The COVID-19 crisis has fueled a global shift to a remote work model, which has created myriad challenges and security concerns for enterprises. CSOs and those charged with cybersecurity are particularly concerned with the who, what, when, why and where of access.
Elements that have become more complex to manage due to work-from-home policies and a distributed workforce that now leverage remote access, as well as cloud services to do their jobs. Even more troubling is the simple realization that a misstep in any of those elements can lead to severe consequences.
Atlanta-based Simeio aims to take the angst out of managing the elements of identity and access with the company’s IAM (Identity and Access Management) solution, which promises to make identity governance and access management a manageable chore across the enterprise.
A closer look at Simeio Identity Orchestrator (Simeio IO)
Simeio offers an IAM as a service, which greatly simplifies deployment and works natively across multiple clouds, networks, applications and identity technologies. The service incorporates access management and federation, identity governance and privileged access management into a unified, centrally managed offering, which runs on its Simeio Identity Orchestration (IO) Platform. The idea behind identity orchestration is to reduce the inherent complexity of integrating various IAM solutions by transforming it into a microservice, which can then be integrated across multiple applications, platforms and clouds.
Offering identity orchestration as a service brings forth several benefits, including centralized management, a unified management console, along with a central repository for all of the elements contained within identities and the associated entitlements. The service model also makes it easier to scale as well as integrate across multiple platforms.
Hands on with Simeio Identity Orchestrator
Simeio Identity Orchestrator is a multifaceted service that is designed to make identity management and the associated privilege management simple for both end users and administrators. The end user portion of the service takes the form of the Simeio IO portal, where a user logs in; the portal then provides the user with a catalog of applications and services available to that user.
The Simeio IO portal approach brings a unified end-user experience to those logging in and offers the same experience across different devices and different locations. For example, a user may log in via the Simeio IO portal while on site using a corporate PC, or the user may log in remotely using a tablet or other device. Ultimately the experience is consistent for the end user, helping to reduce help desk calls, training needs and other activities that may sap productivity.
[To see a larger version of this image, click on “Open in New Window.”]
The Simeio IO portal is browser-based and does a great deal more than just provide access to authorized applications. For example, if the user needs access to a new application, they are able to select that application from the catalog presented and then put in a request for access. That methodology helps to maintain a zero-trust environment, where when new users are provisioned, they have to request access to applications before being able to use those applications.
Policies can add automated functions
Numerous policies can be defined behind the scenes that dictate the process. Administrators can define a policy to automatically grant a new user access to certain things or even embed some logic that can be used to define access, based upon numerous criteria. The overall idea is to make it as simple as possible for end users, without reducing security, or granting excessive rights. Simply put, it gives administrators full control over the entitlements given to the user; administrators can further define policies to have granular control over the user’s ability to access applications.
The Simeio IO portal is fully customizable, allowing administrators to define the look and feel of the portal. Simeio provides a no-code tool set, which allows administrators to build forms for the portal and fully control the end-user experience. Links and other elements can be embedded in the portal as well. For most businesses, the portal solves the problem of users having to log into multiple applications or multiple sites, or maintain multiple passwords. Multi-Factor Authentication (MFA) can also be integrated into the portal logon process to provide an extra layer of account security.
Although making things secure and easy for the end user proves to be very important for a distributed workforce, the real power of identity orchestration comes in the form of being able to securely manage identities and access from a central control plane and then be able to apply consistent, customizable policies to those accounts that span multiple identity application services and silos. It is a capability that proves quite handy for organizations that work with contractors, external business partners, or even temporary workers. The IO platform enables administrators to create conditional accounts, which can be time-constrained or limited in a number of ways.
Simeio’s ‘app store’
It is worth noting that Simeio IO offers an experience similar to an app store, to which many end users have come accustomed on their smartphones or tablets. The ersatz app store offers a catalog of applications from which the user can choose to request access. Although no one has to be forced to use the app store analog, it seems to be a familiar way for users to request access to an application, which then executes the appropriate workflow behind the scenes to move the request for access along.
The workflow can drive the approval process for administrators. For example, if a user requests access to an application, the workflow can be used to assign an administrator and then surface the request to that administrator, where they can approve or deny the request. Administrators can perform approvals using a smartphone app (if desired) or via the management console. It is also important to note that the platform saves the metadata associated with account actions, provisioning and other requests. That proves valuable for organizations constrained by compliance requirements, especially when it comes to auditing and reporting.
Of course, workflows, application catalogs, user accounts, rights and other actions must be defined somewhere–and that all happens on the back end of the platform, where management consoles are used to define policies and set up the various integrations to applications and identity stores.
[To see a larger version of this image, click on “Open in New Window.”]
Plenty of dashboards available
Simeio IO offers numerous management and analytics dashboards, which prove critical for tracking end user facing aspects, such as login performance, top application usage, login successes and failures, as well as application integration into the platform. There are also numerous reports available for a variety of different use cases, which will come in for compliance reporting.
As a cloud-based service, Simeio IO offers integration with the leading application platforms and supports multi-vendor IAM, IGA and PAM environments. The integration layer used by Simeio IO provides a single view of multiple services for the user base, with common and consistent screens and interfaces.
Simeio IO also handles identity synchronization and identity governance across multiple applications, making access seamless for the end user and centralizing management for the administrator. Administrators have a great deal of flexibility when it comes to defining back-end communications between Simeio IO and the target systems / application servers. Connection information is present on a dashboard and includes all needed details, such as IP addresses, ports, LDAP configuration, Data Store types, OAuth server details and any service provider or identity provider information related to the connection.
Simeio Identity Orchestrator takes the pain out of managing identities and entitlements across on premise, legacy, cloud applications, IaaS and PaaS from different providers. As a cloud-based service, deployment proves straight forward, not requiring any specialized hardware. What’s more, Simeio IO unifies identity across various platforms, making identity, entitlements and policies much easier to manage and audit.
For end users, the ease of use provided by the Simeio IO platform should make it much easier to access applications, while also offering a simple way to request access to new applications, reset passwords, and determine what can be accessed. Simeio IO is a step in the right direction for those looking to simplify the complexities of IAM and entitlements, as well as meet some of the audit needs for compliance.
Frank Ohlhorst is a veteran IT product reviewer and analyst who has been an eWEEK regular for many years.