It is no longer a nightmare that large, medium, even small scales Organization are embracing, or consuming different services Cloud technology has to offer. But many concerns surrounded this development in ICT; What happens to my Data? Who have access to my Data? Amongst many questions. The good news is; we can understand how cloud technology becomes safer, secured and cheaper to run if we understand Identity and Access Management of Cloud Technology.
What is identity and access management?
Identity and access management in enterprise IT is built on the three principles of A’s (Authentication, Authorization and Auditing/Accounting). Thus, the imperative goal of identity management is to “grant access to the right enterprise assets to the right users in the right context, from a user’s system on-boarding to permission authorizations to the off-boarding of that user as needed in a timely fashion. It is about defining and managing the roles and access privileges of individual users and the circumstances in which users are granted (or denied) those privileges. Those users might be customers (customer identity management) or employees (employee identity management). The core objective of Identity and Access Management systems is one digital identity per individual. Once that digital identity has been established, it must be maintained, modified and monitored throughout each user’s “access life-cycle.”
Why Cloud Services?
The benefits of cloud-based services are diverse. Cloud technologies enable organizations not only to reduce/cut or offset costs but also to achieve greater business dexterity and to explore new markets opportunities and customers. Cloud services are essential for embracing many of the technology trends being seen today. Though securities were cited as one of the challenges mitigating the adoption of private and public cloud services according to Cisco which however 76% of the Cloud leaders’ vendor have integrated/implemented a very strong Cloud Identity Securities to their solution which renders the result of the consuming Cloud services more beneficial and outweighed the security threats to it.
Identity Management in Cloud Computing Considerations
According to research conducted by Dark Reading which shows that 61 percent of people use the same password for multiple accounts and applications. Organizations can achieve effective identity management in cloud computer without losing control over internally provisioned applications and resources i.e. Who is doing what, what is their role and what are they trying to access? With the implementation of cloud-based or on-premise identity management solutions which has full fledge capabilities in securing the extended enterprise environment.
Furthermore, all processes and activities related to or directly to application access and authorization should be monitored, with comprehensive audit and reporting capabilities provided at a granular level so that all activities can be attributed to specific individuals. The security measures provided also are another important consideration to reduce risks associated with fraud, theft or loss of customer data or sensitive, valuable information such as intellectual property.
Security communication and awareness should also be considered for the end-users as the environment becomes rather porous with ignorance from end-users. Statistics according to Cisco shows that despite the security policies, procedures, and tools currently in place, employees around the world are engaging in risky behaviors that put corporate and personal data at risk. Employee behaviors included:
- Unauthorized application use:70 percent of IT professionals believe the use of unauthorized programs resulted in as many as half of their companies’ data loss incidents.
- Misuse of corporate computers: 44 percent of employees share work devices with others without supervision.
- Unauthorized physical and network access:39 percent of IT professionals said they have dealt with an employee accessing unauthorized parts of a company’s network or facility.
- Remote worker security:46 percent of employees admitted to transferring files between work and personal computers when working from home.
- Misuse of passwords:18 percent of employees share passwords with co-workers. That rate jumps to 25 percent in China, India, and Italy.
To reduce data leakage, businesses must integrate security into the corporate culture and consistently evaluate the risks of every interaction with networks, devices, applications, data, and of course, other users.
Extended Enterprise Benefits
Organizations planning their journey towards the adoption of Cloud technology/services should implement effective identity management which is more than ever urgent as she opens their networks to effectively and reliably secure their extended services, be able to take advantage of new technological developments such as social media and mobile technologies to better engage their customers.