Identity Up in the Clouds

But with any new technologies, there are complications. Many enterprises are facing challenges with running a hybrid environment – utilizing both on-premises and cloud applications – and most importantly, securing their users’ access to all these apps. Some mission-critical applications for organizations may need to stay on-premises, perhaps for years, as they are too entangled in important business processes. But as “cloud-first” organizations grow in volume and more organizations decide to go this route, traditional methods of keeping access to sensitive information fall short. 

Second, the cloud has brought a new level of freedom to how an organization’s users may work. They can access the applications and data they need to do their jobs from wherever they want to work, on whichever device they want to work. For the first time, we’re trying to manage scenarios where employees can use their personal devices to access corporate accounts in the cloud – and IT organizations need visibility into and control over that. Often, the only linkage IT has between the end-user on a smartphone and an account for a SaaS application is the user’s identity. 

Effectively managing that identity is the key to managing the perimeter-less enterprise. 

It’s Not Just Logging In

When contemplating how to address the question of how to best manage user access in a hybrid environment, an easy place to start is to manage how users log into their applications. It’s easy to find and set up a Single Sign-On (SSO) solution that gives users a nice dashboard of their applications and allows them to sign into them without always needing to remember their password. But it’s not enough. 

Managing identity – properly – requires more than just an SSO app. In addition to having that dashboard, you must also have the underlying foundation. Compliance. Provisioning. Access requests. Access certifications. Data access governance. Any solution that doesn’t govern all the aspects of identity is simply another app on top of your already complex application landscape. Instead, you must look for an identity governance platform with three defining capabilities: 

• See everything. Your identity solution must be able to connect to all enterprise systems, from the legacy applications that have been in use for years to the SaaS applications that are being adopted today. You need visibility into all the information about an identity, across all the applications an enterprise uses, all the data they have, and across all users – no matter where they are  located or what devices they may use. 
• Govern everything. You need to know who should have access, who does have access, and what users are doing with their access to all your applications and data for all your users. This requires the ability to define a desired state and continually assess where access is not aligned with the model. 
• Empower everyone. Let your users work how they like to work, wherever they are and on whatever device they use. Empowering users to manage access, while balancing the security and risk management needs of the organization enables organizations to safely increase collaboration both inside and outside the network. 

Your identity governance solution should govern access for whomever is part of the enterprise, wherever they might be in the world and on whatever device they use. 

Approaching Identity the Right Way 

While organizations do, of course, need an SSO solution to help their users be more efficient, it is not always the best starting point for managing identity. Instead, SSO should come as a part of planning and implementing the larger identity governance program and platform in the organization. Therefore, in terms of strategy, organizations need to consider the bigger picture, asking these three questions when putting their plans together: 

1. Where do we start to build an effective identity governance program, balancing the need to enable users and to meet our security and compliance needs? 
2. Which solutions are capable of managing our entire IT environment, spanning cloud systems and SaaS applications, as well as our on-premises systems and applications? 
3. What approach will ensure a straightforward deployment and be easier for our business and technical staff to use? 

With the answers to these questions in mind, enterprises can create a strategy that centralizes the management of users and applications across all IT environments: legacy, on-premises, private and public cloud, and SaaS. This is absolutely necessary in providing enterprises with a complete view of their identity environment. This will avoid silos of identity management – where one solution governs one set of applications, and another solution manages a different set. 

By taking a step back to understand what all the components of cloud-based identity governance (IDaaS) are, and then outlining how a cloud-based solution can help expedite a company’s shift to the cloud, organizations are in a much better position to do so efficiently, effectively and importantly – securely. Learn More.

1. https://www.idc.com/getdoc.jsp?containerId=prUS40960516