The dramatic and unabated acceleration of cloud application adoption in the enterprise has marked a distinct departure from legacy security architectures. Predominately led by individual business units, the adoption of line of business (LoB) cloud applications has been relatively easy to ignore by central IT as these applications had no requirement for integration with traditional on-premise infrastructure.
As more and more cloud applications were adopted by enterprise employees the challenge for users quickly became how to remember all the different username & password combinations staff required to access their different cloud applications. At this point it has become increasingly common for these users to approach IT and request that access to their cloud application use the same username & password combination required by their corporate issued device.
Many IT security professionals stop and ask what these applications are, what are they used for, what data is being stored in them and who has access to them. With mandatory breach disclosure laws around the corner IT Security Professionals are concerned with the type of data stored in these applications and how this is controlled. With growing awareness of enterprise cloud application usage that is outside of the control of central IT, IT Security Professionals are now asking questions such as:
• What data is being stored in all these cloud applications?
• Who has access to the data?
• How are user accounts provisioned and, more importantly, de-provisioned?
• How is high value data protected from common dictionary attacks?
The reality of cloud usage in the enterprise is that traditional “Active Directory” user based controls are ineffective in the cloud era. Each cloud application becomes its own “identity island” requiring a separate account for accessing its data. With this account comes the issues of account lifecycle management, risk based authentication protection, audit controls, and user access verification requirements. In short, the more cloud applications in use by an enterprise the more disparate “identity islands” there are and the more ineffective on-premise user authentication and controls have become. Users now have to deal with a “fragmented identity” issue – a separate identity for each app they want to use complete with its own set of authentication requirements.
A modern enterprise security architecture requires a way to integrate all aspects of user identity into a common user & identity management system that spans the traditional on-premise world as well as the cloud application ecosystem. A system capable of managing the provisioning of access to various cloud applications required by staff as well as de-provisioning, managing role changes, providing seamless single sign on (SSO) to cloud applications
To achieve these requirements airloom has partnered with okta as part of our “modern workplace” architecture. The okta identity cloud platform enables airloom to deploy a centralised and secure cloud-based identity management solution for our customers. The addition of okta workflows to manage the user provisioning and de-provisioning process delivers a simple & easy to use end user experience provisioning single sign on (SSO) for staff. By leveraging the okta platform airloom is able to unify the “fragmented identity” challenge and offer enterprise staff a superior, simple end user experience while addressing the requirements of enterprise security account management at the same time.