Aspects of Identity Management in Cloud Computing
Identity management is a broad topic that applies to most areas of the data center. However, it’s particularly important in protecting the cloud computing environment. Because the cloud is about sharing and virtualizing physical resources across many internal (and often external) users, you must know who has access to what services.
Corralling the data with identity management in cloud computing
Identity data generally is scattered around systems. Establish a common database or directory as a first step in gaining control of this information. This step involves inputting data to and gathering data from various user directories.
Integrating a cloud computing identity management system
An identity management system must integrate effectively with other applications. In particular, the system must have a direct interface to the following:
Human resources system, where new joiners and leavers are first recorded
Supply-chain systems, if partners and suppliers use corporate systems
Customer databases (if customers require access to some systems), although customer identity management normally is handled by a separate component of an identity management system
Beefing up authentication for access to the cloud computing system
When you require authentication stronger than passwords, the identity management system must work with products that provide that authentication, such as biometric systems (fingerprints, handprints, iris verification, and the like) and identity token systems.
Provisioning for cloud computing
When you link all systems that use identity information, you can automate provisioning. If this process is automated, a single status change (of an employee or anyone else with access rights) can be defined in the identity management system and sent across all affected systems from that point.
When provisioning is automated, users rarely (or never) get more access than necessary. Providing broad levels of access happens frequently in manual provisioning because it’s easier to specify broad access. Additionally, an automated process never fails to revoke former employees’ access to the network.
Single sign-on function for cloud computing
Single sign-on means providing all users an interface that validates identity as soon as a user signs on anywhere; this interface requires the user to enter a single password. Thereafter, all systems should know the user and her permissions.
Some single sign-on products don’t provide the full gamut of identity management capabilities, but all identity management products deliver single sign-on capability.
Security administration and cloud computing
Identity management reduces security administration costs because security administrators don’t have to manually authorize; the identity management system handles that workflow automatically.
The automatic ID management handling is particularly useful for organizations that have distributed security administration over several locations because it enables security administration to be centralized.
Analyzing data in the cloud
After you centralize all user data, you can generate useful reports on resource and application use or carry out security audits. For example:
If you’re having problems with internal hacking you can check a log that lists every user’s activity.
If you have logging software for databases and files, you can monitor who did what to any item of data and when, including who looked at specific items of data. This audit capability is important for implementing data privacy and data protection compliance.