Sysfore Technologies

#117-120, First Floor, 4th Block, 80 Feet Road, Koramangala, Bangalore 560034

MANAGING CLOUD IDENTITIES

IN HYBRID CLOUD

Managing Cloud Identities in Hybrid Cloud

As companies add more cloud services to their IT environments, the process of

managing identities is getting more complex. When companies use cloud

services — services they don’t control themselves — they still must develop

sound policies around role-based access. They still must grant rights to users

who need information to get work done, and they must be able to automatically

take away those privileges when people leave a company or change roles. On

top of it all, companies using cloud services are also bound by any compliance

rules that govern their Identity and Access Management (IAM) initiatives.

Businesses now have to deal with a collection of cloud services, that hold

sensitive data obtained from new logins and proprietary connector APIs that

often don’t work well with internal IAM systems.

Talk to Sysfore’s Cloud Identity Access Management experts today, and let us

help you secure your business.

Managing cloud IAM means using a complex set of one-off procedures. This

approach may lead to confusions and an inability to audit any of the systems.

Having a sound identity management and governance is core to nearly all IT

security functions. That’s why security experts are advocating that companies

improve how they manage identities in environments that mix cloud services

and enterprise networks.

Here are some measures to ensure cloud IAM in your business:

Establish IAM rules

As organizations grow and encounter IAM problems, IT and management

generally reach a consensus that business rules must be established. Controls

must be effective and reliable if organizations want to regain control of their

access management programs.

1. The HR department must have a centralised directory service which maintains

the records of the personnel who work in your organization. It could be a pure

directory service such as Active Directory, LDAP, or the Azure Active Directory.

2. Establish an automatic scaling and simplicity which overcomes the complexity

associated with having multiple access control systems.

3. Automated provisioning to streamline user account setup. The manual

process of user account setup is time consuming and error prone. When

properly controlled by workflow, additions and changes to user accounts can be

automatically fulfilled.

4. An IAM system that offers a built-in access matrix. Typically, too daunting to

implement manually, an IAM system can have an access matrix that pairs a

subject’s job title, work location, business unit ID, and so on to each role in a

system. The intersection of job title and role can result in the following potential

outcomes:

Birthright—access is provisioned automatically

Allowed—access is provisioned on request

Reviewed—access is provisioned when designated approvers consent

Exception—access is not provisioned unless executives approve

Prohibited—access is not provisioned under any circumstances

5. Detailed record keeping is a basic requirement. Every element about an access

request, review, approval, and provisioning must be documented in a way that

makes it easy to research requests and approvals to see who was involved.

6. Periodic reviews and audits of the users’ access rights, need to continue even

with IAM systems in place. The primary reason is to determine whether every

person in a certain role still requires access to those roles. These periodic

reviews should include the master access matrix, workflow and approval rules,

and rules for segregation of duties.

The reviews provide information whether the approvals were made properly.

All the basic worker termination process is working by comparing HR records of

existing workers.

7. Operating in multiple IAM environments is the result of rapid cloud

environment and organizations having an IAM system for some of their

applications and manual processes for others, or multiple IAM systems. To

achieve better operational consistency and scale, most organizations will try to

have a single IAM platform for all of their principle systems and applications.

Migrating authentication / authorization, or even just the workflow and

provisioning, is a tricky affair.

8. Selecting and operating the IAM system. Most organizations that implement

IAM systems will have applications that IT chooses not to pipe-in to automatic

provisioning.

Organizations that undertake the initiative to acquire IAM systems need to

understand how authentication, data flows, workflows and account provisioning

will work in their own environments. It may be necessary to survey all in-scope

systems to determine the viability of integrating authentication and account

provisioning. Each system will have its own integration issues, which you should

identify beforehand.

Talk to Sysfore’s Cloud Identity Access Management experts today, and let us

help you secure your business. You contact us at info@sysfore.com or call us at

+91-80-4110-5555 to know more.