classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory


IAM crucial for the cloud
March 2013, Access Control & Identity Management

Ian Lowe
Ian Lowe

It is a brave new cloud-based world out there and organisations – particularly security-minded small-to-medium businesses (SMBs) – are struggling to keep up.

Although still in its infancy, the cloud has proved that its flexible, collaborative nature can transform an enterprise overnight. While Gartner recently predicted that 2013 is going to be about the wider adoption of cloud computing, the analyst firm still believes that much of the focus will be on enterprises’ capabilities to put the right levels of security in place to support it.

This year alone, high profile security breaches for businesses with cloud applications have included heavyweights such as LinkedIn, Apple iCloud and Amazon, to name just a few.

While the root of such incidents often remain a mystery to some extent due to corporate sensitivities, it is usually a case of organisations having taken a naïve view of the technology – specifically placing too much trust in their cloud provider to handle security – or simply the fact that they have failed to follow cloud best practices.

With the rise of Software as a Service (SaaS) and a multitude of other cloud applications in everyday use, enterprises must find a way to secure access to their corporate data and IT resources that – in many cases – are no longer residing behind the traditional security firewall. Mitigating both the internal and external risk, without sacrificing employee convenience at the expense of corporate security, is the end game.

Fundamentally, there are four challenges when it comes to securing enterprise cloud applications and subsequently managing user identities in the cloud environment:

* The type(s) of security policy in place – a one-size-fits-all approach is often neither possible, or practical, for any organisation.

* What type of devices are employees using to access information in the cloud? Are they issued by the enterprise or part of a Bring Your Own Device (BYOD) programme, and is it trusted and secured?

* What type of cloud application is the employee accessing – is it personal (such as Facebook) or business (Salesforce.com)?

* How and why do users need to use authentication and for which particular cloud apps?

Securing data on the move

The BYOD phenomenon has dramatically altered the way in which employees access information – users expect, and in some cases even demand, access on an anytime, anywhere basis; it is a shift that has turned the security landscape on its head.

Add this to the cloud conundrum and, while the use of cloud applications eliminates the hassle of dealing with hardware, middleware and software deployments, this new way of working has quite literally widened the playing field. The diversity of the user population and the multitude of devices in use also signal the ineffectiveness of a one-size-fits-all security policy. Once again, organisations are presented with the challenge of finding a workable equilibrium between security and user-convenience.

With so many ways of accessing these applications in the cloud, solid security policies must be built on determining exactly who is accessing the information and whether they have permission to do so.

Enterprises should be looking at where the data lives and considering the user risk factor, as determined by their behaviour patterns and purpose of activity. In spite of the many channels through which users can access information – from their desktop, smartphone or tablet for instance – the principles of data protection and the need to ensure user identity assurance remain the same.

Multi-factor authentication for the cloud

With multiple devices therefore comes a multi-factor security approach. Technology, such as Tokenless Authentication with Single Sign-On (SSO), begins by identifying the device in use by consulting the configurable criteria that is pre-set by the organisation, and then assigning a risk score to the specific transaction. Such a process enables the enterprise to tailor its security levels based on the risk associated with specific types of transactions.

Providing the device or transaction is verified as secure, the cloud application is enabled for access allowing the user to safely begin their session. Should the transaction be deemed too risky, the authentication solution can prompt users to further validate who they say they are by sending an SMS or by asking additional security questions.

The rise of the cloud for enterprise data storage and application hosting has forever changed the way IT professionals interact with their users, their networks and their data. The proliferation of BYOD on an enterprise scale, enabling employees to access cloud applications beyond the traditional bricks and mortar locations, also brings another dimension to this 21st-century security challenge.

Strong authentication solutions are not only the gateway to more secure, rapid enterprise cloud adoptions, but also pivotal in maintaining better control of the cloud-based tools already in use. Getting on board with the right Identity and Access Management (IAM) strategy means that securing the cloud experience need never be costly or complex again.

For more information contact HID Global, +27 (0)82 449 9398, rtruter@hidglobal.com, www.hidglobal.com


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Morpho goes extreme
    May 2017, Morpho South Africa, This Week's Editor's Pick, Access Control & Identity Management, Asset Management, EAS, RFID, News, Security Services & Risk Management
    April 2017 saw the international launch of Morpho’s (or Safran Identity & Security’s) MorphoAccess SIGMA Extreme. Morpho SA’s Paul Jeremias also took the opportunity to speak about the future of the company.
  • Give passwords the finger
    May 2017, Virdi Distribution SA, Financial (Industry), Access Control & Identity Management
    Biometrics in its many forms has become standard in many organisations, especially for access control and time and attendance (T&A) functionality. But biometrics can be used for much more.
  • Softcon
    Securex 2017 preview, Softcon, Access Control & Identity Management, Asset Management, EAS, RFID
    The core modules of Softcon’s solution is building management, with the main focus on access control, input/output monitoring, biometric solutions, smart card solutions, wireless communication, GSM communication, ...
  • Suprema
    Securex 2017 preview, Suprema, Access Control & Identity Management, Integrated Solutions
    Suprema will be showcasing a handful of new products and solutions at Securex SA alongside its extensive range of IP access control devices, PC fingerprint solutions, mobile biometric platforms and integrated ...
  • Entrust Datacard
    Securex 2017 preview, Access Control & Identity Management
    Consumers, citizens and employees increasingly expect anywhere-anytime experiences – whether making purchases, crossing borders, accessing e-government services or logging onto corporate networks. They ...
  • Duxbury Networking
    Securex 2017 preview, Duxbury Networking, Integrated Solutions, Access Control & Identity Management
    Duxbury Networking will highlight future-ready security solutions for physical and virtual networks at Securex. Under the spotlight will be a range of offerings designed to promote proactive security ...
  • Powell Tronics
    Securex 2017 preview, Powell Tronics, Access Control & Identity Management
    Powell Tronics is celebrating its sixth consecutive year as an exhibitor at Securex. The company’s stand will feature the new Morpho Extreme, the Morpho V2 Tablet (with Powell Tronics’ ATOM and PT-ROLLCALL) ...
  • Keystone Electronic Solutions
    Securex 2017 preview, Keystone , CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management
    Keystone Electronic Solutions is an electronics research and development company. During Securex 2017 the company will be showcasing Project V, a ‘stream on trigger’ solution that provides centrally managed ...
  • Econz Wireless
    Securex 2017 preview, Econz Wireless, Access Control & Identity Management
    Econz Wireless, a leader in the time and attendance, employee tracking, and mobile workforce management, will be demonstrating its timecard features on its stand:    • Time card collection. • GPS tracking. • ...
  • Morpho South Africa
    Securex 2017 preview, Morpho South Africa, Access Control & Identity Management
    Designed to withstand the most demanding environments, the new MorphoAccess SIGMA Extreme, a ruggedised biometric terminal for access control and time and attendance, is now available in the sub-Saharan ...
  • Morse Systems Africa
    Securex 2017 preview, Morse Systems Africa, Access Control & Identity Management
    In an earlier era, business decisions were often made based on gut instinct, golf games, politics, and very occasionally market research. Since that time, organisations have moved away from this type ...
  • SALTO
    Securex 2017 preview, Salto Systems Africa, Access Control & Identity Management
    SALTO is launching a new version of its JustIN Mobile solution combining BLE and NFC capabilities in a single app at Securex. With just a single app, depending on the type of mobile phone used, it will ...

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.