Businesses should strive to evolve their existing identity and access management (IAM) systems, deployed today almost exclusively on-premise, to incorporate cloud services.
This is according to Ugan Naidoo, MD of CA Southern Africa's security business unit, who was speaking at the CA IT Management Symposium Africa 2011 yesterday.
The enterprise-ready cloud will only be a reality when enterprises can easily extend their existing IAM processes to the cloud.
He said shared passwords and the move to cloud computing are among the biggest current and future ICT security risks facing local companies.
“Security continues to be a major challenge in the business arena. In future, the security risks that the world is facing now will extend to the cloud. The next big issue will be the confidentiality of data that sits in the cloud,” Naidoo said.
He warned that strong authentication solutions should to be deployed to mitigate such risks. “The user name and password is not sufficient for cloud solutions. Proper IAM solutions must be put into place, or ensure the cloud provider is providing these services,” he advised.
Naidoo suggested that when it comes to IAM, businesses should look at a well-rounded cloud security strategy. “They should extend security 'to, for and from' cloud applications.
“Businesses extend enterprise security to include security to cloud-based applications, including SFDC. They should also deliver security for cloud providers to ensure they meet the same level of security as within the enterprise.”
Security-as-a-service from the cloud including authentication, identity management, federation and SSO is also crucial, he added.
He reckons that regardless of whether an application resides within the enterprise or is hosted in the cloud, managing the identities and controlling the access of users to key resources is a critical function for IT organisations that face increasing pressure to cut operating costs while still enabling compliance and productivity.
“Businesses should get security products focused on delivering a single identity management system to manage identities for applications internal to the enterprise and external in the cloud,” he suggested.
Naidoo explained that existing IAM security solutions should help control users their access and how they can use information in private, public or hybrid cloud environments.
“They help deliver the same level of security found within the enterprise addressing needs that include virtualisation security, compliance, policy management and more.”
Organisations are in need of IAM as a fully-managed service that helps strengthen, streamline and simplify how organisations approach identifying, authenticating and granting secure access to on premise and cloud applications and services.
The enterprise-ready cloud will be a reality when enterprises can easily extend their existing IAM processes to the cloud, when cloud providers themselves use enterprise-grade and interoperable IAM systems for their cloud services, and finally when specialised cloud providers offer IAM services from the cloud, Naidoo told the conference.
Share