Cloud Access Management – The Human Factor

Cloud adoption is now near universal: 93% of organisations use cloud services. The benefits, including ease of access, pay-as-you-go pricing and quick time to value, are well known. There are also challenges, though.

As organisations expand cloud utilisation, there is often an inexorable spiralling of management and usage complexity, directly related to the human factor – issues impacting on an organisation’s cybersecurity which arise from employees and others with internal systems access.

For example, the requirement to maintain numerous usernames and passwords. Users may resort to insecure workarounds, easy-to-guess passwords, or the same password for multiple services.

Compounding the issue, cloud apps often use only single-factor authorisation, despite the fact that most data breaches can be thwarted using strong two-factor authentication (2FA).

Password issues clearly open up serious security holes, but also drive up helpdesk costs – Statisnet reports that typically 20% of helpdesk costs relate to password reset requests.

Meanwhile, IT’s view of user activity tends to be foggy at best. Clear visibility of where and when users access each app is essential to regulatory compliance, and even more important with the introduction of new regulations such as the GDPR.

Download The Full Human Factor Guide Today

Download Now

Organisations can take four simple steps to gain control over cloud access across the workforce, mitigating many of the human factor risks associated with the cloud.

  1. Use Cloud Single Sign-On

Single Sign-On (SSO) acts as an intermediary, giving users automatically authenticated access to diverse resources, having themselves authenticated just once. It removes the need to log in to each resource separately, and the need to remember multiple login credentials.

Widely used for some time on-premises, SSO can now (through identity federation protocols like SAML 2.0) extend enterprise identities into the cloud, affording organisations similar convenience across cloud-based resources.

With Cloud SSO implemented for all cloud applications across the organisation, users have access to all the apps they need, having logged in once with their existing enterprise identity.

While some cloud apps will be in use across the organisation, others will be more specific to individual users and groups. SSO can be configured to give individual users or groups access to specific sets of cloud resources.

The configuration of group-based access policies can be simplified by using role-based groups in the organisation’s Active Directory, MySQL or other user stores. This also makes provisioning, updating and revoking access permissions easier as employees join, leave and move around the organisation.

How to improve the security of your networks and data?

Download Now
  1. Employ Scenario-Based Access Policies

Granular, scenario-based policies allow IT to set authentication levels for specific login situations. For example, accessing a simple time management app may require significantly less trust than logging into an IT Administrator account or the corporate VPN.

Scenario-based access policies can be defined, taking into consideration the sensitivity and risk exposure of each cloud app and the privileges held by each group. Access management systems can then leverage contextual information, such as the source of login attempts, to apply more rigorous authentication only when required.

In low trust scenarios, such as logins in from unrecognised networks, security can be enhanced, perhaps through a 2FA method such as out-of-band push authentication. In high-trust situations, such as a login from a known device, immediate access can be granted.

  1. Optimise Your Access Policies

Scenario-based access management depends on appropriate access policies. Data-driven insights into the applications accessed throughout the day, the users they are accessed by and the access policies used enable the fine-tuning of access policies, ensuring they are neither too weak nor too restrictive.

If an app is frequently accessed from a high-risk location, for example, invoking a specific policy requiring a single password or PIN, IT might consider upgrading the policy to also require a one-time passcode.

  1. Ensure Cloud Scalability

There is a continual flow of new apps coming onto the market, and mergers and acquisitions may bring new apps and users into the organisation. As with all aspects of business, cloud access management scalability, allowing for the easy addition and removal of apps, users and groups, is essential. Adopting industry-wide standards such as SAML 2.0 and integration templates help enable such scalability.

Taking these four steps will help secure cloud access across the organisation. Users will enjoy frictionless access to services and resources, with appropriate levels of authentication for each sign-in scenario. IT will benefit from simplified management and improved user activity visibility, with fewer password reset requests. The organisation as a whole will benefit from improved risk management, stronger productivity and enhanced employee satisfaction.

Learn more about protecting your organisation from insider and other related threats in our guide, “Enterprise Cyber Security – Addressing the Human Factor”. Download your copy here

2019-03-28T16:14:33+00:00 January 28th, 2019|Gemalto, Security blogs|0 Comments