IAM for midmarket companies
Spoiled for Choice
Up to now, identity and access management (IAM) has mainly been the domain of larger organizations, but it is important for organizations of all sizes to manage digital identities (not only of their employees) and their access authorizations in an efficient and effective way. However, a chronic shortage of personnel in the midmarket makes it crucial to define their own IAM requirements precisely and select the right providers.
IAM has the reputation of being complex; this opinion is sometimes justified, but by no means always true. This rumored, presumed, or perceived complexity, together with what are typically small IT teams in the midmarket, often make organizations reluctant to venture into the discussion. However, IAM is important for many reasons: security; regulatory compliance; more efficient processes for employees, business partners, and customers; simple yet secure access to systems and applications; and, last but not least, administrative efficiency.
The popular definition of the midmarket includes medium-sized companies with 51 to 1,000 employees and larger medium-sized companies with 1,001 to 10,000 employees. In the larger midmarket, genuine IAM infrastructures are very often already in place for managing users and access authorizations (IGA, identity governance and administration), for access control (access management with authentication and identity federation), and in some cases, for monitoring and controlling access by highly privileged users (PAM, privileged access management).
Smaller companies, on the other hand, often have only technical administration tools, for example, the Quest Active Roles server for Microsoft Active Directory (AD). IT managers then tend to manage permissions in applications interlocked with Active Directory in AD groups while managing other applications manually. Sometimes specialized solutions for business applications show up, like SAP (e.g., SAP Access Control).
...Buy this article as PDF
(incl. VAT)