5 signs that you've lost control over your cloud apps
Network World - CIOs are waking up to the reality that they've lost control over access to data stored in software-as-a-service applications purchased by other departments.
"By the time an organization buys its sixth or eighth SaaS application, it's in trouble," says Jackie Gilbert, vice president and cofounder of SailPoint, which sells software for bringing these applications back into compliance with company policy. "We're poised to see more auditor attention and more security directed at this problem."
Gilbert says that IT departments are discovering that they can't manage or control access to popular cloud applications such as Salesforce, GoogleApps, Concur, ADP, Workday, Taleo or Box if provisioning and de-provisioning is handled by the department that purchased the application.
"Because it's being done outside of IT, the kind of discipline and access control best practices do not normally get done," Gilbert says. "The more SaaS applications that an organization starts to adopt, the more they start to see security weaknesses crop up."
Here are a few of the most common signs that your identity and access management (IAM) solution isn't working when it comes to your growing portfolio of cloud applications:
1. End users start sticking Post-It notes all over their computers listing user names and passwords for cloud-based applications. One solution to this problem: a single sign-on system that supports your portfolio of hosted applications as well as your directory system.
2. Employees leave the company, but their access to cloud-based applications isn't removed, resulting in a proliferation of so-called "orphan accounts.'' To solve this problem, you need to have an automated de-provisioning system that eliminates access to cloud applications at the same time as traditional software applications.
3. Managers are no longer approving data access for new employees. Most large organizations have access control systems that automatically generate e-mail to managers for them to approve user privileges, but these access control systems don't always include hosted applications.
4. Nobody is monitoring cloud-based applications to make sure access is current. As employees' roles in the company change, their access to information should change, too. A classic problem is entitlement sprawl, where people keep getting access to new information when they are transferred or promoted but nothing gets taken away. IAM solutions can identify employees with excessive access.
5. You're losing accounts to the new employer of a salesperson who left your company. Lighthouse Security Group said one of its customers noticed that it was losing accounts to a key salesperson who had been fired. This salesperson was never removed from Salesforce and was using proprietary data stored there to harvest the company's clients.
- Datacenter eGuide Read on to learn what technologies are essential for high-performing data centers today, and to get a glimpse of what the data center...
- Vblock™ Specialized System for High Performance Databases Learn how Vblock™ Specialized Systems have been designed to deliver high performance in the millions of IOPS - with millisecond response times.
- Oracle EBS and RAC Performance & Elasticity on Vblock™ Systems VCE Vblock™ Systems provide simple, low-risk solutions for migrating from a physical to virtual environment.
- Backup and Recovery of Oracle EBS on VCE Vblock™ Systems This solution architecture describes the key features and benefits of backup and recovery in the virtualized Oracle EBS on Vblock Systems with EMC...
- Live Webcast How to serve up a Grand Slam with a scalable IT Infrastructure for cloud, big data and advanced analytics Register today to attend this webcast, and see examples of how The U.S. Tennis Association, Wimbledon and U.S. Golf Association are using the...
- Enhance Your Virtualization Infrastructure With IBM and Vmware Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage aspects as well
- What are the desktop virtualization market trends and how can you successfully deploy your solution? You've probably heard about desktop virtualization -- and some of its benefits -- things like tighter security, streamlined management and lower costs. But... All Infrastructure Management White Papers | Webcasts