Cloud application out of control?

CIOs are now aware that the data they store in SaaS applications purchased in other departments is out of control.

"If the official buyer buys 6 months or 8 months of SaaS apps, it's going to be a hassle." "We expect to see more auditors focus on this issue," said Jackie Gilbert, one of Sailpoint's founders and vice president. ”

Gilbert said the IT department found that if provisioning was handled by the department that purchased the application, they would not be able to manage or control popular cloud applications such as Salesforce, apps, Concur, ADP, Workday, Taleo, and box access.

"This type of access control outside of it is usually not a best practice, and the more SaaS applications an organization starts to use, the more security vulnerabilities are seen," Gilbert said. ”

When your identity and access Management (IAM) solution involves an increasing number of cloud application combinations, it will not work properly, following are some of the most common signs:

1. End users begin recording the user name and password of a cloud-based application on their computer. Solution: A single login system that supports your integration of applications and directory systems.

2. Employees resign, but their cloud-based application permissions are not removed, leading to the spread of so-called orphan accounts. To solve this problem, you need to configure an automated system to delete these account permissions.

3. Administrators no longer approve data access rights for new employees. Many large organizations have access control systems that automatically generate e-mail to managers who have permission to approve users, but these access control systems do not always include hosted applications.

4. No one is monitoring cloud-based applications to ensure current access. Employees change their position in the company, and the information they receive should also be changed. A typical problem is the expansion of power, and people are constantly getting new information when they are mobilized or promoted. The IAM solution recognizes excessive access to employees.

5. Your account is being brought to the new employer by the salesperson who has resigned. Lighthouse Security group says one of his clients is losing an account of a key sales person who has been sacked. The salesperson removed and used proprietary data stored there in order to obtain the company's customers from Salesforce.

IAM vendors say they can solve these 5 problems by integrating with the most popular cloud applications.

On how IAM tools work for web-based and cloud-based applications, Courion chief operating officer Dave Fowler explains: "We tap human resource systems to trigger a process for employee information to automatically bring onboard people and give them rights." The user may get an email account and Active Directory entry, and then request to be sent to their manager, clicking on different application grant access permissions. When approval is completed, the employee is automatically deployed. We recorded all the content and knew who had access to the content. ”

(Responsible editor: The good of the Legacy)