By Greg Armanini, Vice President of Product Management, JumpCloud, shortlisted for Best Identity Access Management (IAM) / Single Sign-On (SSO) at The Cloud Security Awards 2023, Security Innovation of the Year (SMB) at The Cloud Awards 2022-2023, and Best Security Innovation In A SaaS Product (B2B, Small Business / SMB) at The SaaS Awards 2023.

IT organizations at small and medium-sized enterprises (SMEs) are experiencing a major shift in how they ensure corporate security, by re-thinking employee identity management and the devices they use. The old perimeter of offices, corporate networks, and corporate-issued devices has given way to digital nomads often working on personal devices. The result: all organizations today must transform what constitutes the core of employee identity.

Cloud transformation plays a significant role in shaping the “new” employee identity. By enabling access to SaaS applications as well as IaaS and PaaS infrastructure anywhere, it has introduced huge advantages outside the corporate perimeter with its speed and flexibility. Organizations must extend existing systems–and the identities associated with them–to maintain stability while leveraging innovation. Fortunately, there are modern solutions emerging that bridge these two worlds, both preventing ‘lock in’ and enabling transformation.

As cloud adoption continues to accelerate, for enterprises and SMEs, it marks a significant shift away from the IT environments that had been typical. For a long time, Microsoft’s Active Directory (AD) dominated IT in organizations of all sizes. With a strict physical perimeter drawn around a physical office, there was often a well-trained and well-paid IT team tasked with installing, configuring, and managing users and the IT resources they needed. Using AD as a central management system, IT teams could protect users’ Microsoft identity on Microsoft programs and Microsoft-run devices.

But as new applications, tools, and devices became available, new IT choices created new IT problems. IT admins, especially at SMEs, are looking for infrastructure and systems that best fit their individual, discrete needs in cloud-friendly environments. The need for flexibility in building an IT environment continues to grow at the same time that security threats are rising in frequency and sophistication.

As workforces remain in fully remote or hybrid models, the cloud transformation that made those work models possible in the short term introduced long-term challenges that are just now surfacing. In the face of increasing identity challenges and needs, IT teams must transform.

The Trouble with Tool Sprawl

With the pandemic, with little choice and time to adapt, admins rushed to meet the two critical requirements of connecting workers to what they need no matter where they were, and securing those connections no matter how complicated. Some admins extended AD environments with bolted-on solutions to fill the gaps where AD failed. Some were able to eliminate AD entirely and spin up without it, but found themselves facing unbelievable tool sprawl that lacked a connective layer to centralize IT operations or user identity.

Similar issues arose out of both environments:

  • Tool sprawl that created many vulnerabilities, leaving IT and security professionals struggling to mitigate data breach risk,
  • An out-of-control shadow IT environment, where users have created and stored identities everywhere, entirely invisible and unmanaged by IT, and
  • End users bypassing or ignoring best practices and using unsecure methods to create credentials and access resources

Organizations are finding that adding new solutions without simultaneously transforming IT operations and architecture simply isn’t viable for future growth. For SMEs, continued economic uncertainty puts pressure on IT spending. Such pressure creates holes where teams need secondary, bolt-on solutions to support the core business, but lack the budget and staff power to deploy. But no matter the macroeconomic circumstances, the need for a secure, centralized user identity will only increase in importance.

The Challenge of Constant Evolution

As organizations look to the future and evaluate paths to scale and grow, IT teams are understandably overwhelmed and unsure of how to secure and enable IT access in constantly evolving environments. The complicated patchwork of solutions that organizations rely on for user access to apps, tools, and information has left many organizations acknowledging the need for three things: less friction, lower costs, and more simplicity.

Workforces are looking for ways to support and accelerate the benefits of cloud transformation. Many are constrained by a user identity patchwork that limits productivity, frustrates both admins and users, and leaves organizations susceptible to rising security attacks. Modern operational and security requirements demand a better model of identity management.

The Role of Identity Transformation

A worker’s identity determines the processes, technologies, and workflows they need to do their job, the resources they can access, rights and permission within a given resource, and the ways they can access resources (which networks, specified devices, etc.). That identity represents the accounts they use to access applications and systems, the devices they are issued or have been permitted to complete their work, and any keys they may need to connect to internal servers or environments. Identity transformation and an independent identity layer as an IT foundation that empowers a single identity to securely connect to all their IT resources, regardless of where that identity originates, or how it authenticates.

Here are three considerations for identity transformation in your IT stack and your workplace:
01. Start with your core management system

A core management platform should be flexible and able to integrate both legacy and modern resources without breaking budgets. Organizations, especially budget-constrained SMEs, should first evaluate what functionalities are needed to secure IT access (ex: SSO, MFA, device management, access management, etc.), then seek out a core management platform that can centralize identity for all. The needs of a 2–person design shop will look different than a 1000-seat gaming platform, but a core management system that can anticipate scaling and growth will future proof organizations to secure resources today and keep them protected tomorrow.

02.Evaluate the rest of your stack

The central promise of identity transformation is its flexibility in supporting any operating system, software, SaaS application, collaboration suite, cloud infrastructure platform, etc. With such flexibility, a core directory doesn’t mandate processes and adjacencies; instead it allows IT teams to make choices on how they work about how they support employees’ needs. An IT audit, coupled with soliciting feedback from workers as to their essential needs and pain points, will allow you to centralize identity across the apps and solutions that your workplace needs and actually uses, rather than extending legacy solutions that aren’t built for cloud-forward environments.

03. Shift your thinking to the long-term

For IT departments that often spend their days responding to needs and crises of the day, identity transformation means shifting your planning to a longer view, evaluating urgent IT needs while simultaneously looking at how (and if) those needs might change down the road. Some departments will find that identity transformation can best be managed by managed service partners (MSPs), equipped as they are to update and deploy best security solutions. For those who will manage identity internally, ensure that you introduce ease-of-use into your core management system so that integrations with critical partners are simple to manage and maintain.

The pace of innovation continues to accelerate. While no one can fully predict coming challenges and opportunities, organizations that seek identity transformation today will be positioned to weather the change. Acting now minimizes friction, lowers cost, and offers simplicity for employees and the admins that manage them. Embracing identity transformation also means building a model that can outpace competitors and deliver significant business and technological gains.