Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

A man is sitting in front of two computer monitors while typing. ©
  • it-sa News
  • Data Center Security, Identity and Access-Management

New challenges for identity management

The Cloud has its own conditions for handling digital identities, which often prove too demanding for in-house Identity and Access Management (IAM) systems. Major suppliers have the solutions.

Uncontrolled proliferation is a problem for many companies: Chaotic rights arrangements and unknown accounts are typical situations. Add Cloud services into the mix, and the threat level rises exponentially. The time is right for coherent identity management.

Managing digital identities and assigned authorities is no easy task. The situation is exacerbated with employees working from home offices and the associated growth in use of Cloud systems. The Identity and Access Management (IAM) systems used in many companies are often unsuitable for remote access or Cloud services. But a suitable IAM can help to prevent identity-based attacks, especially in Cloud environments.

Cloud Computing involves storing data in third-party data centres, with access via the internet. A major advantage is the fact that users can access their data from almost any location or device, since most Cloud services are designed to be device and location-independent. But because users no longer have to work in an office or use the company’s own devices, traditional security measures such as perimeter protection using firewalls, in general, are no longer adequate. That makes “identity” the most important factor in access control. The user’s identity determines which Cloud data the user can access, not the device or the location.

Stringent requirements thanks to Cloud Computing

But in the Cloud, IT security is subject to different conditions for which many departments are not prepared. All major Cloud providers have their own security framework and also often their own Identity and Access Management (IAM) system. That means in-house IT specialists also have to configure and manage the guidelines and roles the Cloud providers supply. To do this, they need additional specialized knowledge. Network specialists also have a part to play in Cloud services.

Most Cloud providers’ policies are very complex. Dealing with the authorization systems of the various providers is therefore labour-intensive, but simultaneously serves as a basis for implementing in-house guidelines and roles. But many companies need to adapt quite a lot of rules that determine how objects and services work together in the Cloud. 

Major Cloud providers supply their own IAM

Many of the larger Cloud providers are aware of the issues and help their customers to put guidelines into practice or identify risky policies. They have developed tools such as Google Cloud Identity, AWS IAM Access Analyzer and Azure Security Center and Privileged Identity Management for this purpose. But constantly monitoring guidelines and adapting to changes is still labour-intensive. 

In particular, companies that make use of hybrid or multi-Cloud solutions often use special Cloud services for identity checking, known as Identity-as-a-Service (IdaaS). These services can be considered as a variation on the partial outsourcing of identity management. They function as a kind of central switch point for Single Sign-on (SSO) and rights management. The IdaaS providers connect to in-house directory services such as Microsoft’s Active Directory. Because this gives the providers of these services access to highly sensitive company data, having confidence in them is not enough: it is essential to check the provider and its agreements in depth. 

Author: Uwe Sievers


This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.