Strengthening security in the cloud with Identity and Access Management solutions
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  ibm-security iam cloud-security ibmsecurity identity-access-managemen... security
0 Comments | 5,423 Visits
This post is courtesy of Ronnie Shelley, IAM Segment Manager for IBM Security.
In the next three years, IBM anticipates that clients will increase the pace of cloud implementations by 215%. This forecast illustrates exceptional interest in and organizations’ growing acceptance of cloud computing. Part of this acceptance hinges on the availability of reliable security solutions in the cloud environment.
Identity and access management is one security component you won’t want to overlook when designing and implementing your own cloud infrastructure. Cloud computing requires a delicate balance between the desire to share resources with multiple user populations and the need to protect those resources from unauthorized access, data leakage and other exposures. From a legal and regulatory perspective, you must be able to control, monitor and report on who is accessing what cloud-based resources, and for what purpose. And that’s where identity and access management comes in to play.
Successful cloud deployments depend on securely and efficiently managing individuals’ access to resources, and protecting data from loss or corruption. In order to ensure that your company’s IT resources are safe wherever they’re located and whenever they’re needed, identity and access management must be built right into the fabric of your cloud.
Another point to remember is privileged identity management. This is especially critical because of the catastrophic damage that insiders can cause, intentionally or inadvertently. The trends toward outsourcing, cloud computing and virtualization are increasing the overall number of privileged users outside the traditional IT infrastructure. When doing business with outside cloud providers, you need to ensure their system administrators and other privileged users are auditable and accountable for their access activities and privileges. IBM Security Privileged Identity Manager is one security solution that can implement fine-grained control of the activities and accesses of privileged users while maintaining regulatory compliance and guarding against insider security breaches.
To make sure you and your cloud provider can deal effectively with security challenges, consider these questions. What IAM solutions are in place to protect cloud-based assets? How can you be sure only authorized people are accessing your sensitive data and applications? How do you manage and audit privileged users and shared accounts? Is your cloud provider able to provide audit reports to demonstrate your compliance with industry and/or government regulations? When millions of users need access to cloud-based resources, user provisioning (and de-provisioning) must be simple, efficient and highly scalable. How will you support these burgeoning user populations? These questions all matter to the design and implementation of your user-based cloud security solution.
Whichever applications or information you decide to move to the cloud, a solid identity and access management (IAM) solution can lead the way. As in traditional environments, an IAM solution for the cloud should incorporate the following capabilities: user provisioning (including separation of duty, roles-based access controls, and fine-grained entitlements), password management, web and federated single sign-on, and logging and audit reporting capabilities. Implementing strong IAM capabilities will allow your firm to protect sensitive assets while complying with industry regulations for privacy and security within a cloud infrastructure.
In summary, Identity and access management offers tangible benefits of improved user productivity while reducing the risk of security breaches. A scalable, standards-based identity and access management (IAM) solution can encompass both cloud and traditional computing environments so you do not have to manage two sets of credentials, improving efficiencies and saving money. To learn more about strengthening cloud security with IAM, register for IBM’s free white paper, "Manage user identities and access in the cloud".
Get more security news by following @IBMSecurity on Twitter.