Identity, access management and provisioning
Solution Centre - Solutions That Mean Business
Adopting the right strategy for the always connected, any device user challenge can only make the future easier.
Getting it right can bring huge benefits in terms of flexibility, productivity, user satisfaction and business advantage.
Controlling access without ditching everything you have, while easing the management burden is a huge win.
As collaboration opportunities increase, managing diverse relationships becomes paramount.
Password Meltdown, The Alternative
The days of every application and related data existing behind the corporate firewall and integrated with AD (or LDAP) are behind most of us.
The SaaS model brings many benefits in terms of flexibility, functionality, etc. However, there are always downsides and in this case they include user password fatigue, with different applications having different password complexity rules, different expiry cycles, in fact all the things that can drive a user to try and circumvent systems and controls. Maybe they reuse passwords or save a list in a file. Maybe they pop up their own shadow IT instance of applications with less stringent security settings.
Leveraging a cloud based Identity and Access Management (IAM) solution, may be the best answer. Such systems can integrate with Active Directory. Whatever else happens, you certainly don’t want to end up with multiple directories to manage and a well formed IAM deployment will give you that single directory management structure.
AD group membership can drive application deployment, meaning that users get access to the appropriate applications just because they are in the right AD group. If they change group because of promotion, for example, their available application mix can change dynamically without huge manual intervention.
Users Come, Users Go, What About Access?
When users start, they are set up in the appropriate AD groups and that defines and provisions the applications to them automatically.
When users leave the organisation there is no need to go round each application in turn to disable access, just one place to worry about it, in AD with the cloud IAM taking care of the relevant applications.
Done right, users don’t even need to know their credentials beyond their standard AD login. This means there is no concern of the disgruntled ex-employee trying to access external services such as Salesforce, or finance package directly, because they don’t have credentials for direct access. Once they are disabled in AD, they have no access because it is only via their AD authentication and the cloud IAM process they ever had access.
The cloud IAM also provides a full audit trail of accesses for the myriad services that are deployed.
The cloud IAM also provides compliance visibility into application across the myriad services. The overhead of logging into the admin control panel of multiple different SaaS providers with different interfaces and different control mechanisms, would be a nightmare. Even more so as many such applications don’t have compliance reporting functions. Having a centralised view improves functionality and reduces the risk of errors.
Browsers, Devices, Locations, Multi-Factor
Mixing Windows, iOS and android devices in phone, tablet and PC formats brings complexity. Adding geographic locations bring yet another layer of complexity. With BYOD and mobile workers, the idea of controlling access through corporate owned devices running behind the firewall has been shattered. You want to be able to empower the users to use the device of their choice, except where that has security implications for corporate resources. Likewise, you might want to change user access rights based on both the user identity and the device posture, preventing access to sensitive information from unauthorised devices. A cloud IAM solution gives you that kind of control.
Simple integration with multi-factor authentication can add another layer of security as appropriate. This need not be with expensive tokens, it can be software driven to ease the user burden further.
Making the user experience as seamless as possible while retaining the requisite level of security can be a big win for IT. A process which is too clunky and too intrusive will probably end up being worked around or bypassed by users, while in their eyes they “just try to get their job done”. But a transparent process will be used by definition.
So Many Problems, One Solution
It matter little whether the users are internal employees, external contractors, customers, collaborators, or newly acquired organisations, they all pose an Identity and Access Management challenge. A decent cloud based identity and access management system can solve all those challenges, by providing:
- Group based access management for internal users
- Cross domain controls for acquisitive organisations
- Portal solutions for external contractors and customers
The outcome is optimum control, with super simple configuration rendering errors far less likely and a single interface for all occasions meaning things don’t get missed or forgotten about. All this through a subscription model which will please the CFO, and visibility into application utilisation might mean a possible reduction in application licence costs will make their day complete.