The adoption of cloud-based applications has been explosive within enterprises over the past few years. Last year, Gartner reported that some 80 percent of organizations said they'll be using cloud services in some form by the end of August 2014. This move to the cloud forces enterprises to rethink their identity and access management strategy as security perimeters move beyond the firewall.
This blog on securing cloud and SaaS apps is the first of six trends that I will be writing about over the next few weeks. The series is based on a webinar and companion paper, Beyond the Firewall: How a New IAM Architecture Takes Your Business Forward (listen to the recording or read the white paper), that my colleague, David Gorton, hosted last month.
The growth in cloud-based apps and SaaS architectures is driven both by organizations seeking more efficient and effective ways to run their business while improving workforce productivity, as well as by well-meaning employees looking for better task proficiency via SaaS apps. But the trend cuts even deeper. According to Forrester Research's 2014 predictions, "A great digital experience is no longer a nice-to-have; it's a make-or-break point for your business as we more fully enter the digital age."
This fundamental shift of business to the cloud has many repercussions for security and compliance:
Traditional IAM systems were not designed to secure apps outside of the corporate firewall. Most of these systems were designed using an agent-based architecture, where the agent or plug-in must be installed on the web/application server as a means to provide access. Although this works inside the firewall (one could argue "how well"), it is rendered quite useless for cloud apps.
Password proliferation creates huge security risks as employees use either the same password for many systems, or use many passwords and have to write them down on sticky notes, in word documents, or some other insecure location of their choice. In fact, 39% of data breaches caused by malicious attacks are the result of negligence, including password theft.
The growth of unique sign-ons can also be a significant productivity drain as employees spend time dealing with finding, updating and re-instating passwords instead of more industrious work time. For example, if your organization has 1,000 users of an enterprise app and each user spends an additional 15 seconds per day on logins, the total cost will be 62,500 minutes per year - or nearly 1,050 hours of employee time.
As good intentioned employees utilize rogue applications, the password proliferation and risk to their company's intellectual property only increases. Companies managing these challenges are using a new IAM architecture that secures both on premises applications and SaaS apps in a cost effective manner.
This next generation IAM solution must include the following characteristics in order to handle access and security demands when applications move to the cloud, including:
Federated architecture - Connect any user to any application from any device using any identity authority. This allows organizations to leverage investments they have already made in traditional IAM to provide employees access to both on premises and SaaS apps.
Cloud-centric - IDaaS provides private or public cloud single sign-on (SSO) among other important time and cost saving capabilities.
Self-service - IT organizations benefit from a self-service model as they add new applications and integrate with legacy and cloud environments.
A great example of a company facing many of these challenges is Equinix, the world's largest data center provider. They found that their fast growing number of applications led to too many usernames and passwords and, ultimately, to a negative impact on employee productivity. When they addressed these challenges with a next gen IAM solution, they gained back two weeks of employee productivity per month (check out the Equinix infographic).
Tell us about your experiences and share your thoughts. How many passwords do you have to juggle? How many SaaS applications do you use on a regular basis for your work? Have you had any security breaches or challenges related to password proliferation?
Next up: Addressing the security risks posed by use of traditional WAM systems to manage the exploding number of APIs used by native mobile applications and HTML5 pages.
For more on specific "Beyond the Firewall" topics, check out: