identity & access management in the cloud
DESCRIPTION
Failure to implement effective security can undermine the benefits of cloud computing. Hence, the planning and implementation of Identity and Access management (IAM) for the cloud has become a key control in cloud adoption.TRANSCRIPT
© 2013 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL 1
Identity & Access
Management in the
Cloud
© 2013 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL 2
Identity & Access
Management in the Cloud
HIGHLIGHTS
Failure to implement effective security can
undermine the benefits of cloud computing.
Hence, the planning and implementation of
Identity and Access management (IAM) for
the cloud has become a key control in
cloud adoption.
This paper throws light on the various
considerations for IAM for the cloud and
guidance to organizations on the approach to
take for IAM deployment.
© 2013 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL 3
Plan Design Plot Deploy
Phased Approach for IAM Deployment
30 % 45 % 25 %
Effort
© 2013 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL 4
Phase 1 - Plan
Understanding the
Environment
Identification of users
and required Access
Controls
Risk Assessment and
Gap Analysis
Target Cloud
Existing IAM
Solutions / Directory
Services
Cloud Administrators
OS and Application
Administrators
Application Users
Avoid
Mitigate
Transfer
Accept
© 2013 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL 5
Phase 2 - Design
Technical
Design,
Process
Framework
and Policy
Creation
Test Plan
Creation Defining the
Metrics
DESIGN
© 2013 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL 6
Phase 3 - Pilot
The success of the IAM deployment depends on this phase.
If testing is not appropriately done or if the coverage is not complete,
the deployment may fail, leading to cost escalations for the
organization.
Issues observed during testing should serve as a feedback to the
design.
Once issues are rectified and design updated, the corrected
configuration should be re-tested.
This iterative process should continue until all issues are
resolved. The final design, after inclusion of all corrections,
should then be made available for the Deploy phase.
© 2013 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL 7
Phase 4 - Deploy
Relevant documents should be
created and published so that
these can be available to
operations and other teams, as
needed
The operations team should be
involved from the inception of the
IAM program to facilitate smooth
handover.
The metrics program and
measurements should be
put in place.
This is the final phase where the
IAM design, suitably tested and
verified, is deployed for the entire
user base.
© 2013 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL 8
Conclusion
Identity & Access Management is a
security consideration that cannot be
overlooked.
It requires careful planning and strong
understanding of the technologies
involved.
IAM if appropriately considered and
implemented would not only help an
organization meet compliance obligations
but would also ensure optimum cost
benefits of the cloud transition.
© 2013 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL 9
For more details please visit the link below:
http://www.wipro.com/Documents/insights/Identityaccess_
management_in_the_cloud.pdf
© 2013 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL 10
Wipro set up the Council for Industry Research, comprised of domain
and technology experts from the organization, to address the needs of
customers. It specifically surveys innovative strategies that will help
customers gain competitive advantage in the market. The Council, in
collaboration with leading academic institutions and industry bodies,
studies market trends to help equip organizations with insights to
facilitate their IT and business strategies.
For more information on the Research Council visit
www.wipro.com/insights or mail [email protected]
About Wipro Council for Industry Research
© 2013 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL 11
About Wipro Technologies
Wipro Technologies, the global IT business of
Wipro Limited (NYSE:WIT) is a leading Information
Technology, Consulting and Outsourcing company,
that delivers solutions to enable its clients do
business better. Wipro Technologies delivers
winning business outcomes through its deep
industry experience and a 360 degree view of
“Business through Technology” – helping clients
create successful and adaptive businesses. A
company recognised globally for its comprehensive
portfolio of services, a practitioner’s approach to
delivering innovation and an organization wide
commitment to sustainability, Wipro Technologies
has over 140,000 employees and clients across 54
countries.
For more information, please visit www.wipro.com
© 2013 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL 12
Thank You ©Wipro Limited, 2013. All rights reserved.
For more information visit www.wipro.com
No part of this document may be reproduced in
whole or in part without the written permission of the
authors.
Wipro is not liable for any business outcome based
on the views presented in this document. For specific
implementation clients should take advise from their
client engagement manager.