printer friendly version

Managing security, access in the cloud

Robert Doswell.

With so much attention currently being given to the cloud, it’s time to take note of an important issue related to the topic: security. As such, although rarely mentioned, there are numerous complications and security implications that come with managing user accounts and access of cloud applications.

Without a doubt, cloud applications can provide tremendous benefits to users and organisations, but doing so should be done cautiously. For example, when several cloud applications are utilised, provisioning, password management and the monitoring of access becomes a challenge, like overlooking or losing track of who has access to what information throughout an organisation.

Because of these simple examples, several security headaches can commonly occur when using cloud applications, but there are simple solutions to solve them.

Account management

Account management in the cloud has many security issues that can become major problems. Creating accounts for cloud applications can be time consuming for both the IT department and the end user. IT has to manually create accounts in each system and application, which can delay users having access for days and not being able to get their work done. Frequently, there are only a handful of people who create accounts for the entire company, which can result in a major bottleneck. The issue is that delegating this task to other employees in the company can be a security issue since they would likely receive elevated rights within the network. As such, the organisation needs to find a way to manage accounts more efficiently without giving several people access to the company’s entire network.

Another cloud security issue is losing track of which employees have access to specific systems and applications. When an organisation begins to use several cloud applications, it becomes difficult to control that the correct people have the correct access. Users may have access to systems and applications that they shouldn’t, leaving the company’s data vulnerable.

Still another major security issue is the disabling of cloud accounts. When turnover occurs in a company that utilises several cloud applications, it is easy to forget to disable the departing employee’s access. This is because of the fact that the employee’s manager has to notify the correct person who then has to manually disable all accounts individually. Leaving an account active can result in a security risk and potential costs, since the ex-employee continues to have access the company’s applications that are paid for on a subscription basis.

There are several ways that organisations can deal with the issues that arise from using cloud applications. One way is with an automated cloud identity management solution. This allows user accounts to be automatically created, modified, enabled or disabled through synchronising with the human resource system. It allows the account manager in charge to easily make changes in one place and have it automatically synchronised to all cloud applications.

Also, to ensure that only the appropriate people have access to the cloud applications with secure information, a role-based access control (RBAC) module can be used. System administrators can then easily control access to the company’s cloud applications on the basis of department or job title in the human resource system. This ensures that each employee has the correct access, even with cloud applications.

As more cloud applications are deployed in an organisation, they need to be able to report who is using what application and system. This can be difficult with many cloud applications and lots of users. A centralised dashboard can be used in an automated identity management solution to easily see an overview of users allowing management to easily review the report for auditing purposes, as well as controlling licence costs.

Password management

In addition to managing accounts, passwords can also be a problem to manage when implementing numerous cloud applications. IT needs to manage passwords for the many users and applications that the company uses. Each system and application has a different set of complex credentials, which are often required to be changed every month or so. How can one person easily remember the five or more sets of credentials they need? The answer is that they don’t – end users often write down their credentials and keep them near their desk so that they don’t forget them. This leaves the company’s network and information on the cloud applications extremely vulnerable.

There is a simple solution, though, that many leading organisations take to handle this dilemma. A cloud single sign-on solution allows end users to use only one set of credentials for all of their cloud applications, which can be based on their existing Active Directory credentials. If for any reason a password needs to be reset, it can be changed in one place, Active Directory, and then be automatically synchronised with all cloud applications. This simple, yet effective, solution allows end users to only need to remember one set of credentials, reducing the chance they will write anything down.

Overall, the cloud is extremely beneficial to an organisation, but attention needs to be paid to the security issues and the management of accounts and passwords. Many solutions offer benefits to end users, IT departments and even management, while allowing IT to have full control over the applications and authorisations without having to spend countless hours on account management. They also ensure that everyone has the correct access to their systems.

For management, audit and compliance is made easier and there is often a reduction in expenses related to the applications and the helpdesk managing them while ensuring that the full benefits of using the cloud are achieved.

Share this article:

Further reading: