managing cloud identities in hybrid cloud
TRANSCRIPT
Sysfore Technologies
#117-120, First Floor, 4th Block, 80 Feet Road, Koramangala, Bangalore 560034
MANAGING CLOUD IDENTITIES
IN HYBRID CLOUD
Managing Cloud Identities in Hybrid Cloud
As companies add more cloud services to their IT environments, the process of
managing identities is getting more complex. When companies use cloud
services — services they don’t control themselves — they still must develop
sound policies around role-based access. They still must grant rights to users
who need information to get work done, and they must be able to automatically
take away those privileges when people leave a company or change roles. On
top of it all, companies using cloud services are also bound by any compliance
rules that govern their Identity and Access Management (IAM) initiatives.
Businesses now have to deal with a collection of cloud services, that hold
sensitive data obtained from new logins and proprietary connector APIs that
often don’t work well with internal IAM systems.
Talk to Sysfore’s Cloud Identity Access Management experts today, and let us
help you secure your business.
Managing cloud IAM means using a complex set of one-off procedures. This
approach may lead to confusions and an inability to audit any of the systems.
Having a sound identity management and governance is core to nearly all IT
security functions. That’s why security experts are advocating that companies
improve how they manage identities in environments that mix cloud services
and enterprise networks.
Here are some measures to ensure cloud IAM in your business:
Establish IAM rules
As organizations grow and encounter IAM problems, IT and management
generally reach a consensus that business rules must be established. Controls
must be effective and reliable if organizations want to regain control of their
access management programs.
1. The HR department must have a centralised directory service which maintains
the records of the personnel who work in your organization. It could be a pure
directory service such as Active Directory, LDAP, or the Azure Active Directory.
2. Establish an automatic scaling and simplicity which overcomes the complexity
associated with having multiple access control systems.
3. Automated provisioning to streamline user account setup. The manual
process of user account setup is time consuming and error prone. When
properly controlled by workflow, additions and changes to user accounts can be
automatically fulfilled.
4. An IAM system that offers a built-in access matrix. Typically, too daunting to
implement manually, an IAM system can have an access matrix that pairs a
subject’s job title, work location, business unit ID, and so on to each role in a
system. The intersection of job title and role can result in the following potential
outcomes:
Birthright—access is provisioned automatically
Allowed—access is provisioned on request
Reviewed—access is provisioned when designated approvers consent
Exception—access is not provisioned unless executives approve
Prohibited—access is not provisioned under any circumstances
5. Detailed record keeping is a basic requirement. Every element about an access
request, review, approval, and provisioning must be documented in a way that
makes it easy to research requests and approvals to see who was involved.
6. Periodic reviews and audits of the users’ access rights, need to continue even
with IAM systems in place. The primary reason is to determine whether every
person in a certain role still requires access to those roles. These periodic
reviews should include the master access matrix, workflow and approval rules,
and rules for segregation of duties.
The reviews provide information whether the approvals were made properly.
All the basic worker termination process is working by comparing HR records of
existing workers.
7. Operating in multiple IAM environments is the result of rapid cloud
environment and organizations having an IAM system for some of their
applications and manual processes for others, or multiple IAM systems. To
achieve better operational consistency and scale, most organizations will try to
have a single IAM platform for all of their principle systems and applications.
Migrating authentication / authorization, or even just the workflow and
provisioning, is a tricky affair.
8. Selecting and operating the IAM system. Most organizations that implement
IAM systems will have applications that IT chooses not to pipe-in to automatic
provisioning.
Organizations that undertake the initiative to acquire IAM systems need to
understand how authentication, data flows, workflows and account provisioning
will work in their own environments. It may be necessary to survey all in-scope
systems to determine the viability of integrating authentication and account
provisioning. Each system will have its own integration issues, which you should
identify beforehand.
Talk to Sysfore’s Cloud Identity Access Management experts today, and let us
help you secure your business. You contact us at [email protected] or call us at
+91-80-4110-5555 to know more.