspects together have led to the emergence of the IDaaS platform. A number of companies have already successfully used this model and it has positively proven itself, as it adds another layer of protection for user credentials, and also helps with compliance with regulatory requirements. As security requirements are constantly growing due to increasing hacker attacks, IDaaS can significantly help those teams of specialists who are currently working on network security, as IDaaS meets most security standards.

From the point of view of the service provider, this functionality is basic for any IDaaS platform. The supplier of such a platform must constantly innovate in order to increase the attractiveness of the service for customers. In addition, these solutions must support cross-platform authentication, such as portable biometric sensors, to be truly needed by customers.

It is interesting to observe the development of IDaaS platforms in the next few years. This trend is only emerging.