With larger numbers of companies shifting their operations to the cloud, users are getting overwhelmed with remembering a large number of access codes, passwords and URLs. There is also a need to manage user accounts and authentication to ensure that the requirements of rights management and security are followed. This, as any serious IT practitioner will know is the basic cost of doing business. You have to be able to take access control and user authentication as a given.
The problem is becoming more complex because of the proliferation of smart phones and tablet computers. The days of only connecting through a LAN are over and any solution has to cater to a very large number of mobile devices as well.
With companies also opting to use hybrid clouds and at times selecting to keep some critical parts of their applications in-house, the problem of authentication and single sign on is becoming worse. At times companies could even be working with different cloud vendors and still expect to manage access control and user authentication from a single point. Under such circumstances, IT staff can have a difficult time supporting security, access control and user rights management.
New SaaS Offering
A new branch of cloud services is now beginning to be offered that promises to handle these issues. Access control and user authentication services are now being offered by Software as a Service (SaaS) vendors. These services work in the background with the user company’s Active Directory (AD) or Lightweight Directory Access Protocol Service (LDAP) to map the rights and privileges granted to individual users and map them to cloud based services and applications that the company uses. This makes it easy for individual users to work while leaving the work of managing access control to the access control service provider.
A key issue in being able to offer such a service is being able to ensure near perfect availability for the authentication company itself. Most such companies take extreme steps to ensure that they have a service availability of greater than 99.99% because if they were to be off the grid for any substantial amount of time, they would have a cascading effect on their users who would not be able to log in. Even a 99.99% uptime means that there are nearly 53 minutes in a year that the service is not available and even this may not be acceptable to many users.
The authentication vendor offers much more than the mere capability to log in and achieve a single sign on for several applications. It is able to create a workflow consisting of several applications and is able to direct the user from one application to the other – giving him an illusion of a single application while he is actually being transferred between applications. A comprehensive audit trail and report is maintained and all user actions are logged. Since this is a third party service, in some kind of regulatory environments, this kind of audit trail could have more value than an internal company audit trail.
Since the authentication service is aware of the applications the users are accessing, it can automatically hire larger numbers of instances of the cloud service based on pre-defined thresholds and release these instances back to the cloud vendor when the user logs off. This ensures a ‘just in time’ kind of provisioning and de-provisioning and can result in substantial savings while always ensuring that a minimum level of service response is never violated.
Major gains
What does the user company get from the service that it could not have done itself? The answer is time. Given enough time and manpower, one could shift the active directory to the cloud and integrate with every application you are running – both in the cloud and off it. But this process takes time and for a company just beginning to move to the cloud, it is far simpler to outsource its access control and rights management to an expert in the field. The overall stability of the applications and processes in the cloud improve and as a result, the company can concentrate on managing the application rather than its access control and right management. This also brings down the time it will take you to start generating revenue.
You can think of the access control layer as an overlay on all your (possible different) applications. It makes it easier for applications to work together since trust is inherently ensured between the applications.
Be Part of Our Cloud Conversation
Our articles are written to provide you with tools and information to meet your IT and cloud solution needs. Join us on
Facebook and
Twitter.
About the Guest Author:
Sanjay Srivastava has been active in computing infrastructure and has participated in major projects on cloud computing, networking, VoIP and in creation of applications running over distributed databases. Due to a military background, his focus has always been on stability and availability of infrastructure. Sanjay was the Director of Information Technology in a major enterprise and managed the transition from legacy software to fully networked operations using private cloud infrastructure. He now writes extensively on cloud computing and networking and is about to move to his farm in Central India where he plans to use cloud computing and modern technology to improve the lives of rural folk in India.
