Cloud-based access governance: Organisational continuity achieved

By Robert Doswell, Managing Director at Tools4ever UK.

  • 8 years ago Posted in
For years now organisations have been pushing for applications that run in the browser – from an IT perspective, browser-based apps have no software to remotely deploy, patch and support. In so doing, there is much less time and hassle to put systems in place. As such, CRM systems are now all browser based; HR packages have followed suit and now most accounting systems have web-based front ends.
 
Naturally, this has paved the way for cloud providers to take this trend to the next level and offer completely hosted packages. My company is even currently migrating its finance system to an online platform – where we can easily share information with our parent company and associated auditors.

This, of course, has a wider impact on the mobility of the workforce. For years, I have been connecting via VPN into the office to access data remotely; for example, to run a report for an accountant or check payroll items. Now all I need is the URL for the hosted application, and, of course, my username and password – easy! Right?
 
Not so much. So this is where the fun starts. With the username and password. How many hosted applications do I need to access? How many of these applications have login credentials controlled by company policy, and how many do I create myself?
 
There is going to be a mixed bag of username algorithms and password complexity, all of which I must manage myself. From an end user’s point of view this can be very daunting and often lead to passwords being frequently forgotten, meaning your hassle-free cloud application has just created a whole lot of issues for IT service desk. Or worse, login credentials are stored in an insecure way, such as writing them down on a note pad, papers around a work desk or even in unencrypted files on mobile phones and laptops. Thankfully, cloud-based and operated access governance solutions are here to help.
 
With cloud-based access governance, if I am inside the company’s network, I can pull up a landing page listing my web-based applications, whether they are hosted in the cloud or running locally within the organisation. As I am authenticated against the network, the cloud single sign-on can handle all logon requests to these applications, entering usernames and passwords on my behalf. No muss, no fuss -- no dodgy handling of login credentials when inside the organisation.
 
But what about when outside of the network? 
 
With a web-based single sign-on, employees outside the corporate network, e.g. at home or while travelling, can access cloud applications with any device (PC, tablet, android or smartphone) with one single password and username. This means users no longer must remember multiple passwords and user names and can, thus, work more productively. Employees using their personal devices (BYOD) for business will then also be able to enjoy the same features they are used to in the corporate network.
 
It’s very easy to offer SSO within a network, but outside it and with devices other than the company workstation, this has been problematic up to now. After all, if the device is not in the company network, the user could not be authenticated with the Active Directory. A type of federation is then necessary. Achieving SSO federation for cloud applications is often not easy or affordable, or is not supported by the supplier.
 
Web SSO is based on an intelligent browser plug-in that processes the various log-ins for cloud applications automatically. For the log-in details, the plug-in communicates with the single sign-on service in the company’s own network. So the log-in details remain safely stored in the company network and are not accessible at an unknown location in the “cloud.” For the end-user, the plug-in operates completely transparently and he or she can enjoy the SSO experience on any device and from any location. 
 
This is where such solutions really start to shine. If the landing page is hosted on Microsoft Azure, I can access the solution from anywhere. Authentication could be handled by ADFS, for example, but for a cleaner, less expensive and far less complex system I can use any SAML Identity Provider, e.g. Salesforce, to validate my identity.
 
You also get the same continuity that you’d expect from within your organisation; it’s available anytime that your organisation is, and from anywhere you happen to be.
 

By Martin Hosken, Field CTO, Cloud Providers, Broadcom.
By Jake Madders, Co-founder and Director at Hyve Managed Hosting.
By Apurva Kadakia, Global Head for Cloud, Hexaware.
By Terry Storrar, Managing Director at Leaseweb UK.
By Cary Wright, VP of Product Management, Endace.