One of the major drivers, in my opinion, is the adoption of the cloud. But the problem is, how do I manage user identification both in my own network and in my cloud without having to duplicate efforts? How can I be assured that the iPad being used to access company’s data in the LAN and in the cloud is legitimate, used by the actual and legitimate user, and all this without having to manage identities in 3 different places? And without asking the users to enter 3 different passwords?
In a way, this is an extension of the single sign on issue (never truly resolved completely); now I want to identify my users wherever they are, whichever device they are using, whichever server they are trying to access, local or in the cloud. The scale of the problem is rather daunting in some cases. Some major software vendors offer solutions that are specific for their own environment; for instance, you can get AIM for Oracle, AWS has its own version to integrate your local network with their cloud solution, etc.
HIPAA, SOC and PCI are forcing the hand on this issue as well, as these regulations require that access to data be closely controlled; the systems handling data must be able to account for WHOM is accessing that data. And again, IT departments do not want their users to get frustrated having to logon multiple times to multiple systems; they aim at having one place to identify users and correctly grant access data only on an as-needed basis, which is also called role based access – access only to the data your job requires you to have access to.