In IT today, there’s a growing use of virtualization: using a virtual — rather than an actual — version of an IT device, system or resource.
Virtualization is commonly used for storage, networks and databases, but perhaps the most well known example is hardware virtualization used by Infrastructure-as-a-Service (IaaS) providers such as Amazon or Rackspace. These providers offer virtual servers that act like real servers.
With hardware virtualization, the virtualization software provides an abstraction layer that separates the operating system and applications running on the virtual machine from the underlying hardware. For example, the actual underlying hardware may be a 16-CPU server running Ubuntu Linux, but the virtual machines operating on that hardware could appear to be 4-CPU servers running Microsoft Windows. The virtualization software makes it seem as if you are using a real 4-CPU Windows server — and for all practical purposes you are — even though the underlying hardware doesn’t really have 4-CPUs and isn’t running Windows.
Because it’s such a powerful concept, virtualization is being applied to many other areas, including Identity and Access Management (IAM). With IAM virtualization, the functions required to manage identities and access controls — things like user management, application on-boarding, or self-service functions such as password resets — are abstracted from the underlying IAM infrastructure.
In a typical IT environment, the underlying IAM infrastructure is a hodgepodge of systems from multiple vendors controlling access to a rapidly expanding array of disparate resources, from legacy systems to cloud-based services. Each system has a different user interface and a different way of accomplishing the same task.
Performing what should be simple tasks such as adding or removing users in such an environment can actually be extremely difficult because of the multiple and wildly divergent workflows. Implementing and enforcing consistent security and password policies, and monitoring and auditing access can be difficult, time-consuming and error-prone processes.
IAM virtualization solves this problem by creating a virtual identity management environment that provides a single, consistent view of your IT infrastructure. It appears as one, fully-integrated and feature rich IAM solution controlling access to a homogeneous set of resources — regardless of the complexity or diversity of the actual underlying technologies.
It’s important to note that an IAM virtualization solution doesn’t replace your IAM infrastructure — you’ll still need IAM solutions from companies such as BeyondTrust, Brinqa, CA Technologies, CyberArk, Dell, ForgeRock, IBM, Lieberman Software, Microsoft, ObserveIT, Oracle, RSA, Saviynt and Securonix — but it does make managing these solutions far simpler and more efficient.
In the last few years, we’ve seen a few narrowly focused identity virtualization solutions appear in the market — specifically, virtual directory servers. These solutions provide an abstraction layer between applications, which need to authenticate users, and the underlying identity directories containing the users’ credentials. The applications see what appears to be a single directory server regardless of the number and variety of real directories that are being used.
While these solutions play an important role, they virtualize just one specific component of the larger IAM infrastructure — the directory server. IAM virtualization, on the other hand, is a broader concept that seeks to virtualize the functions used to manage your entire identity and access management infrastructure, providing a single, simplified and unified user interface for managing these diverse and complex systems.
Simeio is a pioneer of IAM virtualization, and in the next few weeks we’ll be announcing our IAM virtualization platform. Stay tuned!
Executive Vice President and Co-Founder