Solving cloud access challenges with federated identity
Increasing use of the cloud poses a challenge for traditional identity and access management. We investigate federated identity, which promises a solution.
Cloud has become a crucial part of enterprise operations. In fact according to a recent Sailpoint survey, 84% of enterprises use applications in the cloud to support major business processes. They offer so many advantages in terms of flexibility and cost that 63% of companies now insist IT decision makers evaluate cloud solutions as part of their procurement.
While the benefits of the cloud are widely accepted, the increasing use of cloud applications is putting the IT security infrastructure under strain – in particular in relation to identity and access management (IAM). These tools govern who is allowed to access company resources and is vital to prevent confidential data from falling into the wrong hands.
The Sailpoint survey warned that 41% of respondents were unable to manage the cloud as part of their IAM strategy. “With our survey finding that as many as 59% of mission-critical applications will be stored in the cloud by 2016, the need for better management of cloud is only going to rise,” said Jackie Gilbert, CMO and founder of SailPoint.
“Organizations need to have automated policy and controls in place to monitor and manage user access across the entire enterprise – including cloud applications – in order to minimize security and compliance risk,” he added.
incorporating the cloud
Single sign-on is a key part of effective IAM and must extend into the cloud, so that the users have a single identity to access all enterprise resources. Without it you end up with multiple identities, which can compromise enterprise security.
To extend IAM into the cloud, enterprises can use federated identity, which builds an “identity bridge” between the users’ corporate identity and the cloud. It allows users to sign into cloud applications using their corporate identity, which has been verified and stored in the corporate LDAP or Active Directory. This allows them to preserve their existing investment in premise-based IAM and integrate new cloud applications seamlessly.
There are a range of different federated identity solutions available in the market. The most important criteria for choice is simplicity and flexibility. How much technical work does the solution require to integrate it into your infrastructure? Or do you need to consider using load balancing?
In addition, federated identity helps cloud applications conform to the IAM policy – which outlines what users have access to what applications. So when an account is created in the organization’s directory, the user can access cloud services along with traditional enterprise applications.
Importantly, the provisioning process needs to be accompanied by a de-provisioning process. So that when a user leaves, their cloud accounts are also torn down, because you don’t want to continue paying for their license.
Cloud applications should be included in IAM reporting to give the IT department a complete centralized view of all user activities. This helps them meet their requirement for compliance, security auditing and operational management. It is also useful to know if particular applications are not being used, because it could indicate that an application is either no longer useful or that more training is required.
any location and device
In addition to the widespread use of the cloud, users are increasingly accessing corporate resources via multiple devices and from multiple locations. This means that authentication policies need to be flexible enough to be able to adapt to any situation.
For example if a known corporate device is on the corporate network, the user will be able to connect to salesforce.com via their usual sign-in. However if a person is trying to access corporate resources with the same identity, but from a different country and on an unknown device, they will need to enter in additional authentication details, such as a one-time password via SMS. Typical factors to take into account include: user profile, the resources they want, the device they are using, location and time of day.
To find out more about IAM and the cloud and get Orange Business Services five tips on the subject read our latest Fast Track sheet.