Managing Online Applications Among The Business Regulations

Managing  Cloud Business Regulations

Cloud applications must be managed in a way that complies with the many different government standards in the United States. As more cloud applications are being implemented in businesses of every industry, companies need a way to ensure compliance. Some of these regulations include the Health Insurance Portability and Accountability Act (HIPPA), the Control Objectives for Information and Related Technology (COBIT) and Sarbanes Oxley Act (SOX).

These each require businesses to ensure certain standards within their organizations, including protection of data and full disclosure. While organizations might know how to handle compliance for in-house applications, how do leaders handle cloud applications? What, if anything changes?

Managing Cloud Applications

There are several important compliance requirements that businesses are required to follow depending on which industry they are in. For example, for the healthcare industry, HIPAA protects the use and disclosure of patient data and ensures that healthcare organizations have the correct security measures in place to protect patient data, as well as requiring a complete audit trail of all users at an organization. HIPAA compliance also states that upon termination, the company must have processes in place to revoke access to systems and applications. SOX is another standard for general business that also requires all information about user’s actions, including document/data access, password changes, logins and logouts and any changes made to be recorded. Still another, COBIT, which is published by the IT Governance Institute provides “a generally applicable and accepted standard for good Information Technology (IT) security and control practices that provides a reference framework for management, users and IS audit control and security practitioners.” These are only a few of the many different rules and compliance regulations which organizations need to follow.

All of these can be extremely time consuming, confusing, and difficult to easily achieve. Especially when organizations start to implement many different cloud applications at their company it can be difficult to manage them in accordance with compliance rules.

Many organizations implement identity and access management (IAM) solutions that ensure that data is easily secure and that these standards are met. Many IAM solutions work seamlessly with both in house and cloud applications so that the overall process can be managed effectively without several different solutions to ensure correct compliance. How does this work?

Ensuring Security and Correct Access Rights

When dealing with many different cloud applications, it is common for access rights for a user to be incorrect. This is either from being set incorrectly from the beginning when the employees account was set up, or during their time with the organization they acquired incorrect access rights over time, which can be a major compliance issue.

One way that an IAM solution combats this is by ensuring that access is correct from the beginning. Since setting up employee accounts in all applications, including cloud applications is time consuming, human resources or the account admin often uses a template account or copy an account of an employee with a similar position. This then leads to the employee often accumulating rights which they should not have. Depending on the different roles within the organization, a certain access profile can be set with an IAM solution. For example, an in-house employee working as an assistant in the finance department will have a certain set of rights that they are supposed to have. When the employee is added to the source system, depending on their role, their access rights and accounts in each application are automatically generated and set up for them. An email can then be sent to their manager with all of their access rights and accounts. If for any reason this is incorrect the manager can then easily edit the employees account.

IAM Workflow

Another compliance issue is that often the employee gains incorrect rights over time. Either they request access from someone who does not have the authorization to give it or they are lent someone’s credentials. This situation can be prevented with an IAM workflow. A workflow can be set up by the organization so that only the correct authorized managers can give access to secure applications. For example, if an employee needs access to a certain secure application for a project they can easily make the request through a portal. The request is then sent to the appropriate manager, who can either accept or deny the request. If needed, there can also be several levels of approval required. This ensures that only the correct authorized people are giving access rights.

Many companies complete this procedure with an entirely paper-driven processes and each time at a SOX audit, the IT department would spend weeks of digging through the papers with the auditor. With an automated workflow system, all granting of access is traceable and documented in the identity and access management solution, so that when it comes to audit time there is an electronic paper trail. If needed, the solution can also generate an overview of all users and the rights which they have in the organization. This allows the organization to see exactly who has access to what and any changes that they made in the network.

Lastly, an automated account management solution ensures that access in all applications is revoked once the employee is no longer with the organization, which as a requirement of many compliance regulations. A manager simply disables the account in the source system and all connected accounts are automatically disabled. This ensures that the employee can no longer access the organizations network, and that removal is not accidentally overlooked.

Segregation of Responsibility

Another compliance issue is segregation of duty or role collision. One aspect of SOX compliancy requires that certain tasks cannot be performed by one and the same person. For example, an order may be placed by person X but this should be validated by person Y. If this happens the system will automatically block or alert a manager whenever two of such authorizations are being granted to one and the same user. This ensures that SOX is easily met.

All of these IAM tasks can be handled completely in a portal in the cloud. So, an employee who works remotely with only cloud applications can still benefit and the organization can still easily manage that users account. This is the same for managers, as they can accept or deny requests for anywhere at any time. Many IAM solutions work seamlessly with both in house and cloud applications so that the organization can easily ensure they are efficiently managing all applications and are in accordance with compliance rules.

By Dean Wiech

Anita Raj

A Winning Data Strategy Series Part 2: Data, an Asset, or a Liability?

Data, an Asset, or a Liability? This is the second piece of a 5-part series on plugging the obvious but overlooked gaps in achieving digital success through a refined data strategy. You can read the ...
RPA-Data

How Digital Service Providers (DSPs) can Leverage RPA to Accelerate Data Migration by 2X

Accelerate Data Migration by 2X Ongoing trends in the Telco/DSP industry such as M&As, migration of the application to the cloud, and modernization of legacy applications have increased the frequency and scope of data migration ...
Money Big Data

How Bitcoin Brought The Lightning Network To El Salvador

The Lightning Network El Slavador made waves last month after becoming the first country to adopt bitcoin as legal tender. El Salvador’s Congress voted by a “supermajority” in favor of the Bitcoin Law which states, ...
Jim Fagan

Behind The Headlines: Capacity For The Rest Of Us

Capacity For The Rest Of Us We live in the connected age, and the rise of cloud computing that creates previously unheard of value in our professional and personal lives is at the very heart ...
EV Sales

Growth of Electric Vehicles – Heading In The Right Direction

Growth of Electric Vehicles The global electric vehicle market is projected to reach $802.81 billion by 2027, registering a CAGR of 22.6%.1 The highest revenue contributor was Asia-Pacific, which is estimated to reach $357.81 billion ...
Sebastian Grady

ERP Software License versus Cloud ERP SaaS Subscription ─ Pros and Cons 

Software License versus SaaS Subscription Your software is an asset. Software vendors such as Oracle and SAP are pressing customers to replace existing enterprise applications in order to move to the vendor’s new platform. Yet, ...