How effective identity management reins shadow IT and password sprawl
The cloud has sped up and simplified many aspects of IT. Enterprises and end-users alike have incredibly swift and affordable access to more applications and IT resources than ever before.
This access helps cut or keep costs low and enables businesses to innovate and respond to evolving market demands. However, in other ways, this explosion of apps and devices brings considerable new challenges to IT management.
Today there is no let up of business departments that are building their own applications, or turning to the web for cloud services, and as a result it is next to impossible for IT teams to maintain insight into where data is going or what applications employees are accessing. Additionally, an explosion of devices and cloud applications have hit enterprises in recent years—with most large organisations having hundreds of applications in use to conduct business.
Some of these applications are owned and managed by the enterprise on-premise, while others are cloud services. Additionally, some applications are so-called shadow IT where end-users choose their own applications to get work done. With all of their users accessing all of these applications, enterprises are losing visibility into what applications and data their employees are accessing.
These trends are fundamentally changing what the enterprise considers its “perimeter” and this poses a significant challenge to enterprises as they strive to stay aligned with their demands to govern data, users, infrastructure, and applications properly.
Consider the challenge—this flood of new applications—enterprises are now trying to control what applications users access, where corporate data is stored, and are enforcing good password policies, and even simply disconnecting application access when an employee’s status or job role changes. Sure, they could try to achieve some of these efforts through policy; however, that is just not good enough today.
The key to succeeding essentially comes down to effective identity management, whether a user is accessing resources in the cloud or on-premise. Additionally, it is not just about protecting data from being breached by external hackers, but also about protecting data from accidental leakage, malicious insiders, and remaining compliant with the growing number of data-related regulatory compliance mandates.
Complying with these regulations for industries such as healthcare, payments, financial services, and many others are not optional. In most cases, organisations need to know and demonstrate who has access to these systems and how that access is enforced. However, the ability to do this is greatly encumbered—if not impossible—if users are performing work on many different applications outside the watch of IT.
What success comes down to is organisations having the power to control identities no matter where their workers access them—whether on premise, in the cloud, or originating from mobile devices. The ability to report on who is accessing what applications and enforce that access is crucial.
I believe one of the most effective ways to manage this transformation is to also transition from on-premise identity management to cloud-based identity management. Just as businesses see many increased benefits—quicker time-to-value, ease-of-integration, flexibility, customisation, and cost—when moving business processes to cloud software services, the same holds true for identity management.
Additionally, identity management has moved beyond the days when it was acceptable to simply authenticate users at the network perimeter, and trust most actions thereafter. With the challenging trends of mobility, cloud, and shadow IT enterprises need context about who the user is, what actions they are trying to complete, and if what we do know about the user makes sense to permit the specific action the user is trying to take.
And I am convinced that the only way to achieve this is by making enterprise identity management easy and straightforward.
Just like consumers, enterprise users are equally frustrated by having so many log-ins, and IT is dissatisfied with trying to manage all of them. However, with a centralised, readily managed single sign-on, end-users get the simplicity they desire, while IT gets a trusted, standards-based way to manage access to all of the applications that are so crucial for security, transparency, and regulatory compliance.
While it is true that there are many identity management alternatives available, most of these technologies are very siloed. They work well with on-premise applications and resources, or perhaps the web, or on mobile; however, few work across the gambit. Yet, this is precisely what organisations need if they are going to win with the ever growing number of applications, services, and demands to protect data and maintain regulatory compliance.
After all, IT, cloud computing, and user choice is supposed to simplify our work lives including how we access all of these services.
Quinton Wall is the Director of Technical Platform Marketing at Salesforce.com. Follow Quinton on Twitter at @quintonwall
- » Three reasons why killing passwords will improve your cloud security
- » The rise of SD-WAN: How scaling cloud services is key to growing a digital business
- » SQL Server high availability and disaster recovery for AWS, Azure and GCP: A guide
- » Best security practices for migrating to the cloud: A guide
- » Moving from DevOps to modern ops: Why there is no room for silos when it comes to cloud security