Identity Management & the Art of Removing Cloud Security Obstacles

Cloud Identity Management Challenges meet Cloud Identity Management Solutions with IDMWorks.

First the fun, why Cloud? Well, we seem to define this a lot here at IDMWorks.

The quick and dirty:

1. Pay As You Go Approach to IT
There is no upfront cost and this helps keep the cost down for the service consumers. Cloud computing is a pay-as-you-go approach, in which a low initial investment is required to get started, and additional investment is incurred as system usage increases.

2. Highly Available Infrastructure
Many cloud providers sell their service as highly available. This gives Cloud services the aura of a utility which is an always on and that can be leveraged anytime and from anywhere.

3. Strong Time to Value Ratio
With Cloud computing organizations realize benefits more rapidly than with the traditional packaged software use model. In the traditional IT model, a large investment is made early in the project prior to system build out, and well before tangible business benefits are realized. This model has several risks associated with it since a large percentage of IT projects are cancelled due to poor ROI or user acceptance. Cloud provides IT a way to outsource non critical functions to an organization better equipped to run those services.

4. Flexible Computing Model
Cloud computing offers much more flexibility than traditional computing models. Your Employees can access information wherever they are rather than having to be restrained to their desktop.

5. It’s Simple
One of the advantages of cloud computing is that businesses of all sizes can instantly obtain the benefits of the enormous infrastructure without having to implement and administer it directly.

Enough of the pitch, now on to Identity Management in the Cloud…

Cloud Identity Challenges:

1. User Lifecycle Management:
New Cloud applications bring new complications of management, more costs and administrative hassles. You may have invested hundreds of thousands or even millions in enterprise provisioning software only to find out that it does nothing to address your identities in the Cloud. There could be windows of time where your terminated contractors may not have been de-provisioned from critical applications. As such, organizations will quickly find out they need a centralized infrastructure to manage user identity information effectively. Further, explosive growth in the use of web applications increases the complexity and administrative overhead of which users should be entitled to access across applications. So it is critical in the cloud framework to be able to facilitate self-service registration whenever possible. This can lead to better agility, reduced help desk costs and higher convenience for end users.

2. Compliance:
As more services and applications are being provided by 3rd parties, organizations have new compliance issues to worry about. The more sensitive data we have via these 3rd party applications the more we need to be able to enforce the types of controls that allow us to be compliant.

3. Federated Authentication:
The ability to collaborate seamlessly with your partners, vendors, and customers. An organization may already have all of its internal user identities stored in Active Directory and its external users such as partners and vendors in an LDAP directory and the organization may want all of their users to leverage an external cloud application without replicating all of that identity information in a third party product. Many organizations also want the convenience of having their users sign on once to access not only internal applications but also SaaS applications in the cloud.

Cloud Identity Solutions:

1. User Lifecycle Management:
Identity Administration helps solve the user lifecycle management challenge and many other common issues such as self service registration and compliance reporting. Automation of provisioning and de-provisioning of users and administering user identities for both on premise and cloud applications will bridge the security gap regardless of the size of the network. The addition of Role Based Access Control (RBAC) allows for when a user changes a role they are automatically de-provisioned from systems no longer needed and added to new ones relevant to their new role. Additionally, automated Identity Administration allows us to identify and remediate orphaned accounts (those accounts with long gone owners).

Throw in user self-service access requests and self-service password reset capabilities and the User Lifecycle Process can be fully automated across the Cloud.

Need this to be standards driven? Let’s implement SPML connectors.

2. Compliance:
Simply put, utilize Identity Management tools to log and report Who has access to What, When, Why, and How and fulfill those pesky regulatory requirements, such as Sarbanes-Oxley, 21 CFR Part 11, Gramm-Leach-Bliley, HIPAA, and HSPD-12.

3. Federated Authentication:
Need to collaborate seamlessly and yet securely across complex heterogeneous environments? Make sure your Single Sign-On solution can support SAML, Windows CardSpace, WS-Fed and/or OpenID.

In summation, contact IDMWorks and let us help you plan your Cloud based Identity & Access Management (IAM) security solutions around the core tenets:

1. Identity Management

a. Roles based User Provisioning

b. Self-Service Request & Approval

c. Password Management

2. Access Management

a. Authentication & Fraud Prevention

b. Single Sign-On & Federation

c. Authorization & Entitlements

d. Web Services Security

e. Information Rights Management

3. Governance, Risk and Compliance (GRC)

a. Analytics

b. Fraud Prevention

c. Privacy Controls

Bonus Information: Saviynt is a leader in Cloud Security and Identity Governance. It is transforming security by delivering NexGen Identity Governance & Administration solutions, allowing your organization to govern access across infrastructure, applications, and data.