Infrastructure > Cloud

Taking the cloud-based approach to identity assurance

Published 16 February 2016

Users such as the Skills Funding Agency are turning to the cloud to help deliver single authoritative identity assurance solutions, says Fordway managing director Richard Blanford

 

Identity assurance is becoming an increasing problem as public sector organisations require access to more IT services, many of which are no longer hosted internally. This has led to additional authentication requirements and multiple, more complex passwords for each service. The challenge for the organisation is to know who is accessing each service and independently authenticate them.

As access processes become more complex, there will be users who ignore policy and put security at risk by putting passwords on Post-Its or avoiding logging out, while others take up help desk time with endless password resets. We have carried out surveys which found that some 25% of help desk calls logged are due to password problems.

Using single sign-on to eliminate both problems would significantly increase productivity and reduce costs, while reducing security and compliance risks. In the past these solutions have been highly complex and required significant investment. However, the cloud now offers an opportunity to provide a single authoritative identity assurance solution which can authenticate against almost all IT services available today, from ERP and CRM systems to public and private cloud, and can provide secure access from any location.

The identity assurance system works by providing a central account or identity and provisioning this into target systems e.g. Active Directory, SAP, SharePoint etc. This identity manages user authentication and entitlement (depending on their role), compliance and provides user self-service. Adding the cloud enables single sign-on to web service issues and access to on-premise applications from any location, and enables the system to act as an IDP for cloud/extranet services and SAML. It offers three key benefits.

First, it enhances application security by externalising authentication and authorisation to applications, web resources, web services and data. This protects systems from direct exposure. Multifactor authentication can then be added to provide an additional level of security.

Second, having a single secure login standard and basing access to all systems on established policies and audited practices eliminates non-secure user practices and ensures all systems have compliant authentication levels. By providing complete visibility into identity and access management and providing a formal audit trail it can also help organisations achieve and maintain compliance.

Thirdly, by providing user self-service for routine issues, single sign-on can increase productivity and reduce costs, freeing up service desk staff to work on other issues.

Fordway is already providing a cloud-based identity management service to the Skills Funding Agency. The agency wanted a centralised authentication system to provide secure single sign-on to all corporate systems from any location, facilitating remote and mobile working, whether the systems were hosted internally, in the cloud or by third parties. Fordway's cloud-based Identity and Access Management Service (IDAMS) provides a single integrated system through which the agency can manage identity, role and IT service management in line with its security policy while providing user self-service for routine issues.

Single sign-on does not absolve an organisation of responsibility for security and compliance. They need to ensure security and compliance at all times, requiring an authoritative source of digital identity which can be used as collateral for all generally available web services. However, it offers significant security and productivity benefits and by using standard SAML protocols can reduce the total cost of integration for new applications.

Richard Blanford is managing director of IT services company Fordway

 








We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.