April 17, 2014 By Fran Howarth 4 min read

The benefits of cloud-based services are manifold. They enable organizations not only to offset costs but also to achieve greater business agility and to reach new markets and customers. But what about identity management in cloud computing?

Cloud services are essential for embracing many of the technology trends being seen today. Today’s businesses must operate in a world without boundaries. A wide variety of constituents, including customers, business partners, vendors and others, need to access enterprise networks to make purchases, find information and use applications. Gartner estimates that, by 2020, 60 percent of all digital identities interacting with enterprises will come from external identity providers, up from less than 10 percent today. Yet ceding control over internal infrastructure and applications has been cited as a barrier to cloud adoption among 47 percent of firms. IDC also found that 45 percent had, in the past 12 months, at least one known incident of intellectual property being uploaded to cloud computing services when it should not have been.

But are there still barriers to adoption? For one thing, the jury still seems to be out regarding security in cloud services models. Along with compliance and sensitivity, security was still cited as one of the three major barriers to adoption of private and hybrid clouds, according to one recent report by Cisco. However, 76 percent of security leaders interviewed for another recent report are using some form of cloud security services. Furthermore, IDC recently found that 57 percent of enterprises agree that the benefits of using cloud services outweigh the security risks despite the fact that 40 percent have experienced cloud-related security incidents or breaches in the past 12 months.

Greater Need for Identity Management

So what are the risks? In terms of security, identity management in cloud computing is one area that will require increased attention if those benefits are to be fully realized. In order to grant safe access to sensitive information and resources to all those who need it, organizations must carefully monitor which users are accessing what resources to ensure that they are accessing the resources that they need in an appropriate manner. Because of this, Gartner is predicting that identity and access management in the cloud will be one of the top three most sought after services moving forward for cloud-based models.

The need to centrally control access to data and applications is becoming ever more vital to organizations owing to escalating security and privacy concerns. Alarms continue to be raised over data breaches, with the recent breach of 70 million customer records at U.S. retail chain Target currently keeping breaches in the headlines and spurring more organizations to take a keener interest in adding security controls to prevent unauthorized access to customer information. Attackers are using increasingly sophisticated and complex techniques to target organizations, not only looking for one-off hits in terms of the initial data stolen, but also looking to penetrate deep into the network and to stay under the radar while waiting for the chance to seize even more valuable information over time. In almost all such advanced attacks, criminals target specific individuals, often looking to harvest their access credentials.

Such concerns are also exacerbated by more prescriptive regulatory mandates and industry standards and guidelines that require increasingly stringent corporate oversight. Since many such standards and mandates require that strong security safeguards be placed around sensitive information, organizations must be able to prove that they have strong and consistent identity and access controls in place both for those resources housed within the walls of the enterprise and for those accessed remotely via the cloud.

Considerations for Identity Management in Cloud Computing

How do organizations achieve effective identity management in cloud computing without losing control over internally provisioned applications and resources? Context is king. Who is doing what, what is their role and what are they trying to access? This requires the use of threat-aware identity and access management capabilities in order to secure their extended enterprise.

Tying user identities to back-end directories is a must, even for external identities. For this, systems should be used to provide cloud-based bridges to directories. Special attention should be paid to privileged users, which cost US businesses $348 billion per year in corporate losses, according to SC Magazine. Single sign-on capabilities are also a must since having too many passwords tends to lead to insecure password management practices.

Recent research reported by Dark Reading shows that 61 percent of people use the same password for multiple accounts and applications. Deprovisioning of access when it is no longer required is another absolute necessity since orphan accounts caused by poor deprovisioning leaves organizations open to fraud and other security incidents. According to recent research by GroupID, 19 percent of employees change job responsibilities each year, and on average, 5 percent of users in Active Directory are no longer employed by the organization.

But how do you prove that everything is working correctly? For compliance and corporate oversight purposes, all activities related to application access and authorization should be monitored, with comprehensive audit and reporting capabilities provided at a granular level so that all activities can be attributed to specific individuals. The security measures provided are another important consideration to reduce risks associated with fraud, theft or loss of customer data or sensitive, valuable information such as intellectual property.

Benefiting from the Extended Enterprise

Implementing effective identity management is more urgent than ever as organizations open up their networks so that they can more securely extend their services to an ever wider range of external constituents and be able to take advantage of new technological developments such as social media and mobile technologies to better engage their customers. As consumer-oriented technologies continue to rise in importance, organizations must embrace more consumer-conscious approaches for granting and controlling access to their resources, especially to those based in the cloud.

More from Identity & Access

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

X-Force certified containment: Responding to AD CS attacks

6 min read - This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from a system within their network targeting a domain controller. X-Force analysis revealed that an attacker gained access to the client network through a VPN connection using a third-party IT management account. The IT management account had multi-factor authentication (MFA) disabled…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today