December 3, 2015

Authentication Management Solutions

By Dean Wiech

Authentication Management Though end users might not notice a difference between systems and applications hosted on-site or in the cloud at their organization, administrators who manage them often have to do so quite differently. Each solution has different requirements pertaining to security, and access and authentication management. System admins want to be able to easily […]

Authentication Management

Though end users might not notice a difference between systems and applications hosted on-site or in the cloud at their organization, administrators who manage them often have to do so quite differently. Each solution has different requirements pertaining to security, and access and authentication management. System admins want to be able to easily manage user rights, as well as authentication, but it can often be difficult with different types of applications. Because of the different requirements amongst on-premise and cloud applications, solutions that work with them often must be different.

So how are they the same, how do they differ and how can system admins easily manage on-site and cloud applications? Let’s take a look.

IGA for Account and Access Management

When it comes to access management, whether it be in the cloud or self-hosted, managing user accounts and access manually can be a burden. Think of how time consuming this task can be for an organization of a few hundred then add in the fact that large organization often hire outside temps, who need quick access put in place, as well as revoked. Additionally, it is important that access rights are correct so that each employee only has access to resources they need to perform their jobs. When it comes to cloud and in-house systems, an identity governance and administration (IGA) solution can be used to easily handle the access management task. Both types of applications can easily be managed by a single IGA solution.

How is this done? An IGA solution allows for automated user provisioning to synchronize user account information between the HR system (for example, SAP or PeopleSoft, and the network). A change in the HR system is detected by the IGA solution and is then automatically implemented in the network and any connected systems.

Authentication Management

(RBCA Matrix Image Source: itsecurityideas.blogspot.com)

Additionally, the source system can be utilized in conjunction with a role-based access control (RBAC) matrix to determine employment status along with the employee’s title, department and location. The RBAC matrix can then determines what applications and data they should be granted rights to, so that it can be ensured that employee access is correct when their account is created. In the case of a terminated status, an admin simply disables the employee in the source system and all access will be revoked. So, when an employee joins an organization it is ensured that they received the correct access from the start.

Even further, a workflow management module can be utilized to administer all requested changes to the network and cloud applications. A self-service portal is established where all users are directed to make requests for new and enhanced requests. Once the end user processes the request, it is routed to the appropriate manager and systems owner for approval. Only after the user gets correct approval will the change then be made.

Authentication Management

When it comes to authentication management, solutions such as single sign-on (SSO) have to be treated differently for on-site and cloud applications. Often, many companies use a SSO solution to allow end users to be more productive and not need to remember eight, or more, sets of credentials. While this type of solution can be beneficial, SSO for in house compared to cloud solutions is different.

sso-cloud

For cloud applications, a web SSO solution should be used. A web portal is created that contains icons or shortcuts to all of the organization’s authorized web applications. Users log into this portal with their standard network credentials and are easily and securely validated for all of these applications. Web SSO solutions provide the greatest benefit for an organization where the majority of applications are cloud based and the user’s access data from personal devices.

Downsides Of Web SSO

One of the downsides to web SSO, however, is that it is typically limited in functionality, since it only works with cloud-based applications and those that comply with one of the industry standards, such as SAML, OAuth or OpenID. Communicating with legacy apps, or those that have not adopted one of these standards, requires a more traditional or enterprise-level solution. For these situations, an enterprise SSO would generally be utilized. Enterprise SSO products typically require a plugin to authenticate back to a directory service, such as Active Directory, to capture the credentials of a user in a secure database rather than using an identity provider. These types of solutions have been available for many years and are widely implemented in locations where the vast majority of user’s access On-Premises applications from a computer attached to the company network.

Overall, both on-site and cloud applications can easily be managed with identity and access governance solutions. Though some require different methods or add-ons, access and authentication can both be automated and managed in each with simple solutions.

By Dean Wiech

Dean Wiech

Dean Wiech is managing director at Tools4ever US. Tools4ever supplies a variety of software products and integrated consultancy services involving identity management, such as user provisioning, role-based access control, password management, single sign on and access management solutions.

Exploring SaaS Directories: The Path to Optimal Software Selection

Exploring the Landscape of SaaS Directories SaaS directories are vital in today’s digital age, serving [...]
Read more
Steve Prentice

Get Smarter – The Era of Microlearning 

The Era of Microlearning Becoming employable and then staying employable requires ongoing, up to date [...]
Read more
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more
Katrina Thompson

Why Zombie APIs are Such an Important Vulnerability

Zombie APIs APIs have a lifecycle, the same as anything else. They are born, they [...]
Read more

A.I. is Not All It’s Cracked Up to Be…At Least Not Yet!

Exploring AI’s Potential: The Gap Between Aspiration and Reality Recently Samsung releases its new Galaxy [...]
Read more

AI at the Gate: Navigating the Future of Cybersecurity with SonicWall’s Bobby Cornwell

Navigating the Future of Cybersecurity In the face of the digital age’s advancements, AI’s role [...]
Read more

SPONSORS

Interviews and Thought Leadership

Daniel Barber

Q&A Daniel Barber – 2024 AI + Data Privacy Predictions

2024 AI + Data Privacy Predictions In a recent interview with CloudTweaks, Daniel Barber, Co-Founder and CEO of DataGrail, shared insightful perspectives on the evolving landscape of AI and privacy. [...]
Read more
Jeff DeVerter

Charting the Course: An Interview with Rackspace’s Jeff DeVerter on AI and Cloud Innovation

Rackspace’s Jeff DeVerter on AI & Cloud Innovation In an insightful conversation with CloudTweaks, Jeff DeVerter, a seasoned IT and technology veteran with over 25 years of experience, sheds light [...]
Read more

CrowdStrike and Dell unleash an AI-powered, unified security vision

Dell and CrowdStrike are joining forces today to help businesses battle against cyberattacks using AI to protect against generative AI, stealth social engineering and [...]
Read more

Navigating Tomorrow: AI and Big Data as Catalysts for Smarter Governance

The Future of Governance In a world increasingly shaped by big data and artificial intelligence (AI), it’s curious why these [...]
Read more

Exploring SaaS Directories: The Path to Optimal Software Selection

Exploring the Landscape of SaaS Directories SaaS directories are vital in today’s digital age, serving as key resources for businesses [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.