Access and identity governance in the cloud: Problems and solutions
There has been a consistent growth and increase in cloud application usage over the past five years as organisational IT leaders have realised the benefits of implementing them. This is also, in part, because of the fact that there is a major increase in remote employees, who need applications in the cloud to be able to work. Cloud applications have many obvious benefits to an organisation, such as improving efficiency, reducing costs and improving security.
Once these applications are implemented, though, organisational leaders often soon realise that managing accounts for cloud applications can be a headache. Just as with in-house applications, account admins need to be able to efficiently provision, change and disable accounts, as well as manage passwords and ensure the network is secure.
How is cloud account management different than managing in-house applications? Often these two different type of applications need to be handled differently since they have different requirements. What may work with an in-house application needs to be altered to work with a cloud application. So, what are some of the issues that organisations have with managing cloud applications, and how can they be resolved?
Manual account management in any type of application is time consuming. Admins must manually enter data and create accounts in each application for a new user, which can also lead to errors. For cloud applications, providers often try to mitigate this issue by offering a web-browser that managers can use to control access to the cloud application directly. However, provisioning is rarely automatic, which necessitates a sequence of manual operations. This means that the admin still must manually create each account and access rights for a new user.
While it is a headache for the account admin, it is equally as frustrating for the end user. For example, think of a remote employee, who needs accounts created for them. The process of doing so often takes several days to manually create all appropriate accounts, or to add additional access rights. Without the proper accounts or access rights the employee simply cannot begin work, and remains unproductive.
When an organisation begins to use several different cloud applications it becomes difficult to ensure that the correct people have the proper access to them. Users may have access to systems and applications that they should not, leaving the company’s data unsecured. Over time, employees are often granted access for a project, for example, and the rights are never revoked.
Additionally, it needs to be guaranteed that cloud application access is disabled once an employee leaves the organisation. This step is often overlooked since a manager needs to manually disable the employee in each application that they have access to.
Naming and password conventions
Conventions governing naming standards and passwords are often inconsistent between network and cloud applications, making it an issue. In the network, a user ID might be based on the log-in name, and in the cloud it might be the e-mail address. This complicates exchanging user account details between the environments.
This is also an issue for passwords. When extremely complex passwords are required in the corporate network, cloud applications might not be able to handle this type of password. The possibility also exists that the cloud application requires a different duration for password expiration than within the corporate network.
Cloud management solutions
These are just some of the reasons why the organisation needs a solution that will work in house as well as with cloud applications seamlessly. As the identity and access management (IAM) industry grows, it is apparent how helpful these solutions can be for organisations that use cloud applications. They allow managers or account admins to easily manage cloud applications for employees throughout the organisation.
IAM solutions that allow for automated account management can drastically reduce the need for manual actions. Many solutions that work with in-house applications also can be set up to work seamlessly with cloud applications. This allows an HR employee or manager who is creating accounts for a new employee to easily check off which accounts need to be created for both in-house and cloud applications and the accounts will automatically be provisioned in near real time. This process allows for accounts to be created quickly and easily, so that end users don’t need to wait around for the access that they need. This also allows a manager to easily disable the accounts of an employee who has left the organisation, which ensures security of the network and data. Admins simply disable the user account in the solution and all connected accounts are automatically disabled.
To handle additional security issues, IAM solutions allow for many different resolutions. A manager can first easily generate a report that shows exactly who has access to what, as well as any changes that they are making in that system. Many solutions also support workflow management. With workflow management and self-service, employees and managers themselves can request, check and approve facilities without any IT intervention. For example, an employee may request access to an application, a project or to view reports. The approval process is part of a structured workflow. The manager can authorise the request and it can be implemented immediately in the network, or they deny the request and the employee will not receive access. This not only dramatically improves efficiency, but it assists with security. When an employee is requesting additional access or a new account it is ensured that the correct people are providing the permission.
To handle the multiple different naming and password conventions, an automated solution can be helpful as well. IAM solutions can enforce a standard naming convention across all applications while allowing for uniqueness when more than one employee has the same name. Additionally, a single sign-on solution can mitigate the password complexity issues by using a single set of credentials to log in and automatically authenticate the user each time they log into the application. Further, an SSO application can also routinely reset the password in the background, or prompt the user to do so, when expiration occurs.
Though very beneficial, cloud applications can also present many account and password management issues for companies of every size. IAM solutions have evolved over the years and now allow organisations to seamlessly manage both in-house applications, as well as any cloud applications that the organisation may want to implement. This allows the organisation to get all the benefits of using cloud applications without having to deal with the many management and password headaches.
- » How to make your SaaS startup stand out from the crowded cloud landscape
- » Organisations struggling with sensitive cloud data as they shun security-first approach
- » Chaos engineering is integrated into the DevOps toolchain – but what about IT ops?
- » Sainsbury’s looks to Google Cloud for machine learning as retail cloud case studies continue to climb
- » Best security practices for migrating to the cloud: A guide