Do you have a Cloud-access strategy?
When any business transitions its IT-services (and identities) to the Cloud, any existing governance problems surrounding user and access management are proliferated. Typically, and even though this is an area of weakness within most organisations, the view from many CIO’s/Security Managers will likely be – “I can control my access because it’s in my own datacentre and behind my firewall”. However, this fundamentally changes when the identity and assets are contained within a public Cloud. In this scenario, the identities are more difficult to manage and control, even in hybrid deployments.
Why is it important to adopt an access strategy for security?
When adopting a Cloud strategy as part of an overarching IT transformation program, or as an enabler to ’digital business’ objectives, the fundamental ‘access control’ shifts from that of a traditional firewalling of assets approach to that of identity management. This shift is so much so, that the term ‘Perimeter’ essentially no longer exists, and is broadly replaced by the term ‘identity is the perimeter’. Moreover, the security controls and tools that were once used for perimeter defence are now not good enough to provide enough control in modern IT solutions.
Currently, the strategic option for any business which has this dilemma is to look to adopt an identity and access management (IAM) strategy, which will allow a new perimeter around corporate access to be created, by strictly controlling identity access along with identity lifecycle.
As with traditional on-premises access strategies, this is especially important when it comes to controlling access for former employees and ensuring that these unauthorised users are not allowed continued access to corporate data within Cloud services after leaving the business. In principle, the only way to govern this area is to utilise a solution which stores and maintains access control through a centralised identity service, and one which fully provides lifecycle management.
In a scenario where Azure Active Directory is used as a business’s main Cloud identity store, which is likely already governed by an on-premises AD via synchronisation; this only deals with half of the issue. The other half is how to control on-going access to Cloud services, whilst ensuring that security controls are in place to easily and quickly revoke it if necessary. This, in addition to bridging technical boundaries such as inter-forest connectivity, or inter-platform diversity.
Why do I need to plan my source of identity management for the future?
When adopting a Cloud strategy, it is important to review the current sources of truth for identity within your business, as this will provide an understanding of how the business is controlling and will control access to systems and data. Typically, and in most cases this is managed via a Human Resources (HR) process, either automated or via a manual process; noting that the former provides the most value both in terms of security and efficiency.
Another key consideration is that the current on-premises HR system may not be on-premises in the future, and may actually be a best of breed SAAS application (such as Workaday, Ultipro or other). Moreover, as the adoption of line of business applications shift towards a Cloud-first strategy, the underlying identity and access management model should also be adjusted in alignment with this.
Whilst designing an IAM solution, it may also be useful or necessary to converge or blend user information from multiple data sources. For example, imagine that data may not only be contained within Active Directory alone and may instead be held within a Phone system, HR, and Active Directory. In this scenario, it may be useful to determine which data is relevant for which application and to then use this data meaningfully within Cloud applications and with Cloud identity lifecycle. This area is something which would ultimately be assessed during the selection criteria and design of such a solution.
All in all, the objectives or requirements within a business will dictate its long-term strategy; be that by providing more collaboration with partner organisations or by automating user lifecycle. However, with an ever-evolving Cloud landscape, one thing is for certain; a business’s identities must be managed now more than ever.
How can Silversands help me with this?
At Silversands, we understand the importance of selecting the correct long-term IT strategy within a business, especially in relation to the shift of architecture from that of on-premises to that of the Cloud. Additionally, Silversands has been working with identity systems for many years and understands the nuances and importance of this element within the overall foundations of IT solutions.
With the adoption of ‘Cloud-first’ strategies, or even for customers who are caught up by the challenges of unifying their disparate Directory infrastructures in readiness for a Cloud strategy; these are all areas where Silversands has the expertise and solutions to assist.
In line with this, Silversands has selected a best of breed solution to ensure that its customers can adopt a Cloud strategy, whilst ensuring that its architecture is optimised for security and is aligned for maximum business agility.
The selected product, which is considered by Gartner to be the leader in the ‘Identity As A service’ (IDAAS) area is Okta. Okta is a Cloud (SAAS) solution which has been developed specifically for Cloud architecture from the ground up, thereby making it uniquely positioned within the market. It provides the most fully-featured Cloud identity solution, providing Single sign-on, Multi-factor authentication, Mobile device management, and lifecycle management. Each of these elements are also tightly integrated into the platform and provide unparalleled usability.
Useful links. For the Okta website. Please click here.
For more information on this subject, please fill in the attached form.