Cloud IAM Environment
Sales and implementations of identity and access management (IAM) solutions have drastically increased over the last couple of years as the solutions have become the standard bearer for organization’s access and security. This is primarily because organizations in every industry and their leaders are realizing how beneficial they can be. Instead of using their older, out-of-date manual processes to manage user accounts and passwords, IAM solutions allow for automation of the entire user account lifecycle.
As there has been, of course, a dramatic increase in the use of cloud applications, organizations need to have a method to easily manage both cloud systems and their in-house applications. A cloud IAM environment will ensure that the company is efficiently automating its account management lifecycle for both in house and cloud applications so that only one solution is needed.
If your organization is still using manual processes and is beginning to look at IAM solutions and how they can help your company, it is beneficial to know what a successful cloud IAM environment is and the basic steps and considerations your organization should contemplate to achieve a successful implementation. Here is a brief overview of what to consider when beginning to look at vendors and implementing an IAM solution.
The first step would be to find a vendor that offers an IAM solution that will work well with the needs of your organization. Your organization should make a list of all important process that they are performing manually, as well as any issues that they need to have solution in place so that you know exactly what your top priorities are.
(Image Source: Interxion)
You should then make a list of all of the applications that the company uses, both cloud and in house. It needs to be guaranteed that the vendor you are working with can build, or has a connector to, these cloud applications.
The organization can then begin conducting research on what type of solutions are needed to solve some of your top concerns and issues. Identity and access management, as a term, covers multiple components, solutions and modules. Here are a few of the main components, as well as what can be achieved with a successful cloud IAM environment.
- Account Management — This is the management of creating accounts, making changes when necessary and disabling accounts once the end user is no longer working at the organization. A source system, such as HR, is connected with all cloud and in-house applications that your organization utilizes. This allows any change made in the source system to be automatically reflected in all connected systems, so that no manual actions need to be made. For example, when a new employee is on boarded, their information is simply entered into the HR system and accounts in every application they need will automatically be generated for them, without needing human intervention.
- Role-based Access Control/Access Management — This is the management of access rights. Within an organization, there are many different types and levels of access that employees may require, and they all need to have access to the correct systems and applications. Just as with in-house applications, it is important that users have the exact access they need in cloud applications. This component not only ensures that access is correct, it can also assist with the automation of account change requests. For example, an employee can request an access change via a portal and the request is automatically routed to the correct manager for approval. Once approved, the change will automatically be carried out within the network or appropriate application.
- Compliance Management — This component is used to monitor what is taking place in the IT infrastructure and making the changes where appropriate. Some organizations may want to monitor who has access to what and may need to comply with certain rules and regulations. Many cloud IAM vendors allow for admins to easily generate a report of exactly who is accessing which applications and what changes they are making. This is beneficial in two ways: First, it allows the organization to ensure security and provide an easy trail for audit reasons, and second, this also allows them to easily see which applications are actually being used for licensing reasons. The organizations may be paying for expensive licenses to applications that users aren’t even accessing. Reporting such as this keeps the network and cloud secure and accurate.
- Password/Authentication Management — This component is the management of the user’s credentials for accessing the applications they need. It also encompasses certain solutions used to make the login procedure both more convenient for the user, as well as more secure. One of these is a web-based single sign-on (SSO) solution to allow end users to easily access cloud applications. Users simply access a portal where all of their available applications are located. They provide a single set of credentials for authentication to the portal and can then access any of their applications by simply clicking on an icon. This allows them to easily access their applications from anywhere that they are working, whether inside or outside of the company’s network. Many vendors also offer the ability for users to download an app on their device and the app will prompt the user to enter the single set of credentials to get to a portal where they can access their applications. This is extremely convenient for users who are using tablets or smartphones.
The next step is to decide which of these components you need and in what order of importance. Many IAM vendors are very flexible and will allow your organization the opportunity to customize your solution and implementation to meet your company’s needs and timeframe. Often, organizations are nervous about an IAM solution because they fear that such solutions can be costly and timely to implement, taking money from other important budgets. This is actually a misconception that many have. When an IAM implementation is done in modules or phases, the sponsoring organization can choose to purchase only those that they need. They can then also choose to implement the most important aspects of such solutions first.
Another factor to consider is the security of the network. Your organization might want to work with the vendor to ensure certain extra security measures, or tailor the solution based on the industry you work in or the data you handle.
Certain modules in an IAM solution already increase security dramatically without any extra measures. For example, the web SSO component allows users on the go to login with one single password to access a portal of all of their cloud applications. This not only improves efficiency; it also helps with security since it eliminates the need of end users to write down their passwords.
If security is a top priority, though, certain features can be added, such as two-factor authentication to the password solutions. This requires a user to provide, for example, a password and another form of identification, such as a finger scan or PIN to further validate they are the correct user.
Overall, a successful cloud IAM environment will allow your organization to easily and efficiently manage cloud applications, and in-house applications, while also increasing organizational security. Your organization should use these basic guidelines to find a vendor that works best for their organization.
By Dean Wiech
Dean Wiech is managing director at Tools4ever US. Tools4ever supplies a variety of software products and integrated consultancy services involving identity management, such as user provisioning, role-based access control, password management, single sign on and access management solutions.