In the typical 21st century company, everything is globally networked – from teams to processes to IT systems. For IAM systems, this means that they must take these flexible structures into account and support them on a conceptual level. The topic of „cloud computing“ plays a central role in this.
When they hear the word „cloud“, many people think of applications for end customers, such as Google Photos. Although these are only relevant to business customers to a limited extent, more and more cloud services for companies are coming onto the market that are similar to them: Salesforce.com, file hosting services à la Dropbox or Office 365, to name just a few. Such services must be taken into account in the company-wide IAM concept.
How does a company now gain access to the applications operated in the cloud? In this context, SCIM (System for Cross-Domain Identity Management) is gaining importance. It is now considered the de facto standard for this form of provision. It remains to be seen whether the current trend will continue and lead to more application providers taking up this standard. The SCIM interface is currently supported by many, but by no means all cloud providers. Numerous users of Beta Systems IAM solutions are already setting up their cloud applications via the SCIM connection.
Provisioning in private cloud environments
Long before the term „cloud computing“ entered the normal vocabulary, companies started outsourcing individual IT applications or complete IT environments to external providers. From the IAM system’s point of view, these are invariably private cloud environments, as the target application is operated off the company premises. The different cloud-specific billing models (usage-based or subscription) have no influence on the technical implementation of this IAM approach.
The challenge is rather to operate the IAM system across the entire IT landscape with its distributed IT platforms and complex organisational structures. Providing accounts whose associated applications run in a private cloud environment requires a robust, low-maintenance and autonomous concept for accessing the external applications. A similarly complex picture arises in the event that an IAM system must also manage applications that are run in independent branches or sister companies from an organisational perspective. Beta Systems recommends agent-free connection concepts in this area. Together with fault-tolerant, bidirectional communication and a concept for rapid deployment, the IAM software serves as an intermediary that gives the user maximum control over his external application network.
IAM as a service in the Cloud
IAM concepts are becoming more sophisticated as companies increasingly look for ways to reduce costs in IT. Therefore, a trend towards lean systems has been observed in recent years. Moving IAM to the cloud is one way to realise this goal. Economies of scale, lower requirements to operate the IAM solution and preconfigured governance concepts and applications are the advantages that customers expect from this. At present, not all expectations can be fulfilled, but many such advantages can already be achieved through the cloud-based use of IAM. The operational costs of an IAM solution can also be significantly reduced as soon as the solution is operated in a private cloud environment.
Manage external users
Working in a team with external partners or service providers is the norm these days. Be it freelancers, partners, suppliers or customers – these external users need access to specific applications of the company. For IAM systems, this modern division of labour leads to the necessity of introducing decentralised administration concepts. The constantly growing number of external user types makes it difficult for the HR department to control onboarding and offboarding processes. In this scenario, IAM can only work if possibilities for decentralised administration of (often project-specific or time-limited) access rights are found.
The IAM system should therefore provide functions for flexible internal security (ISEC) and take organisational structures (access codes) into account. In this way, companies can assign administration rights to individual users on a fine-grained level and ensure the selective processing of access rights for individual user groups.
Cooperation with other IAM bodies
The management of external users is about more than just administration by means of decentralised concepts and remote connection. More and more applications are based on so-called identity federations. The resulting trust relationships between several identity solution providers and identity & access management systems make it possible to manage each individual identity in a single system. At the same time, a cross-system single sign-on functionality is provided, with which the leading systems identify users across all connected systems (SAML assertion). By taking over control tasks for the users to be identified by the IDP, the IAM solution provider can support interconnected systems and identity providers (IDPs).
A central IAM system for cloud services
Access management for cloud services can be controlled by an already existing IAM system on the local server (on-premise). An example process. A user is created on the local server. After approval by the supervisor, the identity management system creates the user on the local server as well as for all other required systems, for example for an external cloud application.
Alternatively, the entire IAM system can be outsourced to the cloud. In this case, users, roles and authorisations are managed both locally and in the cloud systems used from the cloud IAM system. The market offers independent solutions for this from both established and new IAM manufacturers. Some solutions can also be operated exclusively in the cloud.
As a conclusion we can say that the role of IAM is to ensure complete cloud security for business organizations employing policies and multiple verification steps within a specific framework. It is an impressive way to manage, control and protect information on the cloud network. By following robust IAM strategy businesses can detect, manage, and control user identities across the entire system and prevent future threats and data breach risks. Using the cloud without an IAM connection inevitably leads to a dead end, as administrative tasks have to be performed multiple times and manually. This not only costs money and time, but also comes at the expense of security.