Start With The End In MInd: Blog #4 – Manage Access Across On-premises and Cloud Applications

(Source: SailPoint Technologies, Inc. Identity and Access Management Buyers Guide)

“We’ve lost visibility and control over applications in the cloud. We’re not even sure about what’s out there.”

As enterprises accelerate their adoption of the cloud, they must cope with the challenges of managing a hybrid IT environment where some applications reside on-premises and some reside in the cloud. Adding to the complexity of this environment, business units are gaining more autonomy to buy and deploy applications — which can often house sensitive, corporate data — without consulting or involving the IT organization.

Signs that your organization is struggling to manage new cloud applications include:

  • IT is not fully aware of the mission-critical cloud applications in production across various departments and business units
  • Business units are performing their own user administration via spreadsheets and manual updates
  • Business units are requesting that IT integrate cloud applications with directories for periodic synchronization
  • Business units are purchasing their own identity and access management solutions — without consulting IT or considering what IAM infrastructure is already in place
  • IT audit processes, such as access certifications, have not been extended to cover cloud applications

A proper identity and access management solution should help enterprises embrace the cloud while at the same time allowing the IT organization to effectively apply centralized security policy, detect violations and demonstrate full regulatory compliance. Successful IAM solutions will allow you to automate compliance and provisioning processes for cloud applications in the same manner as on-premises applications. At the same time, it should provide end users with convenient access to cloud applications and empower them with single sign-on from any device — at work, home or on the go with mobile devices.

Check back for blog #5, Reduce the Cost of Managing Access Change

Visit SailPoint Technologies, Inc. here.

Learn more about PathMaker Group IAM MAP here. 


Cloud Technology and Hybrid Architecture.

By Chris Fields, Vice President of Security Strategy.

All of the predictions around the explosion in the usage of Cloud technologies have finally come true.  Many organizations are taking advantage of improvements in technology and reduction in cost and moving their applications off-premise and into shared data centers (a.k.a. the cloud).  As cloud adoption increased, more security and identity and access management functions have become commoditized and moved off-premise as well.  Single Sign-On (SSO) and Federation are two pieces that have recently arrived in the cloud with solid vendor options.  SSO and Federation are two areas that typically leverage standards based technology and uniform implementation and integration approaches.  These Software-as-a-Service (Saas) products offer improved speed of deployment, ease of administration, and lower cost of ownership than their on-premise equivalents because they are operating in a cookie cutter fashion that assumes that all SSO and Federation function uniformly.

The problem is when organizations look at their more advanced IAM functions and discover that their company doesn’t do things like their peers or competitors.  There is little uniformity across the business processes that have been automated in mature provisioning solutions or with governance and compliance activities.  There are very few Cloud IAM solutions that have tackled these higher functions in a multi-tenant environment with success.  What is a company to do?

Many in the industry think that a hybrid model, or a joining of cloud and on-premise systems, is the architecture that will bridge the time until the next advances in technology make advanced configurations in a multi-tenant environment more viable.  The hybrid model allows you to take advantage of the low price and ease of use of the cloud while still utilizing the more customizable on-premise IAM applications.

Once you decide that you need to move to a hybrid architecture, there are still a lot of decisions to be made around how the architecture should look.  Will the cloud and the on-premise systems be allowed to communicate in real-time over dedicated network connections?  Will you use secure API technologies from the cloud to manage identities in the on-premise applications?  Would a bridge or proxy be a better decision?

There is no cookie cutter solution as every customer scenario is different.  PathMaker Group has been working with cloud technologies for years and has the experience and expertise to help guide your architecture decisions, product selection, implementations from beginning to end.