Welcome!

Cloud Security Authors: Elizabeth White, Stackify Blog, Peter Davidson, Nishanth Kadiyala, Liz McMillan

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security

@CloudExpo: Article

Identity and Access Management in the Cloud

Many companies are beginning to realize that cloud services can often be more secure than in-house data centers

In today's business world, data is the lifeblood of most organizations. As such, it has become a prime target for both external and internal threats. Data breaches made plenty of headlines in 2011 and don't show any signs of slowing down. In fact, a recent report from Privacy Rights Clearinghouse found that there were 535 data breaches reported last year alone. Whether it is for a Fortune 500 business, a university or a midmarket company, the protection of sensitive information is not only important for daily business functions, but is now a security measure required by law. As organizations of all sizes - not just large enterprises - struggle to keep up with evolving security and compliance requirements, many are turning to identity and access management (IAM) solutions to meet their needs.

Unlike traditional IT security technologies, which focus on perimeter and end-point threats, IAM solutions focus on identity lifecycles and access controls, as well as provisioning, authentication, certification and other identity-based processes. Previously seen as a luxury only available to the largest of organizations, cloud computing has increased the accessibility of IAM solutions for businesses of all sizes at a time when they are needed most. In addition, cloud computing provides the opportunity for security vendors to bring mature IAM technology to smaller businesses via a new deployment model - without starting from scratch and losing years of successful development.

Bringing SaaS into the IAM Fold
Originally hesitant to put sensitive data in the cloud, many companies are beginning to realize that cloud services can often be more secure than in-house data centers, as they are held to service level agreements (SLAs) and other third-party regulations. As such, more organizations are now readily adopting Software-as-a-Service (SaaS) and cloud solutions to maximize efficiencies, lower total cost of ownership and ultimately "do more with less." How? Cloud-based IAM solutions can be deployed at a fraction of the time and cost of on-premise infrastructure. In addition, because cloud-based solutions are often much easier to use and manage, IT managers can focus on tasks that are more central to business goals rather than spending their resources trying to manage complex on-premise infrastructure.

For many organizations, the strategy for growth over the next couple of years will be heavily focused on expanding and optimizing their extranet community - SaaS providers, cloud service providers, supply chain partners, resellers, integrators and other business partners. The question now becomes how to secure these SaaS-based applications, cloud services and other third-party systems. Having a strategy for external audiences' identities and entitlements - in addition to internal employees - as well as visibility into all identity data is critical to a business's future success. Enter federation.

Federation, which enables companies to extend IAM capabilities to third-party applications and securely share identity information with external audiences, is becoming an increasingly strategic business tool. Two of the most common federated IAM capabilities are Federated Single Sign-On (FSSO) and federated user provisioning.

  • Federated Single Sign-On (FSSO): FSSO capabilities allow a company's user base to access applications while avoiding the need to transmit shared secrets, such as passwords, to third parties - mitigating the risk of important credentials being compromised. FSSO also allows the user to log in to all applications in a uniform way regardless of whether they are housed internally or hosted by an external partner. The flip side of this capability is that the business can also safely provide authorized third parties with access to their applications. Using an industry-proven means of providing SSO capabilities to third parties - rather than using an in-house grown solution that hasn't been vetted or tested - can help companies strengthen security and increase compliance while improving productivity by eliminating password reset requests and other associated help desk calls.
  • Federated User Provisioning: Federated user provisioning allows third-party applications to be included in the same identity and lifecycle process as internal applications. With the use of secure and open-standard protocols, organizations can seamlessly exchange identity data with partners and SaaS providers as well as provision users, roles and entitlements to external applications. Equally as important, using federated user provisioning, companies can also ensure that user role and entitlement information found on third-party systems is timely and accurate, mitigating the risk of important data being accessed by unauthorized users.

At the onset of widespread SaaS adoption, many companies did not consider external applications part of their network infrastructure - and so provisioning and other IAM capabilities were focused on on-premise systems only. As more and more critical data and applications become housed in the cloud, eschewing security liability for systems and information residing outside a company's four walls is a critical and common mistake.

Provisioning encompasses managing role data and access rights throughout a user's life cycle - from onboarding, transfers and promotions to the day they leave the company - and must be applied to both on- and off-premise systems in a timely and accurate manner in order to ensure proper access to important data. Otherwise, companies open themselves up to a variety of dangers, including data breaches, increased IT costs and compliance risks.

For example, effectively deprovisioning a user when they are no longer authorized to access certain resources is just as important as giving them access at the start of an identity life cycle. Failure to deprovision users who have left a company can result in orphan accounts, opening the organization up to a number of potential issues. Compliance requirements aside, ex-employees who still have access to SaaS or on-premise applications can potentially harvest corporate and client information for nefarious purposes. In other cases, it's important to have up-to-date entitlement information when users simply change position or are given different responsibilities. Otherwise, these events can lead to "entitlement sprawl" wherein users accumulate privileges that are no longer necessary for their jobs. In the age of the data breach, IAM solutions are more than just another add-on for a business's security infrastructure. An effective IAM solution will protect sensitive data, help to avoid complications in daily business operations, minimize potential legal woes and ensure a strong reputation among customers.

Conclusion
As technologies, such as mobile devices and social networking sites, continue to further convolute the security landscape, more and more critical assets are being placed outside a company's four walls. In order to put their security measures closer to these assets, many companies are implementing cloud-based solutions. Proficient cloud-based IAM tools can help companies strengthen security and increase compliance while benefiting from unparalleled savings, quick time-to-deployment and greater business efficiencies - a win-win for all involved.

More Stories By Eric Z. Maass

Eric Maass is the chief technology officer at Lighthouse Security Group, where he’s responsible for the roadmap and technology vision for the company’s flagship product, Lighthouse Gateway, a cloud-based identity and access management platform. Maass was formerly the chief security architect for the U.S. Air Force’s Global Combat Support System, where he was responsible for the architecture and design of its net-centric IAM infrastructure.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists looked at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deliver...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Amazon started as an online bookseller 20 years ago. Since then, it has evolved into a technology juggernaut that has disrupted multiple markets and industries and touches many aspects of our lives. It is a relentless technology and business model innovator driving disruption throughout numerous ecosystems. Amazon’s AWS revenues alone are approaching $16B a year making it one of the largest IT companies in the world. With dominant offerings in Cloud, IoT, eCommerce, Big Data, AI, Digital Assista...
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 21st Int\ernational Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their ...
SYS-CON Events announced today that Cloud Academy named "Bronze Sponsor" of 21st International Cloud Expo which will take place October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud com...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.