Ensuring Cloud Authorizations Are Correct

Cloud Authorization

Almost all organizations in every industry now use some type cloud application. This is because of cost, efficiency, ease of use and because many software companies are offering their solutions in the cloud. For example, Microsoft 365 and Adobe Suite are mostly utilized by organizations in the respective cloud versions.

Cloud applications have many benefits for both the organization and for the end user, but there also needs to be some type of guideline or solution in place to ensure that they are managed correctly. There are many account and access management issues that come with implementing cloud applications for your organization.

So what are some of the issues that organizations have with access management to cloud applications? Like with in-house applications, often two things happen. End users either are given too few rights and need to request additional access or they accidently receive too many rights to systems and applications that they should not.

cloud-systems

For the first scenario, employees can request additional access rights from the application manager at their organization, but this is very inefficient. They need to contact someone in the company who handles access and request that an account is created for them or additional access rights are made for them. This is frustrating for the employee and for the manager, since they are likely working on other projects. The employee has to then wait until this is created and may need follow up with the admin to see if the request is in the works.

For the latter problem, it is a major security concern for the organization. Often for convenience, an employee’s account is copied from another employee’s in a similar role to make. This potentially leaves the employee with additional access rights that they should not have, possibly to sensitive information.

The issue is difficult to manage and there needs to be someone who is manually creating access or checking to ensure that access rights are accurate. If you are a system admin, a CIO or other technology director, you know that either there is no one who is designated to complete these tasks, or this is something that is delegated to an employee with to an already full workload.

So enough about talking about everything that your organization is having issues with. How can this be resolved and what type of solution and guidelines should be put in place so that this doesn’t regularly occur?

An identity and access governance (IAG) solution is the first way to help ensure that all rights are correct. The company sets up a model of exactly the access rights for each role in the organization. For example, someone working as a manger in the IT department will need certain access rights to systems, applications and resources. This allows the person who is creating the account to easily do so without accidentally making any access mistakes; either giving the employee too many rights or too little rights.

Once an account is created for the employee how can it be ensured that going forward changes are made efficiently and the network remains secure?

Another solution that can be used is workflow management. These applications are a controlled, automated process with a defined sequence of tasks that can replace an otherwise manual process. This allows for a streamlined process for employee requests and their implementation.

Using a web portal, employees can request any additional access rights to their current applications or even new applications. A workflow is set up so that when a user requests a change, the request then goes through a predefined sequence of people who need to approve it before the change is implemented. The organization can set up the workflow process however they desire, so that depending on the user, and what they request, the process goes through a specific sequence. There is also no need for the employee to bother their manager to check on the request. They can easily access the web portal and see exactly where the request is and what steps still need to be completed.

There are also several ways to check access rights, as a double check, to ensure that everything is correct throughout the year or at any interval. These methods will allow someone to check everything is correct easily and efficiently.

One way this can be achieved is with reconciliation. This module in an IAG solution compares how access rights are set up to be in the model to how they actually are and creates a report on any differences. Anything that is not accurate can then be sent to the appropriate manager to check the issue and easily correct if needed.

Attestation is still another form of checking access and goes one step further to verify everything is correct. A report will be sent out to managers of a department, with all their employees, for them to verify that everything is correct. For example, the marketing manager will receive a report on the access rights of everyone in the marketing department. He or she will need to look over and either mark access right for deletion, change access right directly, or create a ticket in the helpdesk system to change the access rights. After looking everything over, the manager must give their final approval for the proposed set of changes to ensure that everything is correct.

For organizations to receive the best benefits from cloud applications there needs to be guideline and solutions in place to help manage the accounts in these applications. These are just some of the many ways IAG solutions allow for the organization to easily ensure correct access rights.

By Dean Wiech

Derrek Schutman
Implementing Digital Capabilities Successfully Building robust digital capabilities can deliver huge benefits to Digital Service Providers (DSPs). A recent TMForum survey shows that building digital capabilities (including digitization of customer experience and operations), is the ...
Matrix
When sci-fi films like Tom Cruise’s Oblivion depict humans living in the clouds, we imagine that humanity might one day leave our primitive dwellings attached to the ground and ascend to floating castles in the ...
Dinesh Varadharajan
The Future with Automation Many entrepreneurs believe digital technologies will transform the way their companies work. By 2022, the worldwide hyper-automation technology market is expected to be worth $596.6 billion. And by 2055, almost half ...
Threat Security
Azure Red Hat OpenShift: What You Should Know What Is Azure Red Hat OpenShift? Red Hat OpenShift provides a Kubernetes platform for enterprises. Azure Red Hat OpenShift permits you to deploy fully-managed OpenShift clusters in ...
Gary Bernstein
Test Data Management How do you test your data management systems? With Delphix, you can automate your tests by running your data against a virtual copy of your production environment. Today, the amount of data ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.