Welcome!

Cloud Security Authors: Liz McMillan, Pat Romanski, Elizabeth White, Ravi Rajamiyer, Ed Featherston

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security

@CloudExpo: Article

Identity and Access Management in the Cloud

Many companies are beginning to realize that cloud services can often be more secure than in-house data centers

In today's business world, data is the lifeblood of most organizations. As such, it has become a prime target for both external and internal threats. Data breaches made plenty of headlines in 2011 and don't show any signs of slowing down. In fact, a recent report from Privacy Rights Clearinghouse found that there were 535 data breaches reported last year alone. Whether it is for a Fortune 500 business, a university or a midmarket company, the protection of sensitive information is not only important for daily business functions, but is now a security measure required by law. As organizations of all sizes - not just large enterprises - struggle to keep up with evolving security and compliance requirements, many are turning to identity and access management (IAM) solutions to meet their needs.

Unlike traditional IT security technologies, which focus on perimeter and end-point threats, IAM solutions focus on identity lifecycles and access controls, as well as provisioning, authentication, certification and other identity-based processes. Previously seen as a luxury only available to the largest of organizations, cloud computing has increased the accessibility of IAM solutions for businesses of all sizes at a time when they are needed most. In addition, cloud computing provides the opportunity for security vendors to bring mature IAM technology to smaller businesses via a new deployment model - without starting from scratch and losing years of successful development.

Bringing SaaS into the IAM Fold
Originally hesitant to put sensitive data in the cloud, many companies are beginning to realize that cloud services can often be more secure than in-house data centers, as they are held to service level agreements (SLAs) and other third-party regulations. As such, more organizations are now readily adopting Software-as-a-Service (SaaS) and cloud solutions to maximize efficiencies, lower total cost of ownership and ultimately "do more with less." How? Cloud-based IAM solutions can be deployed at a fraction of the time and cost of on-premise infrastructure. In addition, because cloud-based solutions are often much easier to use and manage, IT managers can focus on tasks that are more central to business goals rather than spending their resources trying to manage complex on-premise infrastructure.

For many organizations, the strategy for growth over the next couple of years will be heavily focused on expanding and optimizing their extranet community - SaaS providers, cloud service providers, supply chain partners, resellers, integrators and other business partners. The question now becomes how to secure these SaaS-based applications, cloud services and other third-party systems. Having a strategy for external audiences' identities and entitlements - in addition to internal employees - as well as visibility into all identity data is critical to a business's future success. Enter federation.

Federation, which enables companies to extend IAM capabilities to third-party applications and securely share identity information with external audiences, is becoming an increasingly strategic business tool. Two of the most common federated IAM capabilities are Federated Single Sign-On (FSSO) and federated user provisioning.

  • Federated Single Sign-On (FSSO): FSSO capabilities allow a company's user base to access applications while avoiding the need to transmit shared secrets, such as passwords, to third parties - mitigating the risk of important credentials being compromised. FSSO also allows the user to log in to all applications in a uniform way regardless of whether they are housed internally or hosted by an external partner. The flip side of this capability is that the business can also safely provide authorized third parties with access to their applications. Using an industry-proven means of providing SSO capabilities to third parties - rather than using an in-house grown solution that hasn't been vetted or tested - can help companies strengthen security and increase compliance while improving productivity by eliminating password reset requests and other associated help desk calls.
  • Federated User Provisioning: Federated user provisioning allows third-party applications to be included in the same identity and lifecycle process as internal applications. With the use of secure and open-standard protocols, organizations can seamlessly exchange identity data with partners and SaaS providers as well as provision users, roles and entitlements to external applications. Equally as important, using federated user provisioning, companies can also ensure that user role and entitlement information found on third-party systems is timely and accurate, mitigating the risk of important data being accessed by unauthorized users.

At the onset of widespread SaaS adoption, many companies did not consider external applications part of their network infrastructure - and so provisioning and other IAM capabilities were focused on on-premise systems only. As more and more critical data and applications become housed in the cloud, eschewing security liability for systems and information residing outside a company's four walls is a critical and common mistake.

Provisioning encompasses managing role data and access rights throughout a user's life cycle - from onboarding, transfers and promotions to the day they leave the company - and must be applied to both on- and off-premise systems in a timely and accurate manner in order to ensure proper access to important data. Otherwise, companies open themselves up to a variety of dangers, including data breaches, increased IT costs and compliance risks.

For example, effectively deprovisioning a user when they are no longer authorized to access certain resources is just as important as giving them access at the start of an identity life cycle. Failure to deprovision users who have left a company can result in orphan accounts, opening the organization up to a number of potential issues. Compliance requirements aside, ex-employees who still have access to SaaS or on-premise applications can potentially harvest corporate and client information for nefarious purposes. In other cases, it's important to have up-to-date entitlement information when users simply change position or are given different responsibilities. Otherwise, these events can lead to "entitlement sprawl" wherein users accumulate privileges that are no longer necessary for their jobs. In the age of the data breach, IAM solutions are more than just another add-on for a business's security infrastructure. An effective IAM solution will protect sensitive data, help to avoid complications in daily business operations, minimize potential legal woes and ensure a strong reputation among customers.

Conclusion
As technologies, such as mobile devices and social networking sites, continue to further convolute the security landscape, more and more critical assets are being placed outside a company's four walls. In order to put their security measures closer to these assets, many companies are implementing cloud-based solutions. Proficient cloud-based IAM tools can help companies strengthen security and increase compliance while benefiting from unparalleled savings, quick time-to-deployment and greater business efficiencies - a win-win for all involved.

More Stories By Eric Z. Maass

Eric Maass is the chief technology officer at Lighthouse Security Group, where he’s responsible for the roadmap and technology vision for the company’s flagship product, Lighthouse Gateway, a cloud-based identity and access management platform. Maass was formerly the chief security architect for the U.S. Air Force’s Global Combat Support System, where he was responsible for the architecture and design of its net-centric IAM infrastructure.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA
The hot topics in the industry today seem to center around Digital Transformation and Mobile Apps. While a digital transformation strategy is crucial to keep up with the chaos in your industry, customer demands, and other disruptions, the need to create mobile apps to remain relevant in your market and to your customers is equally a no-brainer. Regardless of the approach, the next question always seems to pop up: What architecture should I chose? Native? Hybrid? Managed? Hosted?
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
SYS-CON Events announced today that EARP Integration will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. EARP Integration is a passionate software house. Since its inception in 2009 the company successfully delivers smart solutions for cities and factories that start their digital transformation. EARP provides bespoke solutions like, for example, advanced enterprise portals, business intelligence systems an...
The 21st International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
SYS-CON Events announced today that Hitachi Data Systems, a wholly owned subsidiary of Hitachi LTD., will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City. Hitachi Data Systems (HDS) will be featuring the Hitachi Content Platform (HCP) portfolio. This is the industry’s only offering that allows organizations to bring together object storage, file sync and share, cloud storage gateways, and sophisticated search and...
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @CloudExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs oft...
SYS-CON Events announced today that Peak 10, Inc., a national IT infrastructure and cloud services provider, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Peak 10 provides reliable, tailored data center and network services, cloud and managed services. Its solutions are designed to scale and adapt to customers’ changing business needs, enabling them to lower costs, improve performance and focus intern...
SYS-CON Events announced today that Cloud Academy will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud computing technologies. Ge...
Existing Big Data solutions are mainly focused on the discovery and analysis of data. The solutions are scalable and highly available but tedious when swapping in and swapping out occurs in disarray and thrashing takes place. The resolution for thrashing through machine learning algorithms and support nomenclature is through simple techniques. Organizations that have been collecting large customer data are increasingly seeing the need to use the data for swapping in and out and thrashing occurs ...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
SYS-CON Events announced today that Interoute has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Interoute is the owner operator of Europe's largest network and a global cloud services platform, which encompasses over 70,000 km of lit fiber, 15 data centers, 17 virtual data centers and 33 colocation centers, with connections to 195 additional partner data centers. Our full-service Unifie...
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry’s single source for the cloud. Fusion’s advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including cloud...
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SSL, peer-to-peer, mob...