2021-11-27T00:35:00Z
Ram Chenna - PeerSpot reviewer
Enterprise Architect at Blueray Digital Services
  • 13
  • 180

Looking for an Identity and Access Management product for an energy and utility organization

Hello everyone,

We are working with an retail client based in the US.

Our suite of applications is Bespoke applications built on Microsoft Stack (.NET, MVC, ASP.NET, .NET core, SQL Server, .NET CORE RESTful services, etc).

We integrate with a host of external vendor products such as Payment Gateway, eKYC vendors, third-party Aggregators, etc.

We are looking to explore an IAM product tool that fits well within our technology landscape.

Primarily, we would have internal employees authenticating and connecting to a host of applications from the Internet and as well as external vendors, partners also connecting to it.

Currently, we have suggested having an external Domain Controller for external users and a separate Domain Controller - for internal users. This way we can have more granular governance, access, and security policies for external and internal users.

In the future, we might expose the authentication using social media as well (such as GMAIL, LI, FB, etc) for guest users.

Please share your advice about an IAM product/solution that fits our requirements and within the Microsoft Technology stack and landscape.

13
PeerSpot user
13 Answers
Ram Chenna - PeerSpot reviewer
Enterprise Architect at Blueray Digital Services
Real User
Top 5Leaderboard
2022-02-21T05:19:32Z
Feb 21, 2022

So after a lot of deliberation, discussion. This is how the product selection unfolded


1. Gathering the requirements in details (current and future needs) taking into account other non-functional requirements, of Security, Privacy, Extensibility, Performance etc.


2. Researched a lot of production (COTs) as well as Hybrid Solutions (Bespoke as well).


3. Looked at Cloud Aware Solutions in AWS, GCP, AZURE etc.


4. Had meetings with COTs vendors and technical discussions, demos


5. Proof of Concept created with Shortlisted vendors.


6. Measured the outcome, came out with a scoring against all the CSF points. 


7. Ideated and Shortlisted the solution offered by the vendor.


8. Discussing the commercials was not an easy activity and the licensing model.


9. Worked on the ROI and then the final solution was sending out the PO and getting the product delivered, installed and configured.


10. Training and Support post sales.


11. Successfully implemented the solution and now setting up the dashboard

Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
Feb 21, 2022

@Ram Chenna thanks for your feedback about the buying process journey! 
It is worth creating your own article sharing it with other peers so they can learn from your experience.

Can you please create such an article for the community?

Thanks!

PeerSpot user
Search for a product comparison in Identity Management (IM)
Emil Gitman - PeerSpot reviewer
Sr. Manager, PAM DevOps & Automation at Herjavec Group
MSP
2021-12-17T15:54:25Z
Dec 17, 2021

Hello Ram. 


As additional information is required, you can PM me. So I will be able to forward you to the right contact.

Dhiraj Verma - PeerSpot reviewer
Global Information Technology Manager at Kaleyra
Real User
Top 5
2021-12-01T06:31:24Z
Dec 1, 2021

You can also look at the https://www.ubisecure.com/ . They have excellent features when it comes to managing external identities. 


Also, a wide variety of APIs available for integration. 

Ram Chenna - PeerSpot reviewer
Enterprise Architect at Blueray Digital Services
Real User
Top 5Leaderboard
Feb 21, 2022

Thanks so much Dhiraj. Quite helpful while we were researching for a COTs solution.

PeerSpot user
Umair Akhlaque - PeerSpot reviewer
Enterprise Solutions & Services Head at Duroob Technologies
Real User
Top 10
2021-12-01T03:07:49Z
Dec 1, 2021

Symantec Security suite (previously) called CA Identity Suite is a good IAM solution. The product is very stable and customizable. Plus it has a complete portfolio that includes security features for a customer. 


PLA licenses enable customers to use all product lines without extra charge. 


In case you need any assistance or Proof of value more than happy to assist. 

Ram Chenna - PeerSpot reviewer
Enterprise Architect at Blueray Digital Services
Real User
Top 5Leaderboard
Feb 21, 2022

hi Umair, this was our first choice by leaders and most of our CSF were measured against Symantec Identity Suite

PeerSpot user
JL
VP & GM - Identity Business Unit at Entrust (Europe)
Vendor
2021-11-30T19:57:18Z
Nov 30, 2021

Entrust has a portfolio of Identity solutions that address the apps above: on-prem or cloud-based options and support for external ID such as Google or FB.

Jay Bretzmann - PeerSpot reviewer
Reseach Director, Cybersecurity - Industry Analyst at IDC
Real User
Top 5
2021-11-30T18:55:39Z
Nov 30, 2021

The internal/external domain controller approach could be the right way to go. The internal must already be in place, right?  Microsoft Active Directory (hopefully migrating to Azure Active Directory). Microsoft is the clear market share leader for identity systems so I recommend you start there and figure out why AD/AAD wouldn't work externally.


The downside to two domains is just that; you're identity teams are going to have to master two software stacks.  Granularity and controls sound great, but have you ever tried to create them yet?  Do an internal exercise that would define your access policies and give that list to a shortlist of vendors as an RFP challenge.

Ram Chenna - PeerSpot reviewer
Enterprise Architect at Blueray Digital Services
Real User
Top 5Leaderboard
Feb 21, 2022

hi Jay, agree to the point.

PeerSpot user
Learn what your peers think about Oracle Identity Governance. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
656,862 professionals have used our research since 2012.
Michel Timp - PeerSpot reviewer
Enterprise Architect | Founder Timp-iT at Timp-iT
Real User
Top 5
2021-11-30T14:06:37Z
Nov 30, 2021

Please check the following IAM solutions:


Okta: Okta | Identity for the internet


Hello ID: HelloID - Cloud: Identity: Access

Ram Chenna - PeerSpot reviewer
Enterprise Architect at Blueray Digital Services
Real User
Top 5Leaderboard
Feb 21, 2022

hi Michel, Okta was added to the research and good choice as well

PeerSpot user
DM
Identity Management Consultant at IdentityMD
User
2021-11-30T13:51:04Z
Nov 30, 2021

Hey Rama, it looks like you are looking for an Access Management solution. 


From my experience, since you are heavily invested in Microsoft, it may be the best solution. It tends to be a bit more complex but adding another vendor would also increase the complexity. Best practice would have you maintain separate directories for employees and customers.


Admittedly, I am biased towards SailPoint. It provides the Governance that you need as a Utility by increasing your visibility and centralized management of your users. I just do not see a similar product today that has the IGA capabilities that you need as well as the integration capabilities to support solutions like Microsoft. The two companies work closely together on the integration


As Occam's razor says - other things equal, explanations that posit fewer entities, or fewer kinds of entities, are to be preferred to explanations that posit more. Pick two market leaders and off you go!

Matt Thomson - PeerSpot reviewer
Principal Consultant at UNIFY Solutions
Consultant
Top 5Leaderboard
2021-11-30T06:25:44Z
Nov 30, 2021

@Ram Chenna ​ Sounds like there is a lot of things at play here. 


I would suggest reaching out to a trusted IAM service integrator and you need to get your requirements detailed and prioritized. There are all sorts of options from looking inside the Microsoft Stack at Azure IGA although it isn't as mature as some of the market-leading products like SailPoint, One Identity and Saviynt. 


These products cover the depth of full IGA implementations and help you improve your security controls around access and identity management. We normally spend about 20 days working through client requirements before being able to suggest a specific solution. We recently helped a company in the Australian energy sector leverage a Sailpoint implementation for their internal workforce while assisting them with an Azure B2C/B2B implementation for their external userspace

John Johny Restrepo Hernández - PeerSpot reviewer
Solutions Architect at Controles Empresariales
User
Top 5
2021-11-30T00:44:14Z
Nov 30, 2021

Of course, to have the best Identity and Access Management solution it is recommended to extend the on-premises identities in the Active Directory Domain Services and replicate them to the cloud with the Azure AD. 


There you can integrate all the identities with modern protocols, Single Sign-On, Conditional Access, Multifactor Authentication and Self Service Password Reset.

Also, to register and unsubscribe users based on membership or membership in security groups. This may be authorized by a member or owner of the process or application - all done automatically.

JS
Content Specialist at Bora
Vendor
2021-11-29T14:33:41Z
Nov 29, 2021

@Ram Chenna ​Hi Ram! I would suggest that this is a great place to start https://cpl.thalesgroup.com/si...  


rtechenthusiast85 - PeerSpot reviewer
Search Engine Optimization Specialist at LoginRadius
Vendor
Top 10
2022-05-19T06:39:53Z
May 19, 2022

LoginRadius is a competitive price cloud-based SaaS Consumer Identity Access Management software. 


Scalability, user management, privacy compliances, data and user security, account security, and privacy compliances are all included.


The LoginRadius CIAM in the utility sector gives solutions in the following manner. 


->It enables one digital identity across all consumer services


->It centralizes and secures data


->It integrates data and identity with third-party applications


With hackers getting smarter every day, companies need to follow tough standards like the GDPR and CCPA, especially if the said companies fall into the utilities sector. This is because such businesses frequently deal with large amounts of user data.

Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
2021-11-29T04:14:46Z
Nov 29, 2021

Hi @Amimesh Anand, @Matt Thomson, @Alfredo Silva ​and @Chris Derjany.


Can you please chime in into this discussion and share your professional opinion?

Ram Chenna - PeerSpot reviewer
Enterprise Architect at Blueray Digital Services
Real User
Top 5Leaderboard
Nov 29, 2021

@Evgeny Belenky Thanks so much

PeerSpot user
Related Questions
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 10, 2022
Hi infosec professionals, Based on this article, a few days ago "Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials". What could be done better to prevent this from happening in the future? Which tools, techniques and solutions could help to a...
See 1 answer
Ladislav Nyiri - PeerSpot reviewer
IDM Engineer at a tech services company with 51-200 employees
Aug 10, 2022
In case of sophisticated social engineering attack designed to steal employee credentials there is a need to pay attention regarding education of employee first and if not already in place apply Zero Trust approach by implementing OTP and using it as mandatory for all employees. Any technical solution is not good enough to avoid willing leak of employee credentials by themself.
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 13, 2022
Hi security professionals, Can you please clarify the definition of the Zero Trust vs Least Privileged model? How are they different? In which cases you'd use each of them? Please share an example. Thanks for sharing your knowledge!
2 out of 3 answers
OK
Consultant at Astra Graphia Information Technology
Jul 12, 2022
Least Privilege is about giving the least privilege (role and privilege) as required by the user, while Zero Trust completely eliminates trust at a whole level, whether internal or external.  Zero Trust sample is MFA, where you would need to validate your access credentials (e.g., through biometrics).
Adewale Oluwaseyi - PeerSpot reviewer
Technical Lead at Freelance Consultant
Jul 12, 2022
Least privilege access is used to provide access needed to perform a role or action, which is good, while Zero trust completely assumes every attempt as a possible compromise and treats it as such.  If something with the least privilege access tries to access any resource in an environment where Zero Trust is implemented, Zero trust will still take precedence.
Related Articles
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Dec 16, 2021
Does access control terminology puzzle you? Many people often mistake PIM, PAM, and IAM – privileged identity management, privileged access management, and identity and access management. Oftentimes, they also believe that privileged access management (PAM) and privileged account management (also PAM) are interchangeable terms – which is not entirely true. To shed some light on this topic, in...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Dec 11, 2021
                                What is Privileged Account Management (PAM)? Privileged account management can be defined as managing and auditing account and data access by privileged users. A privileged user is someone who has administrative access to critical systems. For instance, anyone who can set up and delete user accounts and roles on your Oracle database is a privileged user. Lik...
Abhirup Sarkar - PeerSpot reviewer
Director, Middle East, East India & SAARC at DMX Technologies
Dec 8, 2021
Zero Trust is a set of techniques to secure end-to-end IT network infrastructure. Given the complexity of today’s networks, Zero Trust security principles continue to evolve and adapt to current demands. As indicated by the history of Zero Trust, an evolving IT security landscape was what had eventually led to this concept. And right from the start, the end goal was to ensure a strong and resi...
Moderator
davidstrom - PeerSpot reviewer
Owner at David Strom Inc.
Related Articles
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Dec 16, 2021
Defining PIM, PAM and IAM
Does access control terminology puzzle you? Many people often mistake PIM, PAM, and IAM – privi...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Dec 11, 2021
What is Privileged Account Management (PAM) and How Does It Work?
                                What is Privileged Account Management (PAM)? Privileged accoun...
Download Free Report
Download our free Oracle Identity Governance Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
656,862 professionals have used our research since 2012.