In modern times, organizations are transitioning to the Cloud to enjoy its many benefits, such as increased functionality, scalability, redundancy, and enhanced security measures. With large businesses, the initial setup of cloud infrastructure can be challenging, as well as the continued maintenance and auditing of user access and identity and permission management. Thankfully, the Cloud can assist in many of the abovementioned tasks involved in successfully administering a cloud environment. In this paper, I will discuss (in reference to this week’s article from WML Cloud, Identity and Access Management: IAM Architecture and Practice) what blocks in the provided diagram are offered as a cloud service, which are more/less likely to be adopted, and how these blocks are approached differently depending on the size of the organization.
If we take a look at the Federation portion of the article’s image, a federation in a cloud environment would be, for example, single sign-on, where numerous systems and organizations utilize a single authentication system by sharing information; this is used often in businesses of any size, as both security and usability are greatly benefited from it. Per James A. Martin and John K. Water’s article, What is IAM? Identity and access management explained, “Identity as a Service (IDaaS) includes “software-as-a-service (SaaS) solutions that offer SSO from a portal to web applications and native mobile applications as well as some level of user account provisioning and access request management” (Martin, Water, 2018). Next, for access management, many organizations implement a centralized and automated user access program, where new, old, and existing users can quickly be configured and managed, regarding what they can see, do, edit, or delete in a cloud-based service. For smaller organizations, such as the one I work at, we do manual entry and editing of our user’s access in the multiple cloud-based environments we use. For larger organizations, it can be challenging to manage such a vast number of employees, quickly decipher what level of access they require, and keep up with the auditing of users who leave the organization, get promoted/demoted, or are newly added. There are several methods to approaching access management, including using Active Directory and LDAP; both can speed up this often lengthy task.
For authentication management, the process of determining the authenticity of a user is vital in the overall security of any cloud service; there are several ways to accomplish this. Multi-factor authentication measures are useful regardless of company size, as well as strict and constantly-updated password requirements. Frequent auditing and verification of each user in a cloud-based service from administrators are also needed; however, this can be difficult with larger organizations. Thus, automation and policies should be enforced that, for example, auto-generate password reset requests and request re-verification of the user’s identity every so often using multi-factor authentication, secret questions, and CAPTCHA tests.
Regarding user management, we all know the difficulties associated with managing the identity life cycle, or relationship, of each user and their connection with the organization and its cloud-based services. As technology continues to adapt to the Cloud’s many potential impacts on modern-day business operations, several cloud providers are introducing smart processes and automated checks and balances to allow administrators to quickly view their end-user compliance with the created security and accessibility policies. Data management and provisioning, one of the Cloud’s shining features, is quite effectively managed regardless of the CSP you utilize. More often than not, the vast amount of data collected on each user, service, product, or task is readily available and only requires some fine-tuning with search parameters and methods of showing the data. The difficulties with data management reside in the security and the privacy of the data collected, as well as verifying who needs access to it, and for how long. For smaller organizations, the abovementioned issues aren’t as prevalent, but for larger businesses, deciphering long user lists of access requests would be impossible if not for the often somewhat-automated creation and management of user groups, departments, regions, or roles, that each has their own specific data handling and access policies.
Finally, monitoring, auditing, and reporting services separate cloud-based services from typical web or on-premises software/hardware-based products. The ability to create AI-generated reports on each user’s status, what they access, their login history, their password length/complexity, and quickly view and edit their roles and authentication procedures are all true gifts for organizations of any size. In my organization, I use weekly, monthly, and quarterly reports for all of our cloud-based services, which include Google’s G Suite, Zendesk, and 8×8. Additionally, I have web-based live graphs and data displaying around the office, showing the warehouse how many orders they have to ship and customer service the number of calls they have waiting. For managers, they have custom displays of a wide variety of useful metrics.
Cloud technology truly is remarkable for organizations, regardless of their size or their products or services; this, however, isn’t always the case. For organizations dealing with highly-sensitive material, the process of identity and access management becomes quite hectic, requiring industry-specific rules and regulations, which sometimes aren’t suited for a cloud-based environment. For example, while the Cloud’s security can be excellent, for a hospital dealing with patient information, it might be better suited for an on-premises system that they can ensure follows state and government regulations. Although having a backup of specific data in the Cloud is always recommended, as long as it follows all of the above’s identity and access policies, laws, and best practices.
WML Cloud. (2010, November 28). Identity and Access Management: IAM Architecture and Practice. Retrieved October 5, 2020, from http://mscerts.wmlcloud.com/programming/identity%20and%20access%20management%20%20%20iam%20architecture%20and%20practice.aspx.
Martin, J.; Waters, J. (2018, October 09). What is IAM? Identity and access management explained. Retrieved October 05, 2020, from https://www.csoonline.com/article/2120384/what-is-iam-identity-and-access-management-explained.html
FIDO Alliance. (2020, September 30). Download Specifications. Retrieved October 05, 2020, from https://fidoalliance.org/specifications/download/.