Gartner Blog Network

Talkin’ ’bout AWS and Identity

by Mark Diodati  |  March 2, 2017  |  Comments Off on Talkin’ ’bout AWS and Identity

Amazon Web Services is an amazing platform. It makes impossible computing challenges, well, possible. It is one of only two “up and right quadrant” providers in Gartner’s IaaS Magic Quadrant—and is farthest up by a country mile. Amazon broke out AWS’ revenue for the first time last year and it was a whopping $6B. This year, revenue is expected to double.

AWS’ growth can be attributed to two factors. First, organizations are accelerating the migration of workloads to the cloud. AWS is experiencing the most success in riding the migration tsunami. Second, AWS has introduced services at a blistering pace. The current number of AWS services is over 90. And the number of services have grown over 400% since 2012.

AWS’ rapid service expansion has resulted in technical debt, with regard to identity management. Instead of leveraging its core IAM for new services, it added additional user types, along with new authentication and access methods, to bring these services to market more quickly. This type of expansion is analogous to building additional rooms onto a house, and then installing individual heating and plumbing systems for each room. The proliferation of user types, access methods and authentication methods is a major challenge, because it poses too much complexity to deal with.

This illustration hints at the complexity within the AWS identity environment. There are eight different user types, each with different identity directories. Some of the identity directories aren’t available to AWS. And for the most part, these user types have different authentication, credentialing and management processes.

AWS User Types

AWS User Types

Why care about IaaS identity management? Identity is becoming more important as more workloads migrate to IaaS. IaaS platforms are becoming the “go to” platform for attack, because they are loaded with services, data, applications—and privileged users. If you can’t get comfortable with the identity capabilities of the platform, how can you protect sensitive data and prevent denial of service attacks? And how can you confidently stand before your auditors, the compliance group—and the executive team?

A few days ago, we published new research on the intersection of AWS and identity (subscription required). At 48 pages, it covers a lot of ground—from Active Directory virtualization to OpenID Connect, to the latest exciting services like AWS Organizations and Cloud Directory. So far, the feedback from our clients and industry folks has been encouraging.

If you read the research, I’d be grateful for your feedback. Do you agree with the analysis? What type of AWS identity challenges is your organization experiencing?

Relevant Research

Implementing an Identity Strategy for Amazon Web Services

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: authentication  cloud  federation  iam  oauth  openid-connect  

Mark Diodati
Research VP
12 years at Gartner
27 years IT industry

Mark Diodati is a Research Vice President with Gartner's IT Professionals research and advisory service. His focus topics include IoT, IaaS, authentication, hybrid and cloud identity, and API identity service (e.g., OAuth, OpenID Connect and SCIM).Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.