Skip to main content

When Cloud and Identity Meet Together

Identity management gives the opportunity to a company to effectively identify, authenticate and authorise single users or groups and their access to specific information – applications, data, networks and systems. User permissions and restrictions on what the employees can access and perform are connected to created by the organisation identities, which can be controlled and configured in an efficient manner. That means that only the right people can access the right resources, at the right times, for the right reasons.

With digital transformation via cloud computing, it is possible to have flexible access to apps and data anywhere at any time, so it’s crucial that identity is on the same level as security – that is why they are so tightly linked. Every organisation should have a top-priority objective – to have the right capabilities to safeguard the new adoption of cloud technology and at the same time to protect information confidentiality in every industry. The strategic partnership between PATECCO and IBM provides the opportunity to leverage solutions that manage both.

  • Why IBM CLOUD IDENTITY?

IBM Cloud Identity helps you ensure user productivity with cloud-based features for single sign-on (SSO), multi-factor authentication and identity governance. The solution includes a variety of pre-defined connectors that allow you to quickly provide access to commonly used SaaS applications. You have the option of defining templates for integrating your own applications. Take advantage of these opportunities when securely connecting mobile workplaces e.g. in the home office.

1. Single sign-on

A major benefit of the cloud is easy access to business tools, whenever and wherever users need them. But when tools and the passwords they require begin to multiply, that benefit can turn into a hassle. Many cloud-based applications that users want, do not have built-in security and authentication features.

You can also forget about username and password problems. Your employees can access thousands of cloud-based applications (such as Microsoft Office 365, Concur, Workday, IBM Box and IBM Verse) in your company with one registration. This gives you easy access to browser, mobile and on-premises applications.

1.1 IBM Cloud Identity SSO capabilities include:

  • Thousands of prebuilt connectors to federate to popular SaaS applications
  • Prebuilt templates to help integrate legacy and on-premises applications
  • Employee-facing launchpads to access any application
  • A seamless user experience to access any application with one username and password
  • A cloud directory for organizations that don’t already have a user directory
  • The ability to sync on-premises directories like Microsoft AD for use with cloud applications
  • Support for multiple federation standards, including SAML, OAuth and OpenID Connect (OIDC)

2. Secure access through Multi-factor authentication

In addition to the user ID and password, multi-factor authentication asks for other factors in order to grant access to applications in the cloud. Depending on the sensitivity of the data, the administrator can flexibly decide to what extent this is necessary.

2.1 IBM Cloud Identity MFA capabilities include:

  • A simple user interface (UI) for defining and modifying access controls
  • One-time passcodes delivered via email, SMS or mobile push notification
  • Biometric authentication, including fingerprint, face, voice and user presence
  • Second-factor authentication for virtual private networks (VPNs)
  • The ability to use context from enterprise mobility management and malware detection solutions for risk-based authentication
  • Software development kits (SDKs) to easily integrate mobile applications with the broader access security platform
  • Risk-based user authorization and authentication policies that use:
  • Identity (groups, roles and fraud indicators)
  • Environment (geographic location, network and IP reputation)
  • Resource/action (what is being requested)
  • User behavior (location velocity

3.Optimized management of the user cycle

Optimize onboarding and offboarding of users. In addition, you can easily create guidelines for access requests via self-service – for both on-premises and cloud applications.

4.Easy access to applications with the App-Launchpad

All applications can be conveniently searched, displayed and called up from a central point. The launchpad combines all applications – both on-premises and cloud services.

IBM Cloud Identity supports users’ requirements for frictionless access to applications, business leaders’ needs to increase productivity, developers’ needs to roll out new services quickly, and IT requirements to more rapidly respond to business change.

EXPERIENCE CLOUD IDENTITY IN ACTION

See how Cloud Identity works for administrators, managers, employees and external parties in this live demo.

Info source: IBM website

The Role of Identity Governance in Security and Compliance

In the complex network of managing user rights, permissions and accounts, tracking who has access to certain resources becomes almost impossible. Every organisation is facing demands, mandates and compliance regulations while managing the access and support of many devices and systems that contain critical data. Identity Governance and Intelligence solutions help business with the ability to create and manage user accounts and access rights for individual users within the company. In this way they can more conveniently manage user provisioning, password management, access governance and identity repositories.

Why is Identity Governance Critical to Security?

Identity governance is the core of most organizations’ security and IT operations strategies. It allows businesses to provide automated access to an increasing number of technology assets and at the same to manage potential security and compliance risks. Identity governance enables and secures digital identities for all users, applications and data.

In case the identity governance is compromised, the organization is left vulnerable to security and compliance violations. Companies can solve this problem by investing in identity governance and intelligence (IGI) solutions that address the business requirements of compliance mangers, auditors and risk managers. According to our partner IBM, “IGI provides a business activity-based modelling approach that simplifies the user access and roles design, review and certification processes. With this approach, you can establish trust between IT and business managers around business activities and permissions, making workflows understandable for nontechnical users. IGI solutions enable security teams to leverage powerful analytics to make informed decisions about identity, give users the applications and the flexible data access they need, and help to ensure compliance with ever-evolving regulations.”

When we talk about managing access within the organization, a number of researches show that more than 50 percent of users have more access privileges than required for their job. In most cases the reason is bulk approvals for access requests, frequent changes in roles or departments, and not regular reviewing user access. The trouble is that too much access privilege and overprovisioning can open an organization up to insider threats and increase the risk throughout the business.

It’s necessary to make sure that users have the appropriate access and to prevent facing with insider threats. The risk could be decreased by using role-based access controls (RBAC) – this means having solid, well-defined roles in place and knowing specifically which access privileges each role needs. As organizations grow and evolve, the right IGI solution can allow for more efficient changes and decrease risk by focusing on role definitions and role assignments rather than on individual accounts. The strategy of RBAC works well to decrease the timeline in executing bulk additions where a lot of change is happening at once, like during mergers, acquisitions and corporate reorganizations.

Why is Identity Governance Critical to Compliance?

Companies today have to manage customer, vendor, and board member demands, but at the same time they also must make sure they are compliant with any number of regulations, such as GDPR, HIPAA, and SOX. The increasing number of federal regulations and industry mandates that organizations face today, leads to more auditing, compliance reviews, and reporting.

Identity Governance is a critical discipline involved in this regulation. To be GDPR compliant, organizations must ensure that the personal data they process, collect, and store is properly protected. IBM Security Identity Governance & Intelligence (IGI) can help with that process. IGI allows only the right people to access and manage GDPR-relevant data. IGI presents these people to a business manager holistically in a single pane of glass. (source: IBM) IGI solutions not only strictly control the access to sensitive information like patient records or financial data, but also enable companies to prove they are taking actions to meet compliance requirements.

Furthermore, IGI solutions make the review process easier and more effective with built-in reporting capabilities to meet relevant government and industry regulations. A good compliance program allows for frequent and multiple access reviews to take place at any given time to meet ever-increasing auditor demands without engaging numerous resources from the organization.

One of the main reasons for implementing an IGI solution, is to ensure that users only have access to the resources they need. It also makes sure that you provide appropriate access, risk mitigation and improved security posture of your organization. Unfortunately, a lot of companies today may not view this as a strategic priority and that is a prerequisite to suffer a security incident at some moment. What such companies should do, is to trust IGI solutions and their strong capabilities. See here how PATECCO IGI Solutions are the foundation for a solid Identity and Access Management program in your organization.