Over the years, cloud applications have become more of the norm at organizations rather than the exception. The cloud is no longer the little sibling of on-premises applications. According to a report by Allied Market Research, there has been a huge growth in adoption with still more than a 30 percent growth predicted in the next four years. There are many reasons for this growth, including employees more frequently working from home or on the go and needing applications that they can access from anywhere at any time.
As the cloud market continues to evolve and grow, there needs to be methods in place to protect these cloud applications and ensure security of the organizations network. While cloud applications are convenient for access from anywhere, the organization needs to ensure that only the correct people can gain access to the appropriate systems. There also needs to be methods in place that stay in the forefront of any attacks by hackers to steal secure information, whether it be from outside intruders or from employees within the organization.
What are the potential security risks?
The most common issue is when an organization begins to use numerous cloud applications it becomes difficult to ensure that employees have the correct access to cloud applications and data. Users may have access to systems and applications that they shouldn’t, leaving the company’s data non-secure. For example, the most common access mistakes are when an employee starts at an organization and is given too many rights, or when the wrong people give them access over time.
Then there is the issue of password management, especially since it is very common for users of cloud applications to be working outside of the company’s network from home or while traveling. For example, think of an employee who is on the go and in a hurry. They need to log into an application on their smartphone while traveling and find themselves struggling with remembering and entering all of their passwords for each application. So, what does the employee do? They either keep their password in notes on their phone or they write it down and keep it with them, neither of which is secure at all.
Cloud Identity and Access Management Growth
As with cloud applications, cloud identity and access management solutions have grown greatly over the years. This only makes sense, since there needs to be solutions in place to manage these expanding applications. Cloud IAM solutions allow the organization to ensure security and easily manage the applications. How?
Just as with in-house applications, those hosted in the cloud need to be managed properly so that, as mentioned, only the correct people have access. Many solutions are available for access management for in-house applications, but as the cloud has grown many of these have evolved to work seamlessly with cloud applications as well. This allows the organization to ensure correct access for in-house and cloud applications from one source.
The first issue a cloud IAM solution assists with is setting up correct access from the beginning. Since provisioning employee accounts in all applications, including cloud applications, is time consuming, often a template account is used for the new employee, copied from someone in a similar position. This then leads to the employee often accumulating rights, which they should not have. Basing rights on the different roles within the organization, specific access profiles can be set with an IAM solution. When the employee is added to the source system, depending on their role, their access rights and accounts in each application are automatically generated and set up for them. An email can then be sent to their manager with all of their access rights and accounts. If for any reason this is incorrect the manager can then easily edit the employees account.
Another access issue with cloud applications is that employees often wrongly obtain access rights over time. Either they request access from someone who does not have the authorization to give it or they borrow someone’s credentials. This situation can be prevented with an IAM workflow. A workflow can be set up by the organization so that only the correct authorized managers can give access to secure applications. For example, if an employee needs access to a certain secure application for a project, they can easily make the request through a portal. The request is then sent to the appropriate manager, who can either accept or deny the request. If needed, there can also be several levels of approval required. This ensures that only the correct authorized people are giving access rights.
Passwords for cloud applications also need to be protected without interfering with convenience, one of the main benefits of cloud applications. One way this can be achieved is with web single sign-on solutions. These types of solutions allow users on the go to login with one single password to access a portal of all of their cloud applications. This not only improves security, since it eliminates the need of end users to write down their passwords, it all ensures efficiency. Cloud solutions allow users to work from anywhere, so any solution that works with them should complement this benefit.
Overall, as the growth of cloud applications has continued to expand, so have cloud IAM solutions. This is because one does not work fully without the other. Both cloud applications and cloud IAM solutions work seamlessly together to benefit the organization.
[su_box title=”Dean Wiech, Managing Director at Tools4ever US” style=”noise” box_color=”#336588″]
Dean Wiech is managing director at Tools4ever US. Tools4ever supplies a variety of software products and integrated consultancy services involving identity management, such as user provisioning, role-based access control, password management, single sign on and access management solutions.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.