Access Control and Right Management in the Cloud – SaaS Provides a New Capability
With larger numbers of companies migrating to the cloud, users are getting overwhelmed with remembering large numbers of access codes, passwords and URLs. There is also a need to manage user accounts and authentication to ensure that the requirements of rights management and security are followed. This, as any serious IT practitioner will know, is the basic cost of doing business. You have to be able to take access control and user authentication as a given.
This problem is becoming more complex, however, via the proliferation of smart phones and tablet computers. The days of only connecting through a LAN are over, and any solution has to cater to a very large number of mobile devices as well.
With companies also opting to use hybrid clouds, at times selecting to keep some critical parts of their applications in-house, the problem of authentication and single sign-on is becoming worse. At times companies could even be working with different cloud vendors and still expect to manage access control and user authentication from a single point. Under such circumstances, IT staff can have a difficult time supporting security, access control and user rights management.
New SaaS Offering
A new branch of cloud services is now beginning to be offered that promises to handle these issues. Access control and user authentication services are now being offered by Software as a Service (SaaS) vendors. These services work in the background with the user company’s Active Directory (AD) or Lightweight Directory Access Protocol Service (LDAP) to map the rights and privileges of individual users to cloud-based services and applications that the company uses. Individual users can now work while leaving access control management to the relevant service provider.
A key issue in being able to offer such a service is capacity to ensure near-perfect availability for the authentication company itself. Most such companies take extreme steps to ensure they have a service availability of greater than 99.99%, because absence from the grid for some time would have a cascading effect on users who would not be able to log in. Even a 99.99% up-time means there are nearly 53 minutes downtime a year, which could still be unacceptable to many users.
The authentication vendor offers much more than mere capability to log in and achieve a single sign-on for several applications. It can create a workflow consisting of several applications and direct the user from one to another – giving him an illusion of a single application while he is actually being transferred between many. A comprehensive audit trail and report is maintained and all user actions are logged. Since this is a third-party service in some regulatory environments, this kind of audit trail could have more value than that of an internal company.
Since the authentication service is aware of the applications users are accessing, it can automatically hire larger numbers of cloud service instances based on pre-defined thresholds, and release these instances back to the cloud vendor when the user logs off. This ensures a ‘just-in-time’ kind of provisioning and de-provisioning and can result in substantial savings while always ensuring that a minimum level of service response is never violated.
Major gains
What does the user-company get from the service that it could not have done itself? The answer is: “time.” Given enough time and manpower, one could shift the active directory to the cloud and integrate with every application running – both in the cloud and off it. But this process takes time, and for a company just moving into the cloud, it is far simpler to outsource access control and rights management to industry experts. This outsourcing task may be taken on by the cloud provider itself, provided that they offer this type of additional service. GMO Cloud offers a wide range of add-on services – from non-traditional security measures to installation of various types of software and applications.
Overall stability of applications and processes in the cloud improve, meaning companies can concentrate on managing the application rather than access control and right management. This also brings down the time it will take you to start generating revenue.
You can think of the access control layer as an overlay on all your (possible different) applications, facilitating coordination through trust being inherently ensured between applications.
Be Part of Our Cloud Conversation
Our articles are written to provide you with tools and information to meet your IT and cloud solution needs. Join us on Facebook and Twitter.
About the Guest Author:
Sanjay Srivastava has been active in computing infrastructure and has participated in major projects on cloud computing, networking, VoIP and in creation of applications running over distributed databases. Due to a military background, his focus has always been on stability and availability of infrastructure. Sanjay was the Director of Information Technology in a major enterprise and managed the transition from legacy software to fully networked operations using private cloud infrastructure. He now writes extensively on cloud computing and networking and is about to move to his farm in Central India where he plans to use cloud computing and modern technology to improve the lives of rural folk in India.