Channeling the Cloud

Microsoft, Others Eyeing Cloud-Based ID Management

The burgeoning "ID Management as a Service" market represents an important opportunity for IT solutions providers.

• By Jeffrey Schwartz
• October 28, 2015

The numerous shops running Windows Server and Exchange have relied on Active Directory to manage employee credentials and access control for well more than a decade, but managing authentication is becoming more complex.

It's becoming increasingly common for employees to use their personal devices and systems for work-related purposes. Likewise, the proliferation of cloud storage and Software-as-a-Service (SaaS) applications is taking a good amount of control from businesses and creating huge risks from a security and data loss perspective. The need to make it easier to manage end-user systems is why managed services providers (MSPs) delivering remote monitoring and management services are thriving.

For those who don't want to use MSPs, the market for enterprise mobility management (EMM) is flourishing, too, but it is also consolidating. VMware snapped up AirWatch last year for $1.54 billion, IBM bought Fiberlink and BlackBerry added to its own mobile device management (MDM) offerings last month by acquiring Good Technology.

All of these companies see a huge opportunity in managing mobile devices, and many see federated identity management as core to ensuring that access to all systems can be granted and revoked in a unified and simple way.

That's why Microsoft COO Kevin Turner at the recent Worldwide Partner Conference in Orlando identified the company's own Enterprise Mobility Suite (which includes Azure Active Directory [or Azure AD], Intune and Azure Rights Management) as one of its next $1 billion products. Active Directory is used by 90 percent of enterprises to manage access controls and authentication to networks. Successfully bringing Active Directory from on-premises Windows Servers and Exchange over to Azure AD is a priority for Microsoft. Though Azure AD is the underlying directory for Office 365, keeping all those user identities in the Microsoft platform isn't a slam dunk, as reported in the October 2015 cover story in sister publication Redmond magazine.

The new VMware Identity Manager is now coming to AirWatch, and a slew of Identity Management-as-a-Service (IDMaaS) vendors believe they have offerings that can be a better source of single sign-on than Azure AD, either by overlaying it or, in a handful of cases, supplanting it.

The market for EMM and IDMaaS is still relatively young. There are still many IDMaaS providers including Centrify, Okta, OneLogin, Ping Identity and Sailpoint that tout their independence from the larger players. Most predict there'll be a shakeout. Just as some MDM vendors have added IDMaaS capabilities, IDMaaS providers are adding MDM features. Microsoft argues that with its EMS service -- and Azure AD Premium in particular -- organizations shouldn't need any of those solutions.

There are 14 million EMS customers as of July, for which most subscriptions were sold directly to large enterprises, according to Alex Simmons, Microsoft's senior director for Active Directory. But Simmons said Microsoft opened up distribution to partners in April, though the feature-set of EMS is still targeted at organizations with at least 500 employees.

Whether you favor Microsoft's EMS or third-party alternatives for your clients, IDMaaS represents an important opportunity for IT solutions providers.

More Columns by Jeff Schwartz:

• Enterprise Mobility Suite Emerges as Microsoft's 'Hottest' Product
• With Azure Stack, Microsoft Tries To Correct What Cloud OS Got Wrong
• Column Archive