Cloud-based identity | Online security

At the IT Director’s Forum earlier this year, the main issue for directors across all sectors was online security. One aspect of security which is becoming an increasing concern as they move IT services to the cloud, and hence a significant source of risk, cloud-based identity.  

For most organisations adopting cloud will be a gradual process, and the majority will find themselves managing a hybrid solution from multiple providers combined with some in-house provision. Each service will have different authentication requirements, and the challenge is to know who is accessing each service and to independently authenticate them, whilst ensuring that security is maintained.

Multiple systems mean, of course, that users will have to work with multiple, more complex passwords. Every individual will have their own way of handling this, but all too frequently the result is passwords on Post-Its stuck on the monitor or office wall, reusing the same passwords, or avoiding logging out completely. Most organisations have implemented policies to try and eliminate this type of behaviour, but it persists, leading to increased security and compliance risks. Other users forget their passwords and have to repeatedly call the HelpDesk for resets. We have carried out surveys which found that some 25% of Help Desk calls logged are due to password problems.

The ideal solution is a secure single sign-on, which would reduce security and compliance risks while increasing productivity and reducing costs. Many organisations have tried and failed to successfully implement such capabilities in the past, mainly due to complexity. However, the cloud now offers a solution, as it can provide an authoritative source of identity to authenticate against almost all IT services available today, including corporate, PSN, N3, web, cloud, internal and hosted systems while providing secure access from any location. This minimises the time and complexity of brokering authentication and access to cloud services, simplifying the user experience while reducing security and compliance risks and user support costs. It makes secure single sign-on to all key corporate systems from any location both possible and affordable.

Cloud identity authentication works by providing a central account or identity and provisioning this into target systems e.g. Active Directory, SAP, SharePoint etc. This identity manages user authentication and entitlement (tailored to each user’s role) and compliance. It allows single sign-on to web service issues and access to on-premise applications from any location and enables the system to act as an IDP for cloud/extranet services and SAML. Multi-factor authentication, such as security tokens or challenge-response systems, can be incorporated for extra security.

A key feature of this type of system is user self-service. All available applications and services are published to a portal and users can then select the applications they need and put them into a ‘shopping basket’ for approval. Configurable workflows through the portal allow authentication and access processes to map to the way an organisation works, streamlining approval. Users can also securely reset passwords without access to any service desk.

 

Cloud-based identity and authentication management system offers three key benefits.

 

First, it enhances application security by externalising authentication and authorisation to applications, web resources, web services and data. This protects systems from direct exposure. Multifactor authentication can then be added to provide an additional level of security.

Second, having a single secure login standard and basing access to all systems on established policies and audited practices eliminates non-secure user practices and ensures that all systems have compliant authentication levels. By providing complete visibility into identity and access management and providing a formal audit trail it can also help organisations achieve and maintain compliance.

Thirdly, by providing user self-service for routine issues, single sign-on can increase productivity and reduce costs, freeing up Help Desk staff to work on other issues.

Fordway recently providing a cloud-based identity management service to a Government organisation, who wanted a centralised authentication system to provide secure single sign-on to all corporate systems from any location, facilitating remote and mobile working, whether the systems were hosted internally, in the cloud or by third parties. Our cloud-based Identity and Authentication Management Service (IDAMS) gave them a single integrated system through which they could manage identity, role and IT service management in line with their security policy while providing user self-service for routine issues.

In my opinion, identity and authentication management should be the cornerstone of a hybrid cloud strategy. Organisations need to manage identity across multiple providers and cloud provides them with a secure solution. Clearly, any cloud-based identity authentication solution is only as good as the hosting company’s own cloud security. However, most cloud service providers implement and manage considerably better IT security controls than internal IT departments.

Single sign-in does not, of course, absolve an organisation of responsibility for security and compliance. They still need to maintain an authoritative source of digital identity which can be used as collateral for all generally available web services.  However, it offers significant security and productivity benefits, and by using standard SAML protocols can reduce the total cost of integration for new applications.

+ posts

Newsletter

Related articles

The future of cloud and edge optimisation

As more enterprises use multi-cloud and hybrid infrastructures, the danger of cost overruns and loss of control increases.

Here is how to stage a public cloud migration

As the relationships between CSPs and cloud providers are deepening, CSPs need to develop a clear strategy on how they add value to customer relationships.

The future of work is collaborative

As hybrid work models continue to gain traction, businesses will need to start implementing collaborative tools and processes to meet the needs and expectations of the upcoming workforce, seamlessly integrating them into existing workflows to enhance productivity and performance. Innovations in technology, including AI and machine learning, mean that organisations are in a better position than ever to shape the collaborative future of work – and with the right support in place, they can ensure that these digital tools continue to bring out the best in their workforce for years to come.

How Business Data Can Be Protected, Even with Remote Workers

According to a study conducted by OwlLabs, approximately 69% of survey respondents worked remotely during the pandemic or are now working from home since.

DevOps Metrics – How to measure success in DevOps?

Even though there is no perfect definition for DevOps,...

Subscribe to our Newsletter