Why CIOs are embracing SaaS ID management

Single sign-on software, which federates access to corporate applications, is helping CIOs meet their goal of making employees more efficient without sacrificing security.

id management

Adopting single sign-on software to federate access to corporate applications is a key priority for many CIOs seeking to make employees more efficient without sacrificing security.

Experian has consolidated identity management with a single cloud application, laying the foundation for a hybrid cloud computing model that supports its credit scoring software. The company has standardized on software from startup Okta, which has quickly become a favorite among CIOs seeking to gain efficiencies in anything from adopting cloud and mobile services to onboarding employees.

Experian CIO Barry Libenson.

Experian CIO Barry Libenson.

Experian CIO Barry Libenson says introducing a single identity management software was a great chance to bring structure to an organization with a decentralized IT profile. "The biggest opportunity I saw was to get everybody moving in the same direction,” Libenson tells CIO.com.

Bridging the cloud and on-premises gap

ID management provides the digital handshake that allows employees to securely access corporate applications from computers and mobile devices with a single password, an activity known as single sign-on. It’s a critical function for CIOs, who can use the technology to grant and restrict employee access to digital services and bridge the gap between on-premises and cloud applications, an essential task in hybrid clouds.

[ Related: ERP heads for the cloud ]

Libenson began planning for such a hybrid cloud environment after moving to Experian in 2015 after a CIO stint at Safeway in 2015. Libenson quickly learned that the company had been relying on a mixed bag of Oracle ID management and homegrown tools accrued from several acquisitions, a scenario that proved inefficient and clunky. "We desperately needed a platform like this for our strategy," Libenson says.

Shelving several legacy ID management products with one single sign-on tool is a common business case for Okta, as well as rival solutions from Centrify, OneLogIn and Ping Identity, says Gartner analyst Gregg Kreizman. Such solutions also compensate for companies' inability to retain skilled IT workers schooled in traditional ID management.  

In 2016, Experian CTO Joe Manna began testing Okta for a mobile app that enables consumers to access their credit reports. Manna told Libenson both the software and company were great to work with so Libenson instructed his staff to use Okta to manage Experian identities worldwide across cloud, on-premises and mobile applications, including authentication into its core Oracle ERP system.

[ Related: The perils of single sign-on ]

Okta forms the ID lynchpin for a hybrid cloud that allows Experian to run software on-premises using VMware virtualization software, with the capability to burst out to Amazon Web Services' cloud. This model allows Experian to harness more computing capacity while retaining the sensitive financial history from citizens spread across 19 countries.

Experian has largely completed internal deployment of Okta and has begun expanding it to product development, where the software protects employees connections to AWS.

If Experian needs to federate employee identities to a new service, it can do so within minutes. "Their cloud model, their open API model, all of the different interfaces they have to so many different platforms made it attractive to us," Libenson says. "And the developers love it."

Okta, which is valued at about $1.2 billion and is reportedly preparing for an IPO, is the best-known vendor in a growing market for identity management-as-a-service, which Gartner says will comprise 40 percent of identity and access management purchases by 2020, up from 20 percent in 2016.

The Okta effect

CIOs of several other large enterprise have also become smitten with Okta.

Broadcom CIO Andy Nallappa.

Broadcom CIO Andy Nallappa.

Broadcom CIO Andy Nallappan first implemented Okta in 2012 while serving as the CIO of Avago Technologies. Nallappan, who became CIO of Broadcom after Avago acquired the chipmaker last year, says Okta provides a single gate with which employees may log into, which also makes his life easier when the company needs to add or subtract employees. “When people leave it makes it easier to close the gate,” Nallappan says.

Nallappan says that adopting cloud services, including Google Apps, Box, ServiceNow and Workday, have helped lower Broadcom’s cost structure and enables IT to focus on the business strategy. “It liberates us to get closer to the core, which is designing chips,” says Nallappan.

Mark Settle, who had used Okta in prior CIO roles at IHS and BMC Software, believes in the company so much that he agreed to become Okta's first CIO this summer. He told CIO.com last month that he views his role as providing "adult supervision" to a growing organization whose 800-plus employees have subscribed to more than 150 SaaS applications without the IT department’s help or blessing.

Copyright © 2016 IDG Communications, Inc.

Download CIO's Roadmap Report: 5G in the Enterprise