IT department loses five signs of cloud application control

Jackie Gilbert, co-founder and vice president of Sailpoint, said it was in trouble when an institution purchased a 6th or 8th SaaS application. We will see auditors pay more attention to this issue and more security issues related to this issue. Sailpoint sells software that enables these applications to comply with corporate policies.

Gilbert says the IT department is discovering that if the department that buys these applications processes software settings or does not set them up, they cannot manage or control access to Salesforce, apps, Concur, ADP, Workday, Popular cloud applications such as taleo or box.

Because this is something that is done outside the IT department, Gilbert says, access control best practices and disciplines are generally not used. The more SaaS applications an organization starts to adopt, the more security problems they begin to see.

Here are some common signs that your identity and access management solutions don't work when your cloud application portfolio is growing.

1. End users put the user name and password list of cloud applications on all computers with a post-it note. The solution to this problem is to use a single sign-on system that supports your managed application portfolio and your directory system.

2. Employees leave the company, but their access to cloud applications is not removed, resulting in the spread of an unattended account. To solve this problem, you need a system that is automatically released from the configuration. Like a traditional application, the access rights of the cloud application are automatically canceled when the employee leaves the office.

3. Administrators no longer approve data access rights for new employees. Most large enterprises have access control systems that automatically generate e-mail to allow administrators to approve user permissions. However, these access control systems generally do not include managed applications.

4. No one is monitoring cloud applications to ensure access is up to date. As employees ' positions change within the company, their access to information should also change. A typical problem is the permission spread, which means that an employee has not changed access rights after a job transfer or promotion, and continues to maintain access to new information. The IAM solution identifies employees who have too much access.

5. Your account will be lost to a new employer of a salesperson who left your company. Lighthouse Security said one of its clients had noticed that its accounts had been lost to one of the main salespeople who had been sacked. The sales person's account has never been removed from the Salesforce application and has been collecting information about the company's customers with proprietary data stored there.

IAM vendors say they can solve all five of these problems because they integrate most popular cloud applications.

Dave Fowler, chief operating officer of Courion, explains how the IAM tool solves the problem of network-based and cloud-based applications. "We tap into the human resource system for employee information," he said. This triggers an automated process that automatically brings up a person and gives them permission. This user will automatically get an email account and an Active Directory access information. Then, send an e-mail application to the employee's manager. The manager clicks on different applications to approve the access rights. When the approval is complete, the employee is deployed to the brake. We keep records of everything. We know who gets access to what data. We have the same workflow for both entry and exit. ”