Overcoming Challenges in Deploying Cloud Applications

March 10th, 2015   /     /   Smarter Identity

I was reviewing a Forrester Research report titled “Use Commercial IAM Solutions To Achieve More Than 100% ROI Over Manual Processes” from Dec 4, 2014, and the numbers just jumped out at me- the time is now to implement Cloud Identity & Access Management, or Identity as a Service (IDaaS) solutions. I saw process optimizations, cost savings, and security posture improvements in several areas:

End User Challenges

1. Cloud Application Access
Granting access to SaaS applications impacts both the productivity of end users and similarly that of the IT organization. And failing to update or revoke access has security implications. Manual provisioning and de-provisioning of all your users to all your enterprise SaaS applications is a show stopper. Let’s just look at some numbers: 3,300 employees and 100 apps, that’s over one-quarter million rows of data. Assuming 10% annual churn, that’s another 60,000 rows to remove and create. Forrester estimates that Help Desk calls cost an organization up to $10 each.

From a security perspective, Forrester reported that nearly 50% of data breaches were caused by internal incidents within an organization. This was directly related to employees leaking data inadvertently or intentionally, resulting in a cost of approximately $250,000 per year.

Bottom line: Time to automate user provisioning and de-provisioning, and control access to applications and data.

Read more about “3 Requirements to Automate Cloud Provisioning

2. Password Fatigue and Resets
Users are simply overwhelmed when presented with the potential of having to manage 100 different username/password combinations, and the associated URLs for all their applications. The time spent logging in and out of applications, or waiting for the help desk to reset their passwords, detracts from time being productive for the business. And from a security perspective, should users react to this password fatigue by creating minimum or reused passwords, or worse yet writing down on a Post-It at their desk, the organization is placed at even greater risk.

On the backend, each SaaS vendor likely has different password requirements relative to strength and expiration. It is unrealistic to ask IT to be application experts with knowledge of 100 different administrative consoles in order to manage passwords. This can be a drain on their productivity.

Bottom line: Time to provide Single Sign-On (SSO), establish a System of Record and synchronize systems in real-time.

3. Mobile Experience
Nearly 50% of cloud application requests originate from mobile devices, thus mobile applications themselves are an increasingly important tool for driving business outcomes. Yet, it is cumbersome for users to constantly re-enter their credentials, particularly in email and strong password format, from tiny keyboards. This inconvenience will wear on mobile users who may seek alternatives likely to be less secure, or simply abandon mobile access thus eliminating the productivity benefits.

Bottom line: Time to address the Mobile form-factor user experience and native applications

IT Challenges

4. Shadow IT
With upwards of 80% of cloud applications used within the enterprise outside IT’s control, having visibility into who is accessing what, and where potentially sensitive data resides, is crucial. Enterprise SaaS applications have demonstrated that IT can be responsive to an agile business, and can quickly bring new applications online- thus the need for shadow IT is marginalized. Once applications are under IT supervision, centralized policies can be applied to ensure necessary layers of protection are enforced to further protect data.

Bottom line: Time to reign in all cloud apps and provide a standard catalog of sanctioned enterprise applications

5. Federation and Single Sign On (and Sign Off)
Digital business has become more distributed, sharing cloud infrastructures and applications through numerous multi-tenant service providers. For organizations to successfully manage their user accounts across all these applications, they need to begin by federating numerous user directories and cloud app user stores, and reconciling them against a chosen directory of record or single source of truth. As the federation of identities and centralization of authentication become more common to support Single Sign-On (SSO), risk is aggregated to a singular point serving multiple services. It becomes critical that additional credentialing or multi-factor authentication (MFA) technologies be implemented alongside federation services to support the levels of assurance (LOA) required to meet trust requirements.

Bottom line: Time to enable cross-domain authentication and bring SSO to end users

6. Strong Authentication
At the crossroads between users and their cloud applications sits Identity and Access Management. As more cloud applications are placed into service and systems become more distributed, organizations must provide trusted authentication across domains. Users need a central place to access all their cloud applications with a single user name and password. Users no longer have to manage their hundreds of passwords, or expose the organization to brute force attacks against weak passwords.

Bottom line: Time to centralize authentication services via a single Identity Provider (IdP) or portal

7. Audit Reporting and Compliance
Responding to auditors is a task everyone recognizes as a periodic cost, yet it ensures the organization fulfills its compliance obligations by providing operational checkpoints that verify proper controls are in place. Ensuring that processes and systems support tasks like defining employee entitlements to applications, tracking management approvals, and responding to changes ensures the organization’s attestation process proceeds smoothly. Comprehensive audit reporting easily summarizes information pertaining to who has access to what, and who has accessed what. Doing this in an automated manner across hundreds of cloud applications and countless organizational roles and policies, versus manually, can save time and money, and alleviate lots of frustrations. Forrester estimates that using an automated IAM system can reduce audit preparation personnel headcount by 90%.

Bottom line: Time to automate monitoring, reporting and attestation of cloud application access

Summary

Forrester projected that automating IAM via a COTS Cloud IAM solution, for a 3,300 user organization with 100 applications, results in a 310% ROI versus managing these activities manually.

About the Author

Chip Epps joined OneLogin in 2014 to help advance cloud security initiatives and the evolution of identity and access management. Having worked previously at Symantec, Trend Micro, and Websense he focused on securing virtual data centers and implementing SaaS-based compliance solutions. Prior to a career in security, Chip worked at Peregrine Systems (now HP), promoting ITSM and service management within a dynamic IT environment.

View all posts by Chip Epps