Cloud-based identity governance: The four things to know before you make the move
Mon 4 September 2017 - 8:15 amCloud | Tech
Being “cloud first” is not only a mandate for many organisations today, it’s a reality. Cloud is transforming the way we work. Across the board, we’re seeing business applications being delivered as a service due to the relative ease of purchasing and deploying cloud solutions. As a result, today’s enterprise is quickly becoming a cloud enterprise.
Successfully managing the adoption of Software as a Service (SaaS) applications – and securely migrating to a cloud enterprise – requires identity governance. Identity is what powers the cloud and enables organisations to securely migrate to a cloud enterprise while still having full visibility to identity information across the IT infrastructure. Identity solutions govern who has access to applications, systems and data – regardless of where they’re deployed – and empower users to work wherever they are and on whatever device they want to use. Put simply, identity provides the power to make the cloud enterprise secure.
Securing the cloud enterprise
As companies become more comfortable with moving strategic and mission-critical applications into the cloud, it can feel overwhelming to consider using complex IT solutions – such as identity management – as a service (SaaS). Even as enterprises move toward the cloud, identity management is often not considered because they believe they lack the budget, time or skilled resources required to implement such a technology. But what they don’t realise is that these things no longer serve as true inhibitors to implementing identity management.
Cloud-based identity governance offers the security, compliance and automation delivered by on-premise identity solutions, coupled with fast time-to-value while addressing today’s identity needs in a digestible, easy-to-manage manner. While the benefits of SaaS are clear – faster deployment times, simplified management and increased business agility – there are still elements to consider before moving identity governance into the cloud. Here are four things to consider before undertaking identity governance-as-a-service.
1. Know your appetite for migrating IT infrastructure to the cloud
It’s estimated that many large enterprises have already deployed upwards of 1,000 cloud services. While many business applications are relatively easy to deploy as a service, transferring more complex infrastructure – such as an identity management program – into the cloud can be more challenging to implement.
If you’ve already started migrating portions of your infrastructure to a services model, e.g. Amazon Web Services or Microsoft Azure, then you have likely already experienced both the benefits and tradeoffs of infrastructure in the cloud. However, if cloud-based infrastructure is new to your organisation, carefully consider the other points below before making the leap.
2. Adopt a flexible approach to identity governance
Regardless of how it is deployed, an effective identity governance solution must provide complete visibility across all on-premises and cloud applications. This provides the foundation required to build policies and controls essential for compliance and security. It should also include the ability to automate these controls to reduce human error and relieve an overburdened IT staff. Cloud-based identity governance solves all these identity problems – but it does so using a best practices approach with restrictions on configurability. For organisations that don’t have the need, time, or expertise to create custom governance processes or policies, this provides an ideal approach to identity governance. However, if your organisation has specialised requirements for how identity management will be used, it may be more of a challenge to move to a cloud-based solution.
3. Achieve the perfect blend of people, processes and technology
Next, take a look at your organisation. Effective identity management requires an artful blend of people, processes and technology, and deploying a successful solution will require time and effort. This is true even with a cloud-based deployment. However, if you have limited resources, either in size or expertise, the cloud is a good option for identity governance. With no hardware or infrastructure to deploy and manage, adopting and administering an effective identity governance program becomes exponentially simpler. This makes cloud-based identity governance an ideal option for organisations that have smaller IT and security teams that don’t have a deep bench of identity expertise.
4. Choose the right vendor
Identity governance is more than just modifying who has access to what. Effective identity governance must also answer the questions: Should this user have access? What kind of access are they entitled to? And, what can they do with that access? It’s important to work with a vendor who understands the identity management space and can effectively meet your business needs.
Furthermore, to fully realise the value of a SaaS solution (continuous upgrades, zero down-time, no patch maintenance), your identity governance vendor needs to offer the solution as a true service versus a hosted version of an on-premises solution. A true SaaS-based solution ensures you are always using the latest version of available software, and the cost, time and labor associated with upgrades is essentially non-existent. This is not true of a hosted on-premises solution so be sure to ask the right questions in this regard.
“Cloud-first” strategies have gained enormous traction across organisations of all sizes, but it is important to consider your readiness to migrate key pieces of IT infrastructure like identity governance to the cloud. With identity governance delivered as a service, you can attain fine-grained control over access to all your cloud-based and on-premises corporate resources, while extending secure self-service capabilities out to your business users. Using effective identity governance to limit the risk of inappropriate access, you can empower your organisation to grow and embrace the benefits of being in the cloud.
About the author
Kevin Cunningham is the president and co-founder of SailPoint, which provides identity governance solutions including cloud-based and on-premise identity and access management software.