The increased adoption of cloud computing significantly impacts enterprise IT departments, and in particular it changes how organizations should look at identity management. Enterprises must understand that the evolution to cloud computing affects how their identity strategies are used. The cloud has created new management challenges because enterprises must now extend the scope of their identity management to include users’ access to cloud applications in addition to on-premises applications. It’s not enough to govern just your on-premises apps; cloud computing is now an integral part of the enterprise.

Involving IT with Decision-Making and Implementation

Cloud adoption has accelerated for most enterprises. Based on current adoption trends, it’s clear that in the future the vast majority of new applications purchased by organizations will be software-as-a-service (SaaS) applications. All too often, business units within the enterprise are procuring SaaS applications without involving IT – even for critical and sensitive applications. This has mainly been due to the ease with which business units can adopt these services, get up and running quickly and keep the services going all without needing to involve IT from a technological standpoint. In fact, in SailPoint’s recent Market Pulse Survey, we found the selection and deployment of SaaS applications is increasingly becoming a business-led process.

The lack of IT involvement in the procurement and deployment of cloud applications makes it difficult for IT organizations to manage security and compliance risks. In an increasing number of cases, IT has no visibility to the SaaS applications being used, and therefore can not ensure the proper security and access controls (i.e., understanding and managing who has access to what) are in place. Failing to control access to sensitive applications and data can leave an organization at risk for fraud, misuse of data and privacy breaches, not to mention negative audit findings.

  • 66% did not consult IT when making the decision
  • 71% did not get help from IT to deploy the service
  • Almost 50% of business leaders are not educated on the need for identity management for cloud applications

Frighteningly, SailPoint’s survey found that not only are business leaders not educated on identity management for SaaS but are also not equipped to effectively handle user access privileges and other key factors necessary to safeguard the data housed in these new SaaS applications. At the end of the day, someone in the organization needs to manage and govern who has access to these mission-critical applications no matter where they reside, which is where identity for the cloud comes into play

The right identity management solution helps organizations manage the new reality of a hybrid IT environment, made up of both on-premises and SaaS applications. Rather than implementing niche identity management tools to manage SaaS applications in a separate silo, it’s better to take a holistic approach that manages both on-premises and cloud environments. This approach provides enterprisewide visibility and control, and allows enterprises to extend their existing identity management business processes, such as granting access to new users and removing access for terminated users.

The simple fact is that your employees, with an identity-as-a-Service (IDaaS) system in place, will be able to access both your SaaS and on-premises applications easily, safely and securely. Likewise, you’ll be able to see all the information and analytics about that access holistically, so you can make better business decisions, reduce organizational risk and increase compliance controls.

Managing SaaS Applications Securely

Based on the potential risk or criticality a particular cloud application represents, different levels of management and control are required. For mission-critical cloud applications, such as financial services and customer relationship management applications, an organization would want complete visibility and oversight as to “who has access to what.” Therefore, for this class of SaaS applications, it’s important to implement preventive and detective controls over the processes that grant, change and remove access to cloud applications to ensure that compliance and security guidelines are being followed. By providing detailed reporting on user access, IT and business staff will be armed with the intelligence they need to secure the application, reduce corporate risk, and meet audit and compliance requirements.

For less sensitive applications, IT should still have visibility into how and when those applications are used so decisions can be made about the appropriate degree of management and control they require over time. Even though these applications may not be directly managed by IT, employees must understand that sensitive or proprietary information should not be posted to those applications.

Both the business and IT need to be actively involved in identity management for holistic on-premises and cloud app management to function.

As technologies continue to evolve, IT departments are constantly battling to stay ahead of the game to ensure they are supporting business users while mitigating the risks associated with IT for the business. The adoption of new technologies has created a revolutionary, albeit challenging, environment for today’s organizations. Deploying cloud applications has enabled organizations to get the features they need more quickly and at a lower cost. At the same time, it allows employees greater autonomy, transferring power from the IT department to the fingertips of the business user. However, far from IT becoming redundant, its support and guidance has never been more important. By deploying an identity management solution that governs access across the entire IT environment, yet convenient for employees, IT and business can collaborate over security, user lifecycle management and compliance to keep company data secure, no matter what type of applications your employees use.

Find out how SailPoint can help your organization.

*required field