As enterprises shift their platforms to the cloud, identity management has become a growing challenge...Historically this was simply a matter of maintaining an enterprise LAN border and implementing a role based user directory. This directory was used to authenticate users based on predefined roles and departments. However, enterprises are becoming ever more complex and are deploying infrastructures that don’t easily fit into the former model. This new reality can be seen in the expected growth of global cloud identity access management field, which is expected to attain more than 26% CAGR by 2020.
Two key challenges are frequently encountered. The first challenge is access creep and over permission. The second challenge is access technology fragmentation and multiple locations of a decision points.
The Permission Challenge
The proliferation of SaaS applications requires admins to maintain a more extensive list of permission sets and user directories. For example, if a client leverages AWS’s S3 storage service, enterprises will then have to manage new cloud resources such as buckets, and access policies to buckets. Over time, this results in end users being granted overly generous access to company data and assets. As evidenced by a major Ponemon Institute study which stated that, “87% [of enterprises] believe that individuals have too much access to information resources that are not pertinent to their job description.” This study goes on to account that three out of four companies state they cannot keep up with the pace of new services and existing employee access requirements.
Improper permissions because of poor identity management results in events such as the 2014 Sony Pictures hack. Several cybersecurity experts believe that inside actors with improper access were instrumental in the leaking of information. This hack alone cost the company upwards of $20 million to repair. Fortunately, proper policies and strong identity management can help reduce the threat and even completely protect the company from damage.
The Multiple Decision Points Challenge
Enterprises with legacy systems face a challenge when implementing cloud platforms such as AWS. This is because they utilized the same on-prem role based access approach in the cloud. This model works well when access to the cloud platform, means access to all resources and services. However, if different users should have different access abilities, than the role is not engoth, the decision is divided, and additional access controls must be placed in the cloud platform. As the cloud is leveraged and the network grows, access methods evolve and the technology to access multiple datasets changes dramatically. In many cases this will call for developing a customized solution to either consolidate all systems or to bridge between the legacy system and AWS.
As the physical network perimeter disappears, enterprises can leverage the cloud and identity management becomes the new perimeter to access the corporate network, rights management quickly becomes a difficult burden. Rights must be given to parties such as vendors, internal staff, remote workers and company partners, while keeping in mind that they use a wide range of methods to access the data.
Instead of local and role based access, modern access methods depend on time, location, events or projects and attributes. Thus, many companies experience a challenge in migrating complex networks to new cloud based platforms.
As companies begin to scale to the cloud, parts of the network are still secured with legacy systems, while other applications are moved to the cloud. These new complex networks call for a change in methodology for an effective and successful policy management and auditing verification. The answer is IAM based authorization software for AWS and other SaaS vendors.
Identity Access Management (IAM) on AWS with PlainID
The leading vendor in acknowledging and solving these kinds of challenges is PlainID. We solve identity management challenges on top of existing systems, both on premise and AWS. The first challenge of permission migration is resolved by easily creating new policies from existing access roles.
Take a routine AWS deployment as an example. While shifting away from legacy, IT departments can become overly burdened compatible with AWS’s. Due to the resulting added workload, there is a heightened risk of improper access management. Access creep and other violations can easily occur, due to the difference in policy models and the difficulty level of migrating existing users is so great. Enterprises can minimize these risks by utilizing a centralized platform, thereby preventing damage to the access models.
The second challenge is solved with PlainID’s single point of management. Since a centralized policy is used to access both the cloud and on-prem apps, auditing and policy verification are greatly simplified. Instead of having to maintain multiple vendors and technologies, policy makers are only required to manage one, that would fit all. In addition they gain real time metrics and insight into exactly who is accessing company data and how that data is being used.
While identity management is a complex topic, there are solid solutions to these problems. The best solution is to deploy a secure, stable and adaptive authorization source. Companies such as PlainID offer such a platform that will enable easy policy management, thus reducing the administrative burden. With PlainID, resources are freed to drive new projects, new ideas and increase revenue.