By Rajat Bhargava Posted April 24, 2018
There might not be a more important activity in an IT organization than compliance. Today’s business climate is rapidly shifting to value security and privacy for individuals and businesses. IT organizations need not look further than new regulations such as GDPR (General Data Protection Regulation). Even technology titans such as Google, Facebook, and Uber are embroiled in major regulatory issues regarding security, privacy, and compliance. Fortunately, while there are many different activities that constitute compliance within an organization, a new category of IT solution is enabling compliance through cloud identity management.
Why is Compliance Important?
Virtually every organization will now be touched by some component of security and privacy compliance. With GDPR, for example, any organization that has European users or data will be subject to compliance. There will be very few organizations left untouched by this significant regulation. Add to that mix PCI Compliance, HIPAA, GLBA, FISMA, and countless others, and it is hard to believe that any IT organization will be left unscathed.
For IT admins, there is no silver bullet to compliance. It is a series of steps with people, process, and technology all playing a significant role. There are a number of core parts of compliance activities with the security of data and access to that data being primary. While there are a number of technology solutions for the storage of data, and many of these solutions and approaches are custom to each organization’s IT infrastructure, there are more standardized approaches to control user access.
Controlling User Access
Generally, the function of controlling user access is handled by identity management platforms. Historically, that has meant a solution called the directory service or identity provider. These on-prem pieces of technology enable IT admins to control who could access critical servers, applications, and networks. The challenge over the last few years has become that compliance often now extends to cloud infrastructure, web applications, remote systems, and WiFi networks. Unfortunately, these types of IT resources are difficult for legacy identity providers to cover.
Fortunately, a new generation of cloud identity management platform is addressing these issues and enabling IT organizations to meet various compliance regulations. At the heart of the cloud identity management space is a cloud directory service that securely manages and connects users to the IT resources they need. These IT resources could include systems (e.g., Mac®, Windows®, Linux®), cloud and on-prem server infrastructure (e.g., AWS®, Google Cloud Platform™, on-prem data centers), web and on-prem applications via LDAP and SAML, virtual and physical file servers (e.g., Box™, Dropbox™, Samba file servers, NAS appliances), and wired and WiFi networks through RADIUS. IT admins can easily control who accesses what IT resources, either individually or through groups of users using a cloud identity management platform.
Further, Mac, Windows, and Linux systems can be controlled for compliance via policies or custom commands ensuring high levels of security. For example, IT admins can set password complexity settings as well as multi-factor authentication. Plus, systems can be controlled for security settings such as screen lock, disabling guest access and USB storage, and a wide range of other settings.
In doing so, IT admins can address core parts of compliance activities ensuring that users are secure and accessing only the IT resources they should be via a cloud identity management platform. These modern cloud identity providers extend control to modern platforms such as AWS, G Suite™, Office 365™, Azure®, Google Cloud Platform, and many others ensuring that only the right personnel are accessing critical data, servers, and applications.
Enable Compliance through Cloud Identity Management
With virtually every organization subject to various compliance statutes such as GDPR, PCI, HIPAA, and others, IT admins don’t need to struggle with the aspect of controlling access for the user population to critical information. If you would like to learn more about enabling compliance through cloud identity management, drop us a note.