By Greg Keller Posted March 22, 2016
IT admins face an important question now that more IT networks are moving to the cloud: are they comfortable with cloud-hosted identities? IT admins must also understand if they are willing to place their proverbial keys to their network kingdom in the cloud. Many IT admins are reluctant to do so. They fear there is greater risk in identities being compromised when they’re exposed to the public internet. But the reality is that cloud-hosted identities already exist online in a significant way., What’s new is the proliferation of Directory-as-a-Service® or cloud hosted directory services platforms.
3 Steps to Address Security Concerns of Cloud-Hosted Services
When IT admins are faced with the question of leveraging a cloud directory service, there is often pause to ponder their security concerns. Can identities hosted in the cloud be safe? Should they use a SaaS (Software-as-a-Service) directory platform? Answering these and other security questions isn’t as straightforward as you’d think, because every organization is different. The first step to addressing security concerns of cloud-hosted services is to focus in on the actual security mechanisms in place for the cloud-based directory you’d use. The second step is to audit how your organization is currently leveraging cloud platforms and how users, including their identities and access privileges, are being managed. The third step is to determine how a cloud directory service will actually increase your organization’s security.
4 Key Security Protocols for Identity-as-a-Service Providers
A cloud-hosted directory that’s tied to the public internet can be a target, so instituting security protocols and practices will be essential. Organizations that build Identity-as-a-Service (IDaaS) platforms know the security risks, and they take a number of precautions to secure their platforms and, in turn, organizations’ information. Their safeguards include at minimum four key processes: using one-way salting and hashing on any stored password; segmenting networks; tightening access control at the network and user level; and employing mutual TLS authentication and encryption between components. Other security measures are generally also put into place by IDaaS platforms, and many of these providers submit to voluntary audits and certifications to prove security compliance. Because security is their lifeblood, smart IDaaS platforms have one goal to achieve: build a cost-effective security infrastructure that far exceeds anything their customers could build themselves.
The Big Difference in Security Control Approach
After you’ve investigated the security infrastructure of your cloud-hosted directory service, the next step is to take stock of what your current infrastructure looks like. Determine what cloud and web infrastructure your organization uses. Is Amazon Web Services, Salesforce, or Google Apps being used in the organization? If so, then you must determine how user access is being managed and controlled for all cloud based solutions and web applications. If any users are being stored within those systems, then you organization likely already has cloud-hosted identities. In fact, it’s likely that those identity credentials are also the same ones that users are leveraging internally to access their machines and the company network. Once that is determined, you’ll want to centralize user management and control, versus thinking it’s a user behavior problem that must be stopped.
Thousands of organizations and startups have embraced cloud-hosted identities while keeping their organization secure. It boils down to adequate user management that leverages strong, yet reasonable security measures. Just because you move your IT infrastructure to the cloud does not mean you now have to implement and enforce stronger security controls (it can mean that, but it also depends on your starting point on-prem). However, what you should do is follow security protocols that have been shown to safeguard your company from security risks: requiring SSH keys to access AWS infrastructure; mandating complex passwords to Salesforce accounts; and enforcing multi-factor authentication for Google Apps. Consider this an opportunity to step up your organization’s security in a way that will be cost-effective and strong.
Last Word: Cloud-Hosted Directories Increase Security
Cloud-hosted identities are likely already in use at your organization. Instead of resisting the reality of online security, you have the chance to embrace how a cloud directory service infrastructure can increase your security and, at the same time, centralize control over user management. o learn more about cloud identity management platforms, drop us a note. We’d be happy to discuss your concerns and help you get started.