From an IT perspective, Post Holdings, the company behind cereal brands including Fruity Pebbles and Grape-Nuts, recently became a $1 billion, 100-year-old startup.
That's because last year the company was spun off from Ralcorp Holdings and was left, literally, without an IT department. That turned into an opportunity for the newly hired IT team, which was faced with choosing all new applications for 1,300 workers. "We were starting from scratch," says Brian Hofmeister, director of enterprise infrastructure at Post Holdings.
Since the IT team decided to go 100% cloud for all its applications, narrowing down which type of identity and access management tool to use wasn't that hard, he explains. Post turned to Okta, a single sign-on service for cloud apps.
Okta is among a handful of newer companies -- including Ping Identity, OneLogin and Symplified -- that offer cloud-based products to help IT departments and workers manage authorization and log-ins for cloud-based apps. They fall into a category known as identity and access management as a service (IDaaS).
Gartner expects the IDaaS market segment to grow. At the end of last year, researchers estimate, the market was worth $180 million, with it expected to reach $265 million by the end of this year.
These services aren't just for organizations like Post that have gone all cloud. IT groups are juggling cloud-based applications alongside their on-premises apps, so there's often a need to manage both types.
In addition to the new providers of IDaaS services, traditional identity and access management (IAM) providers, including CA Technologies, SailPoint and IBM, are starting to support cloud apps. This is happening via native applications or through partnerships that allow customers to integrate enterprise cloud apps into their existing IAM processes.
That leaves enterprises with a number of choices for managing cloud apps.
The new breed
Services like Okta, Ping and OneLogin let IT administrators tie cloud apps into a single directory so workers can have one user name and password to access all their apps. End users visit a portal where they can see all the cloud apps they're authorized to use and sign in just once to access all of them.
Typically, businesses link the cloud IDaaS services into an existing Active Directory instance or LDAP directory, rather than recreate a directory. Because all apps are tied to a single directory, IT admins can easily and quickly deprovision users from all corporate services if a worker leaves the company, or change things around if access rights morph due to a promotion, for instance.
OneLogin offers role-based access control, so IT can assign apps to roles within the company. IT can then attach roles to individual workers who then automatically get access to only the apps they should be using.
Some services also record activity like application sign-ins. This can create an audit trail or simply help IT determine workers are using the applications it's paying for.
All in for all cloud
A unit of Reed Group, a U.K. recruitment agency, was in a similar situation as Post and also ended up with an IDaaS provider. In 2007, Reed branched out into a new business, a jobs website called Reed Online. This offshoot grew to around 235 people with very different needs than the rest of the company.
Reed Online recently initiated an IT overhaul. Like Post, Reed Online is going primarily with cloud-based apps, although its top requirement is that the application be accessible through a browser, not necessarily that it be cloud-based. Google Apps, Jive, Salesforce and SAP Business ByDesign are among the apps that Reed is now using.