Educause Security Discussion mailing list archives
Re: IAM solution - cloud-based?
From: "Ben Singh (OculusIT)" <ben_singh () OCULUSIT COM>
Date: Wed, 26 Jun 2019 22:13:22 +0000
Jared, Do you have a DIA with redundant links that have different upstream providers? If not, if your non-redundant link is down, your cloud-IAM will be down for campus users and services that local datacenter services depend on it will also be down. 1. Get more than 99.9% uptime commitment from cloud-IAM providers. I would target 99.999% and back down to 99.99%. (The problem is that AWS or similarusually only commits to 99.9%.) 2. Make sure you have as much network redundancy as possible to AWS VPCs or similar. Just because it is an on-prem solution doesn’t mean it better from an availability standpoint. Risks for on-prem are datacenter (network (load balancers, firewalls, routers, switches), server, virtualization, OS, storage, etc) availability. Many legacy IAM vendors are quickly trying to rearchitect/rebuild their products from on-premise to multi-tenant cloud solutions. Generally, we would recommend a cloud-based IAM solution with some redundancy risk analysis. There are only a few exceptions where we have recommended an on-premise solution. Those exceptions include when a college is in a remote, poorly connected location with no network redundancy (such as a remote island). Please connect with me if you want a comparison or recommendation from our experiences with various vendors in this space. Ben Singh Higher Ed IT Architect OculusIT From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jared Evans Sent: Wednesday, June 26, 2019 2:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] IAM solution - cloud-based? Hello all, I am wondering if anyone has their Identity and Access Management instance running exclusively in the cloud. This is a critical piece of infrastructure maintaining the level of access users have to various resources. What has your experience been when there are Internet connectivity issues, either a full or partial outage? Is this a type of functional service that's better off being on-premises? -- [https://docs.google.com/uc?export=download&id=0B06ctamGLs2hSzVkWTREblhkS0E&revid=0B06ctamGLs2hcERDbFA5bHFLY01XU0VLV2Z0Z3VGR1dQY25ZPQ] Jared Evans Information Security Officer Gallaudet Technology Services Gallaudet University jared.evans () gallaudet edu<mailto:jared.evans () gallaudet edu>
Current thread:
- IAM solution - cloud-based? Jared Evans (Jun 26)
- Re: IAM solution - cloud-based? Mahmud Rahman (Jun 26)
- Re: IAM solution - cloud-based? Ben Singh (OculusIT) (Jun 26)