3 Reasons for Choosing Cloud-first Identity for Hybrid Environments

In order to stay competitive and reduce costs, smart enterprises are constantly on the hunt for disruptive ways to leverage technology. They’re moving towards hybrid IT environments because they recognize the benefits of faster implementations and high cost savings that come with moving from on-premises to cloud-based applications and infrastructure.

  • Published: 11-05-2022

  • Related Category: IAM - Identity Access Management

  • Type of Content: Articles

  • Owner: Okta

Not all hybrid identity solutions are the same

Although many businesses are in the process of moving as much as they can to the cloud, IDC estimates that 70% of large enterprise workloads still run in on-premises data centers. The popularity of best-of-breed apps (such as Office 365, Salesforce, Slack, and so on), paired with the reality of on-prem systems that aren’t going away any time soon, contribute to complex hybrid IT environments that are challenging to secure.

Thankfully, there are powerful identity and access management (IAM) solutions that can help IT and security teams protect both Software-as-a-Service (SaaS) and on-prem resources. That said, choosing such a crucial platform for your business can be difficult since there are many requirements, considerations, and variations to evaluate. One key way to differentiate hybrid access providers is to understand their origins—did they start out building a cloud-born platform and then extend its modern innovations to the on-prem world, or did they first focus on on-prem needs and later attempt to adapt that platform in light of growing demand for cloud IAM? As we’ll explore below, this is no minor distinction, which is why cloud-led approaches win out time and time again in almost every technology category.

Just because your top leadership says they want to embrace this cloud journey, that doesn’t mean you can rip out critical on-prem systems, like Oracle e-Business Suite or SAP, right away. It’s more important to avoid adopting any new solutions that add to server sprawl, and instead, look to mature cloud technologies as opportunities arise. One element of the IT stack that’s prime for replacement is legacy web access management (WAM) systems, which are costly to maintain and offer only limited, commoditized capabilities. Consider whether the time might be right to adopt identity-as-a-service (IDaaS) and start protecting your hybrid IT environment from the cloud.

Key considerations for hybrid IAM

To aid in the IAM evaluation process, let’s review the three primary areas where cloud-led solutions differ from on-prem-first systems: how long it takes to extract value from your initial investment, the ongoing resources required to support hybrid access needs, and the platform’s ability to future-proof your enterprise’s security posture. We’ll start with a look at the long-term impact of hybrid IAM solutions.

Gaining future-proof identity

The most important advantage of cloud-born providers is that they are not constrained by existing on-prem baggage, so they bring features and security improvements to market faster. In thinking about your hybrid access needs, be sure to consider how they are likely to evolve over the long term as your company moves more and more towards a cloud-centric IT posture.

The question is whether your strategic partner is continuously investing in and innovating around the cloud, keeping in mind that the majority of today’s most critical IAM functions—like authentication, federation, and coarse-grained authorization—are delivered more securely and cost-effectively as on-demand cloud services.

Below are some ways to determine how future-proof an IAM solution is:

Cloud innovation:

  • How long has the cloud IAM offering been generally available?
  • How well does the provider’s cloud feature set match up against either their own original on-prem products or other cloud-first solutions?
  • How much is the vendor investing in true cloud innovations, vs. basic APIs that just lift-and-shift on-prem identities to the cloud?

Advanced capabilities:

  • Which cloud-specific features do they offer, if any? For example, adaptive multi-factor authentication, dynamic scaling, or identity lifecycle management?
  • Is the provider able to analyze the evolving threat landscape and emerging attack vectors across thousands of customers to uncover real-time insights that will protect you before attacks occur?


  • Is the solution built to automatically handle growing volumes of both users and authentications, so it won’t restrict your company’s growth?
  • What type of scale has the platform already been proven to support (while meeting all performance and compliance expectations), e.g., can it manage billions of identities, millions of daily authentications, and traffic bursts of up to 500,000 authentications per minute?

R&D spend:

  • According to the provider’s financial statements, how much do they spend on research and development overall?
  • Considering their product portfolio, how much of this spend likely goes to cloud solutions vs. maintaining older versions of revenue-generating on-prem solutions?
  • What is the total headcount of the vendor’s development team?
  • How many of those developers are focused on addressing technical debt and supporting legacy products, as opposed to building and enhancing IDaaS solutions?

Independent validation:

  • Has the provider’s position in Gartner and Forrester’s industry reports improved consistently over time?
  • Does the vendor emphasize enabling you to comply with various regulations, but still leave most of the burden on the customer?
  • What is the scope of their own third-party attestations, like SOC 2 Type II compliance?
  • Do they offer dedicated HIPAA and/or FedRAMP environments with enhanced security and audit controls?

Beware of “smoke-and-mirrors” tactics that some vendors use to mask deep on-premises technical debt while they build out unproven cloud offerings. Meeting current requirements (such as authentication or single sign-on) is good, but it’s not enough. Instead, find a partner that will bring the latest identity innovations to your on-prem workloads, so you can rest assured they will have your back in the years to come.

>> Download Article to continue reading.

Related Articles: