Cloud, mobile devices complicate identity and access management, says analyst

These two trends have changed the security environment for enterprises, he noted. “The challenges are about identity management – authenticating users and figuring out what they have access to in the cloud. And the other challenge is, where are they coming from and how can we make sure those devices stay secure or at least in compliance?” Diodati told Infosecurity.

The consumerization of IT, which involves the use of personal devices such as smartphones in the workplace, poses new security risks, the analyst noted. For example, “it is really hard to do smart card authentication for a non-managed device. If you look at an iPad, there isn’t a place to plug in a smart card….So how can you make that stuff work? Because you don’t own it, your options for securing that device become much more limited”, he said.

Access control can help improve the security challenges posed by the shift to the cloud and the consumerization of IT. “Every system should have access control, which helps answer the question of who has access to what”, he said.

When access control was on-premise, it was much easier to integrate the mechanism enterprise-wide so that companies could implement a consistent access rights policy, Diodati said.

With cloud services, companies cannot install access control software at the cloud provider’s location. “You don’t actually control Google Apps but you need a way to harmonize it with what you have. That means having external connectivity to Google, being able to take out the information from Google, being able to make sense of it, and being able to make changes to it. It is a little more challenging because you don’t own Google’s system. You have to play by Google’s rules when configuring the system”, he noted.

One company that is providing a way for companies to control access in the cloud environment is Centrify. The company’s identity and access management products enable organizations to control, secure, and audit access to cross-platform systems and applications using Active Directory.

“Many organizations are facing a Catch-22 when it comes to migrating applications to the cloud”, said David McNeely, director of product management for Centrify. "They get the biggest ROI [return on investment] by migrating to the cloud their business-critical apps that need to scale rapidly and on-demand. But these are precisely the applications that need the tightest security and access controls”, he added.

Centrify explained that when CloudTools are enabled for a newly provisioned Linux server in the cloud, they secure the root account, lock down the server, and join it to the customer's on-premises Active Directory domain. As a result, only administrators defined by the licensor of the server, and not the cloud service provider, have access to and control over the server. All access to the server is provided through Active Directory credentials, enabling server activity to be associated with a specific user. Similarly, when a server is terminated from a hosted service, it can automatically be removed from Active Directory.

What’s hot on Infosecurity Magazine?