Modern organizations know that to maintain a competitive edge, they need to embrace digital transformation. Despite the business need to move mission-critical operations to the cloud, organizations continue to struggle managing access within their ecosystems to create a secure cloud strategy. By shaping the future of security with identity, organizations can create a holistic approach to data security and privacy without compromising operational effectiveness.
What Is Identity Management in Cloud Computing?
Identity management in cloud computing strengthens security by limiting access to computer resources, Software-as-a-Service (SaaS) applications, Infrastructure-as-a-Service (IaaS) or Platform-as-a-Service (PaaS) environments. Limiting access with the principle of “least privilege” helps secure data by mitigating the data breach risks associated with excess access and proves governance over users’ ability to edit data, ensuring the confidentiality, integrity, and accessibility of sensitive information.
How Is Identity Management Different in Cloud Infrastructures?
Identity management in traditional on-premises infrastructures focused on authorizing user identity access to resources using rule-based policy or role-based access controls (RBAC). In an on-premises environment, this static and easily controllable process was sufficient because context was often also static and controllable.
With digital transformation and resources now being in the cloud, focusing on authorization via traditional models leaves organizations open to new risks. Authorizing a user to a Software-as-a-Service (SaaS) application using RBAC may create excess access.
For example, your marketing and sales departments may both need access to the same SaaS application, but they often need different information. Offering both departments the same access may violate the principle of “least privilege.” If marketing employees can access addresses or sales department notes that they do not need, you may be creating excess access that leads to a data security risk.
How Does Access Management Differ from Identity Management?
While identity management focuses on creating user attributes that dictate access, access management applies these attributes by performing the real-time authentication and the application of attributes to deliver appropriate access.
For example, an employee who pays vendors should not also have the ability to create new vendors in a payment system. In this example, identity management dictates the identity and rights of the user, and prevents a user from having the rights to both pay vendors and create vendors. Access management, meanwhile, applies the access rights when the user logs into the payment application, preventing him from engaging in both activities within the payment application and thus ensuring segregation of duties. Correct access relies upon correct identity management and attributes.
How Security and Identity Shape Data Protection
RBAC was often the way access was dictated in a legacy on-premises data environment. Employees had job functions within the organization that directly related to the physical data locations in your office building. Whether it was a local area network (LAN) that could only be accessed from within the building or a physical server, you could easily manage users’ access based solely on their roles.
Complex cloud infrastructures changed all of this. Today, your employees may work remotely, accessing cloud resources from personal computers or mobile devices. Your SaaS applications or IaaS/PaaS deployments increase the number of access locations, creating new risks that need to be mitigated.
While firewalls provide a boundary around internal organizational resources in a physical location, utilizing Identity Governance and Administration (IGA) to perform identity management helps protect against unnecessary and unsecure access within the cloud ecosystem.
Managing Employee Access
Federation with multi-factor authentication is a starting point for most organizations looking to create secure cloud infrastructures. Users securely authenticated to the cloud infrastructure can access the applications stored there.
However, once users gain access to your cloud-based ecosystem, the interconnected nature of applications and the level of access within them becomes more difficult to manage. As your organization scales by adding more applications, you further reduce visibility.
Using IGA enables you to dictate more precise access than federation while also protecting from risky excess access. Peer- and usage-based access recommendations help streamline provisioning while protecting from potential segregation of duties (SOD) violations.
Vendor Risk Management
Whether your vendor is a human contractor or non-person identity such as a service account, you need to determine how much interaction with data the user should have.
Although human and non-person vendors are different use cases, they both require similar IGA strategies. Not only do you need to limit the data that they access, but you need to be able to create time-bound access rights that terminate appropriately.
Focusing on IGA with predictive access analytics allows you to secure access both to and within your cloud infrastructure. You need to ensure that you manage a human vendor’s access to information based on their job function while also ensuring that you terminate the access upon contract termination or job completion. Meanwhile, you need to limit your non-person “vendor” access to only the application it updates and only for the short time needed to update the resource.
With a next-generation IGA solution, you can establish time-bound access limitations for both of these types of users. Additionally, analytics can help compare the attributes used for these identities and establish risk-based, context-aware policies that secure access as you scale your business or infrastructure. By focusing on identity, you secure data at the entry point, similar to using a lock on your front door to protect your home.
Saviynt Converge: Using Identity to Shape Security
At Saviynt’s annual Converge conference, we bring together thought leaders from across the Identity space to discuss the biggest challenges facing organizations. With malicious actors continuing to target your systems via your users, a security foundation based upon identity is more important than ever to your digital transformation strategy.
Come and network with implementers, industry experts and innovative customers at Saviynt Converge ‘19.
To join us at Converge ‘19 and participate in our new immersive experience, register today.