5 signs that you've lost control over your cloud apps
Network World - CIOs are waking up to the reality that they've lost control over access to data stored in software-as-a-service applications purchased by other departments.
"By the time an organization buys its sixth or eighth SaaS application, it's in trouble," says Jackie Gilbert, vice president and cofounder of SailPoint, which sells software for bringing these applications back into compliance with company policy. "We're poised to see more auditor attention and more security directed at this problem."
Gilbert says that IT departments are discovering that they can't manage or control access to popular cloud applications such as Salesforce, GoogleApps, Concur, ADP, Workday, Taleo or Box if provisioning and de-provisioning is handled by the department that purchased the application.
"Because it's being done outside of IT, the kind of discipline and access control best practices do not normally get done," Gilbert says. "The more SaaS applications that an organization starts to adopt, the more they start to see security weaknesses crop up."
Here are a few of the most common signs that your identity and access management (IAM) solution isn't working when it comes to your growing portfolio of cloud applications:
1. End users start sticking Post-It notes all over their computers listing user names and passwords for cloud-based applications. One solution to this problem: a single sign-on system that supports your portfolio of hosted applications as well as your directory system.
2. Employees leave the company, but their access to cloud-based applications isn't removed, resulting in a proliferation of so-called "orphan accounts.'' To solve this problem, you need to have an automated de-provisioning system that eliminates access to cloud applications at the same time as traditional software applications.
3. Managers are no longer approving data access for new employees. Most large organizations have access control systems that automatically generate e-mail to managers for them to approve user privileges, but these access control systems don't always include hosted applications.
4. Nobody is monitoring cloud-based applications to make sure access is current. As employees' roles in the company change, their access to information should change, too. A classic problem is entitlement sprawl, where people keep getting access to new information when they are transferred or promoted but nothing gets taken away. IAM solutions can identify employees with excessive access.
5. You're losing accounts to the new employer of a salesperson who left your company. Lighthouse Security Group said one of its customers noticed that it was losing accounts to a key salesperson who had been fired. This salesperson was never removed from Salesforce and was using proprietary data stored there to harvest the company's clients.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- IDC: Dual Perspectives on ITaaS This global survey by IDG Research Services of more than 350 IT and BU directors at enterprises of 1,000 employees or more reveals...
- IDC Whitepaper: Optimal Path to the Cloud Find out what IDC says about Selecting the Optimal Path to Private Cloud in this analyst white paper. Learn the challenges and benefits...
- ESG Whitepaper: Integrated Computing Platforms: Infrastructure Builds Tomorrow's Data Center Thought Leadership Report: 'Integrated Computing Platforms: Infrastructure Builds for Tomorrow's Data Center.' Highlights the challenges customers face when planning to deploy a Cloud...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Is The Cloud Doing To Your Data Center? In this webcast, we'll look at ways you can distill cloud computing down to principles that you can apply to how you manage...
- Unbox Your Load Balancer Your applications are getting more distributed, virtualized and pushed into the cloud today. But as the world progresses to multi-cloud deployments and sophisticated... All Infrastructure Management White Papers | Webcasts