Solving The Identity Management Conundrum
Businesses of all sizes are increasingly moving their IT operations into the cloud. Their reasons for doing so are diverse and varied, but typically fall into broad categories; modernisation, streamlining workflows, easier access to business-critical applications, cut costs on data centres, and so on.
While there is no denying that the amount of benefits that the cloud can bring to a business are vast, there are still some important considerations to make when making the leap.
One of those considerations is how to effectively manage identities.
The Old Problems with Identity Management
The challenge of identity management was never fully solved in the pre-cloud era, a strange anomaly given that identity and access management (IAM) has been at the heart of corporate IT security for two decades.
With companies now entirely reliant on computers for all aspects of doing business, IAM is also one of the broadest issues in IT security. Whether an employee needs to access internal applications, an outsourcing company requires limited control over hardware functionality, or consumers want to interact with their online accounts, they are all dependent on secure and reliable IAM.
Managing all the access points and accounts could be a time-consuming exercise, especially if the systems have been badly implemented. Even if they have been correctly implemented, issues such as orphan accounts, poorly mapped essential data, non-existent monitoring of privileges, and wrongly assigned super-user accesses could all combine to soak up precious resources and ultimately result in costly clean-up exercises.
The Arrival of Off-Site Services
Before the explosion of off-site services, IT staff were responsible for manually performing administrative tasks in order to give the employee the correct accesses. Such an approach made meeting regulatory guidelines, sufficiently managing security controls, and creating company-wide consistency difficult to achieve – all of which only served to exacerbate the problems listed above.
As discussed, IAM now underpins almost every facet of the business world – and thus requires far more management than simply adding and removing various accesses. The system in place needs to reflect a company’s business goals and unique challenges, and thus allow it to adapt almost instantly to any new requirements that arise. Beyond that, it needs to be simple, user-friendly, and secure.
If the situation was difficult to manage before, the uptake of cloud services, the growth of the Internet of Things, and the addition of external constituents could make the problem worse. Indeed, with Gartner now predicting that by 2020 “60 percent of all digital identities interacting with enterprises will come from external identity providers through a competitive marketplace, up from less than 10 percent today”, it is vital that systems are put in place now to help manage the impending change.
Thankfully, the cloud can help by offering hybrid solutions between on-premise resources and cloud-based resources.
The Importance of Cloud-Based Solutions
The long-held ideal of effectively organising identity management in cloud computing whilst maintaining control over internally provisioned applications and resources is now becoming a reality.
At the core of the solution is security. With data breaches and data theft seemingly never away from the headlines, organisations are increasingly required to prove that they have strong IAM controls in place both for internal resources and for resources accessed remotely. To achieve this, the ability to tie off-premise user identities to back-end directories is vital, and systems should be used that can provide cloud-based bridges to those directories.
Some facts serve to underline this point even more forcefully; according to SC Magazine, privileged users cost US businesses $348 billion per year in corporate losses, Group ID claim 19 percent of employees change job responsibilities each year (with 5 percent of users in an average company’s Active Directory being no longer employed by the organisation), and Gartner are predicting that IAM will remain as one of the top three most sought-after cloud services.
How Microsoft Azure Active Directory Can Help
The capabilities of Microsoft Azure Active Directory (AD) address many of the issues raised. Most importantly, Azure AD can provide access control to cloud-based applications, including third party ones, but the benefits extend far beyond that.
For example, it offers tools that allow IT professionals to scan the applications in use and isolate those which have the biggest effect on data confidentiality, compliance, and auditing, it helps to identify and address cloud-based security threats, and it can provide single sign-on to the most popular SaaS applications.
It also helps to negate inefficiencies in the user lifecycle, thus becoming the perfect solution for newer SMEs that were created in the age of cloud use. It does this by including support for self-service and dynamic rule-based groups, role-based and rule-based provisioning, managing both on-premise and private cloud directories, and regular recertification of user privileges.
In the age of global business, it is also important to have a way to let partners and other vendors access your applications. Azure AD assists in this business-to-business collaboration without the need for proxy users, instead making use of email-verified and social identities.
As the necessity for greater engagement between businesses and their customers grows, and as newer social and mobile technologies continue to come online, effective IAM is more important than ever.
Businesses now have to take a consumer-led approach for granting and controlling access to their resources, especially to those which are based in the cloud. Without that approach, they risk being exposed and left behind on a number of fronts.
Systems such as Microsoft Azure AD are the perfect way for SMEs to better manage their existing users and extend their services over time, making sure they don’t miss the exciting opportunities that will arise over the next five years and beyond. Contact them for more details.
This post is brought to you by Cloud for Tomorrow.
By Dan Price