Cloud computing has changed the way users connect to enterprise apps and data. With a more distributed compute model, cloud enables users to step out of bounds into a more mobile environment. As a result, cloud computing, along with BYOD policies and mobile applications, lead many enterprises to evolve their IT security strategy.
And secure user access -- achieved through identity and access management (IAM) -- is an important part of any cloud security model.
What is identity and access management?
IAM services allow admins to create, modify and delete user identities to ensure those users have proper access to resources. A critical aspect of an IAM system is a scalable, centralized directory service to store identities and access information. The implementation of policies ensures that users can only gain access to resources they are permitted to access. By tracking user activity, security teams can pinpoint any malicious acts.
What are some ways to evolve IAM for cloud?
Each enterprise's needs are different when it comes to cloud security. Before you jump in, it is important to step back and look at your core requirements in cloud. These requirements dictate which security approach fits best and which IAM services you may need.
According to David Linthicum, senior vice president at Cloud Technology Partners, a cloud consulting firm in Boston, and a TechTarget contributor, there are four common approaches for IT teams to consider:
- Identity management services define identities for users and resources, and provide centralized management to store and read identities.
- Access management services work with identity management services to control which users have access to which resources. These services can use single sign-on (SSO), role-based access management and other capabilities.
- Identity governance services create policies for identity management to ensure adherence to compliance and governance requirements.
- Authentication services take security a step further with multifactor or out-of-band authentication to verify identity.
IAM systems need to be tailored to an enterprise to be effective, and IT teams should create integration plans to bridge cloud IAM services with their traditional security systems.
Cloud IAM service providers and offerings
What IAM services are available from public cloud providers?
The top three public cloud providers, Amazon Web Services (AWS), Azure and Google, offer IAM services for their clouds. With these services, cloud admins can monitor and manage IAM functions. Common features include granular permissions for access to a provider's resources, multifactor authentication and single sign-on. While the IAM services from the major public cloud providers share many features, there are some differences, such as access to log records. For example, while Google's audit trail history is built into the IAM service, AWS users access that information through integration with AWS CloudTrail.
Azure is an established player in the IAM market and first offered Microsoft Active Directory, an on-premises directory service, for legacy environments. With the growth of cloud and demand for that same level of security, Azure released Azure Active Directory to secure on-premises and cloud applications.
AWS, Azure and Google IAM services are free, but Azure users can upgrade to basic and premium editions for more features.
For a more specialized approach, users can take advantage of third-party products, such as OneLogin, which provides IAM for cloud-based applications. For enterprises that want to build their own IAM from scratch, they can take advantage of open source technologies but this approach can be more complex.
How will the cloud IAM market change over the coming years?
Security will always be a top priority in cloud, as will managing identities and access. Currently, the cloud IAM market is estimated to be about $600 million, and it is projected to grow to $1 billion in 2017, according to analyst firm Gartner. According to TechTarget contributor Alan Earls, new cloud IAM vendors continue to enter the marker, such as OneLogin and Centrify, which cater to enterprises that do not have the skills to support on-premises IAM products. Established companies, such as Microsoft, IBM and Oracle, now offer cloud products based on their on-premises IAM counterparts.
SSO continues to be in high demand because of its speed and convenience. This could lead to the creation of more IAM features, as it did in the past with the on-premises versions. Users should expect new IAM services and features to unfold in the future.
Delve deeper into AWS IAM permissions
Consider governance needs in a cloud security strategy
Look into multifactor authentication devices for cloud