The benefits of cloud-based services are manifold. They enable organizations not only to offset costs but also to achieve greater business agility and to reach new markets and customers. But what about identity management in cloud computing?

Cloud services are essential for embracing many of the technology trends being seen today. Today’s businesses must operate in a world without boundaries. A wide variety of constituents, including customers, business partners, vendors and others, need to access enterprise networks to make purchases, find information and use applications. Gartner estimates that, by 2020, 60 percent of all digital identities interacting with enterprises will come from external identity providers, up from less than 10 percent today. Yet ceding control over internal infrastructure and applications has been cited as a barrier to cloud adoption among 47 percent of firms. IDC also found that 45 percent had, in the past 12 months, at least one known incident of intellectual property being uploaded to cloud computing services when it should not have been.

But are there still barriers to adoption? For one thing, the jury still seems to be out regarding security in cloud services models. Along with compliance and sensitivity, security was still cited as one of the three major barriers to adoption of private and hybrid clouds, according to one recent report by Cisco. However, 76 percent of security leaders interviewed for another recent report are using some form of cloud security services. Furthermore, IDC recently found that 57 percent of enterprises agree that the benefits of using cloud services outweigh the security risks despite the fact that 40 percent have experienced cloud-related security incidents or breaches in the past 12 months.

Greater Need for Identity Management

So what are the risks? In terms of security, identity management in cloud computing is one area that will require increased attention if those benefits are to be fully realized. In order to grant safe access to sensitive information and resources to all those who need it, organizations must carefully monitor which users are accessing what resources to ensure that they are accessing the resources that they need in an appropriate manner. Because of this, Gartner is predicting that identity and access management in the cloud will be one of the top three most sought after services moving forward for cloud-based models.

The need to centrally control access to data and applications is becoming ever more vital to organizations owing to escalating security and privacy concerns. Alarms continue to be raised over data breaches, with the recent breach of 70 million customer records at U.S. retail chain Target currently keeping breaches in the headlines and spurring more organizations to take a keener interest in adding security controls to prevent unauthorized access to customer information. Attackers are using increasingly sophisticated and complex techniques to target organizations, not only looking for one-off hits in terms of the initial data stolen, but also looking to penetrate deep into the network and to stay under the radar while waiting for the chance to seize even more valuable information over time. In almost all such advanced attacks, criminals target specific individuals, often looking to harvest their access credentials.

Such concerns are also exacerbated by more prescriptive regulatory mandates and industry standards and guidelines that require increasingly stringent corporate oversight. Since many such standards and mandates require that strong security safeguards be placed around sensitive information, organizations must be able to prove that they have strong and consistent identity and access controls in place both for those resources housed within the walls of the enterprise and for those accessed remotely via the cloud.

Considerations for Identity Management in Cloud Computing

How do organizations achieve effective identity management in cloud computing without losing control over internally provisioned applications and resources? Context is king. Who is doing what, what is their role and what are they trying to access? This requires the use of threat-aware identity and access management capabilities in order to secure their extended enterprise.

Tying user identities to back-end directories is a must, even for external identities. For this, systems should be used to provide cloud-based bridges to directories. Special attention should be paid to privileged users, which cost US businesses $348 billion per year in corporate losses, according to SC Magazine. Single sign-on capabilities are also a must since having too many passwords tends to lead to insecure password management practices.

Recent research reported by Dark Reading shows that 61 percent of people use the same password for multiple accounts and applications. Deprovisioning of access when it is no longer required is another absolute necessity since orphan accounts caused by poor deprovisioning leaves organizations open to fraud and other security incidents. According to recent research by GroupID, 19 percent of employees change job responsibilities each year, and on average, 5 percent of users in Active Directory are no longer employed by the organization.

But how do you prove that everything is working correctly? For compliance and corporate oversight purposes, all activities related to application access and authorization should be monitored, with comprehensive audit and reporting capabilities provided at a granular level so that all activities can be attributed to specific individuals. The security measures provided are another important consideration to reduce risks associated with fraud, theft or loss of customer data or sensitive, valuable information such as intellectual property.

Benefiting from the Extended Enterprise

Implementing effective identity management is more urgent than ever as organizations open up their networks so that they can more securely extend their services to an ever wider range of external constituents and be able to take advantage of new technological developments such as social media and mobile technologies to better engage their customers. As consumer-oriented technologies continue to rise in importance, organizations must embrace more consumer-conscious approaches for granting and controlling access to their resources, especially to those based in the cloud.

More from Identity & Access

How to Keep Your Secrets Safe: A Password Primer

There are two kinds of companies in the world: those that have been breached by criminals, and those that have been breached and don't know it yet. Criminals are relentless. Today’s cyberattacks have evolved into high-level espionage perpetrated by robust criminal organizations or nation-states. In the era of software as a service (SaaS), enterprise data is more likely to be stored on the cloud rather than on prem. Using sophisticated cloud scanning software, criminals can breach an enterprise system within…

Making the Leap: The Risks and Benefits of Passwordless Authentication

The password isn't going anywhere. Passwordless authentication is gaining momentum, though. It appears to be winning the battle of how companies are choosing to log in. Like it or not, the security industry must contend with both in the future.  But for some businesses and agencies, going passwordless is the clear strategy. Microsoft, for instance, has recently stopped forcing users to use a password to access their account, which allows access to a wide range of Microsoft business and personal…

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Shedding light on…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…