kevin-cunningham

How Identity Governance Can Secure The Cloud

Securing The Cloud Enterprise

Cloud adoption is accelerating for most enterprises, and cloud computing is becoming an integral part of enterprise IT and security infrastructure. Based on current adoption trends, it’s clear that the vast majority of new applications purchased by organizations will be SaaS applications. The allure is evident, from cost savings to speed of deployment to flexibility and simplicity.

Industry experts predicted the cloud migration would stop short of mission-critical applications, though, because of the prevalent belief that on-premises systems are more secure than those in the cloud. Instead, cloud adoption has accelerated because of users yearning for simplicity, convenience and lower cost of ownership.

Now, it’s clear that cloud apps are the future for enterprises. However, the benefits of the cloud can be negated if it leaves a business exposed to security breaches and compliance issues.

The Cloud Enterprise Needs To Be Secure

An organization’s security profile changes with the cloud for a variety of reasons. First, enterprises must grapple with the explosion of cloud apps that can be procured outside of IT’s purview, as well as manage and enable a globally distributed workforce that blurs the lines between employees, contractors and partners. Complicating this new security dynamic is the fact that even as enterprises aggressively move to a cloud-first IT strategy, they will realistically need to manage legacy applications that reside on-premises for the foreseeable future.

secure-chain

This is further compounded by the evaporation of the network perimeter. Attacks are no longer made against an enterprise’s network defenses as much as phishing and social engineering attempts are made against its users. Network and endpoint security simply aren’t enough. More than ever before, organizations need to understand protecting identity is critical, and in many cases, it’s the only linkage IT and security have between the user and the applications and the data they can access.

Successfully managing the adoption of SaaS applications – and securely migrating to a cloud enterprise – requires identity governance.

Leverage Identity Governance

Securing the cloud enterprise can be done; the question is how? By taking a user-centric approach to cloud security to make sure you’re managing what applications and data your customers, partners and contractors – your identities – can access, as well as what can be done with that access.

There are four key requirements to securing the cloud enterprise:

•        Connect to everything. Your identity governance solution must be able to connect to all an enterprise’s systems, from the legacy applications that have been in use for years to the SaaS applications that are being adopted today.

•        See everything. You need visibility to all the information about an identity, across all the applications an enterprise uses, all the data they have, and across all users – no matter where they are located or what devices they may use.

•        Govern everything. You need to know who does have access, who should have access, and what users are doing with their access on all your applications for all your users and for all your data.

•        Empower everyone. Let your users work how they like to work, wherever they are and on whatever device they want to use.

The dynamic and complex nature of securing access while enabling cloud applications requires a new approach. Managing shadow IT accounts and securing these within established IT governance parameters is a particular challenge that IT teams must be on top of. Not securing these accounts to a high enough standard could have damaging effects in terms of asset loss, causing further internal disruption.

One approach is for IT to become a “cloud service provider” – an internal market and a central resource that provides identity and access services to departments, making it easy for users to gain access to cloud applications while simultaneously ensuring that security and compliance requirements are met.

Rather than have employees scouring the web for cloud applications, IT can instead deploy apps that have been tested and pre-approved. This, in turn, provides IT departments with a holistic view of employee activity across the cloud.

Another problem resulting from cloud update is the management and regulation of intellectual property and determining where the data actually resides. With company files, documents and potentially sensitive material making the move to a network of remote servers, organizations must better manage and curtail access to these important assets. Some applications may reside on-premise or in the cloud – known as a hybrid cloud solution. If an organization is struggling to gain control over cloud applications, using an Identity and Access Management technology that actually resides in the cloud will solve those problems.

Full cloud adoption may take several years, and for many organizations, a 100% cloud infrastructure may not be a reality anytime soon. But, the market is definitely heading toward more cloud computing than less, and regardless of where a company falls on the migration path, it’s important that organizations don’t sacrifice security along the way. Identity governance plays a critical role in securing the cloud enterprise and enabling that migration.

By Kevin Cunningham, Co-Founder and President of SailPoint

kevin-cunninghamKevin oversees product development, marketing, sales, operations and services. 

Kevin previously served as founder and vice president of marketing for Waveset, where he turned ground-breaking innovation into tangible market results. Following the acquisition of Waveset by Sun Microsystems, Kevin led strategic product initiatives for Sun’s software portfolio. Kevin has also brought innovative technologies to market for companies including IBM/Tivoli Systems and UniSQL.

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and consultancy services.

Are you a cloud services expert in a world of digital transformation? If so, contact us for information on how to become part of our growing cloud consultancy ecosystem.

CONTRIBUTORS

What is shadow IT?

How to Make the Move to the Cloud Securely

Move to the Cloud Securely The 2016 Enterprise Cloud Computing Survey from IDG offers multiple interesting insights concerning the state ...
The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

WikiLeaks’ Vault 7 If you haven’t heard of the Vault 7 WikiLeaks data dump, you’ve probably been living under a ...
Countdown to GDPR: Preparing for Global Data Privacy Reform

Countdown to GDPR: Preparing for Global Data Privacy Reform

Preparing for Global Data Privacy Reform Multinational businesses who aren’t up to speed on the regulatory requirements of the European ...
AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility Earlier this week, AWS S3 had to fight its way back to ...
Imminent IoT Eye-Tracking Technologies To Transform The Connected World

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

IoT Eye Tracking Smelling may be the first of the perceptible senses, but the eye is the fastest moving organ ...
What Futuristic Transportation Will Look Like In Your Lifetime

What Futuristic Transportation Will Look Like In Your Lifetime

Futuristic Transportation Being stuck in traffic or late for work because of a hold up on the dreaded commute could ...
Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and ...
Scale Matters in the Enterprise Cloud

Scale Matters in the Enterprise Cloud

The Enterprise Cloud What used to be an unknown and mysterious term, “the cloud” is now a common and mostly ...
4 Open Source Business Intelligence Tools For Big Data Reporting

4 Open Source Business Intelligence Tools For Big Data Reporting

Open Source Business Intelligence Tools It’s impossible to take the right business decisions without having insightful information to back up ...
Cloud Services Are Vulnerable Without End-To-End Encryption

Cloud Services Are Vulnerable Without End-To-End Encryption

End-To-End Encryption The growth of cloud services has been one of the most disruptive phenomena of the Internet era.  However, ...

NEWS

email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...
Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...