Slaughterbots: Scary Digital Disruption

Slaughterbots: Scary Digital Disruption

Slaughterbots Digital disruption blossoms from a thousand sources. New technologies seem to emerge slowly and almost randomly. Then BOOM! They come together in unexpected ways. Here is something to keep you up at night. We are near the peak of the flu season in the
Breached Data

No Google+? No Problem

No doubt you heard about the death of Google+? The reports of the death of Google+ are not exaggerated. But it’s an exaggeration to say that Google shut it down because of a data breach. Rather, Google shut it down because of an API vulnerability

CONTRIBUTORS

It’s Not Digital Transformation; It’s Digital “Business” Transformation – Part II

It’s Not Digital Transformation; It’s Digital “Business” Transformation – Part II

Previously in Part I “It’s Not Digital Transformation; It’s Digital “Business” Transformation – Part I” we introduced two fundamental digital ...
Why Accept the Hype? Time to Transform How We Approach Emerging Technology

Why Accept the Hype? Time to Transform How We Approach Emerging Technology

Time to Transform How We Approach Emerging Technology It’s like a rite of passage – a new technology pops onto ...
Imminent IoT Eye-Tracking Technologies To Transform The Connected World

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

IoT Eye Tracking Smelling may be the first of the perceptible senses, but the eye is the fastest moving organ ...

RECENT NEWS

Pressure grows on Zuckerberg to attend Facebook committee hearing

Pressure grows on Zuckerberg to attend Facebook committee hearing

Australia, Argentina and Ireland join UK and Canada in urging Facebook CEO to give evidence to parliaments Parliamentary committees from ...
Oracle Cloud Unveils New HPC Offerings to Support Mission Critical Workloads

Oracle Cloud Unveils New HPC Offerings to Support Mission Critical Workloads

Oracle Cloud Unveils New HPC Offering Oracle now provides a complete set of solutions for any high performance computing workload, ...
Batteryless smart devices closer to reality

Batteryless smart devices closer to reality

Researchers at the University of Waterloo have taken a huge step towards making smart devices that do not use batteries ...
The New Industrial Revolution – According to the WSJ

The New Industrial Revolution – According to the WSJ

The insert in today’s US print edition of the Wall Street Journal is called The New Industrial Revolution. The paper updates ...
Capgemini in Gartner Magic Quadrant

Capgemini in Gartner Magic Quadrant

Paris, November 9, 2018 – Capgemini, today announced that Capgemini (Prosodie) has been positioned as a Leader by Gartner in its ...
Dean Weich

Ensuring Cloud Authorizations Are Correct

Cloud Authorization

Almost all organizations in every industry now use some type cloud application. This is because of cost, efficiency, ease of use and because many software companies are offering their solutions in the cloud. For example, Microsoft 365 and Adobe Suite are mostly utilized by organizations in the respective cloud versions.

Cloud applications have many benefits for both the organization and for the end user, but there also needs to be some type of guideline or solution in place to ensure that they are managed correctly. There are many account and access management issues that come with implementing cloud applications for your organization.

So what are some of the issues that organizations have with access management to cloud applications? Like with in-house applications, often two things happen. End users either are given too few rights and need to request additional access or they accidently receive too many rights to systems and applications that they should not.

cloud-systems

For the first scenario, employees can request additional access rights from the application manager at their organization, but this is very inefficient. They need to contact someone in the company who handles access and request that an account is created for them or additional access rights are made for them. This is frustrating for the employee and for the manager, since they are likely working on other projects. The employee has to then wait until this is created and may need follow up with the admin to see if the request is in the works.

For the latter problem, it is a major security concern for the organization. Often for convenience, an employee’s account is copied from another employee’s in a similar role to make. This potentially leaves the employee with additional access rights that they should not have, possibly to sensitive information.

The issue is difficult to manage and there needs to be someone who is manually creating access or checking to ensure that access rights are accurate. If you are a system admin, a CIO or other technology director, you know that either there is no one who is designated to complete these tasks, or this is something that is delegated to an employee with to an already full workload.

So enough about talking about everything that your organization is having issues with. How can this be resolved and what type of solution and guidelines should be put in place so that this doesn’t regularly occur?

An identity and access governance (IAG) solution is the first way to help ensure that all rights are correct. The company sets up a model of exactly the access rights for each role in the organization. For example, someone working as a manger in the IT department will need certain access rights to systems, applications and resources. This allows the person who is creating the account to easily do so without accidentally making any access mistakes; either giving the employee too many rights or too little rights.

Once an account is created for the employee how can it be ensured that going forward changes are made efficiently and the network remains secure?

Another solution that can be used is workflow management. These applications are a controlled, automated process with a defined sequence of tasks that can replace an otherwise manual process. This allows for a streamlined process for employee requests and their implementation.

Using a web portal, employees can request any additional access rights to their current applications or even new applications. A workflow is set up so that when a user requests a change, the request then goes through a predefined sequence of people who need to approve it before the change is implemented. The organization can set up the workflow process however they desire, so that depending on the user, and what they request, the process goes through a specific sequence. There is also no need for the employee to bother their manager to check on the request. They can easily access the web portal and see exactly where the request is and what steps still need to be completed.

There are also several ways to check access rights, as a double check, to ensure that everything is correct throughout the year or at any interval. These methods will allow someone to check everything is correct easily and efficiently.

One way this can be achieved is with reconciliation. This module in an IAG solution compares how access rights are set up to be in the model to how they actually are and creates a report on any differences. Anything that is not accurate can then be sent to the appropriate manager to check the issue and easily correct if needed.

Attestation is still another form of checking access and goes one step further to verify everything is correct. A report will be sent out to managers of a department, with all their employees, for them to verify that everything is correct. For example, the marketing manager will receive a report on the access rights of everyone in the marketing department. He or she will need to look over and either mark access right for deletion, change access right directly, or create a ticket in the helpdesk system to change the access rights. After looking everything over, the manager must give their final approval for the proposed set of changes to ensure that everything is correct.

For organizations to receive the best benefits from cloud applications there needs to be guideline and solutions in place to help manage the accounts in these applications. These are just some of the many ways IAG solutions allow for the organization to easily ensure correct access rights.

By Dean Wiech

Dean Wiech

Dean Wiech is managing director at Tools4ever US. Tools4ever supplies a variety of software products and integrated consultancy services involving identity management, such as user provisioning, role-based access control, password management, single sign on and access management solutions.

View Website

Cloud Community Supporters

(ISC)²
Cisco
SAP
CA Technologies
Dropbox

Cloud community support comes from (paid) sponsorship or (no cost) collaborative network partnership initiatives.