As IoT Grows, Identity Management & Access Controls Must Tighten

Everything’s online. It’s all connected. The Internet of Things might feel like it’s slowly creeping up until one day your refrigerator, toaster, front door, and dog’s collar are all talking via the cloud—but even if that reality hasn’t yet come to exact fruition, the time to lay the infrastructure groundwork for the IoT is upon us.

That means that security is also growing in importance. Big data comes from a wide variety of sources and is accessed along many different network vectors and locations along the way. From the initial record sent out on the network to the storage array holding it to the analytics platform and end user crunching the numbers, big data and the IoT translate into new ways for critical information to leak. 

Identity management and access controls must be simple, enforced, and strengthened in order to keep our future of cloud big data platforms intact.
 

Planning for Digital Identity Management

As your infrastructure grows more complex, even small organizations must take steps to plan access controls to cloud resources. If you’re dealing with large data sets, that often means that chunks are split up for processing and recombined later using automated tools built into your analytics platform. If you aren’t dealing with big data, your users are still juggling enterprise credentials for different e-mail, collaboration, and sharing platforms in addition to any public cloud resources they may use outside of IT’s purview.

Gartner estimates that by 2020, 60% of digital identities in the enterprise will come from external identity providers—or a single sign on solution that orchestrates all of these disparate platforms. Only around 10% of enterprises have single sign on today. One reason for slow adoption is security. Firms are cautious about handing over the keys to an outside provider. But with more and more data and apps moving to cloud-first or cloud-only deployments, that information is being outsourced anyway. In the meantime, data breaches are ever more common, too.

In order to start planning for your future identity management and access controls, consider the context and systems first of all.

• Who sets up and administrates your authentication?
• How are accounts decommissioned when someone leaves the company?
• Who has access to the authentication platform?
• What roles need access to which platforms, data, and/or cloud applications?
• Where are encryption keys stored? Are the keys themselves encrypted?
• Are monitoring and access systems in place to catch unauthorized access or disclosure of authentication keys?

Identity Management Platforms

There are many identity providers and registrars that can work in concert with cloud service providers to maintain and manage access controls in a more efficient and secure manner. Your ultimate goal should be an identity verification policy across the entire organization, including on premise infrastructure as well as cloud services.

Combining Active Directory and Lightweight Directory Access Protocol connections can allow you to set member- and role-based rules that enforce connection policy. SAML, OAuth, and OpenID are some common protocol standards that are beginning to make inroads among cloud providers.

A given employee can login to a federated single sign-on and automatically be logged into their IaaS, file sharing, and Outlook accounts depending on their Active Directory group. In addition to simplifying the employee’s life, this provides better security (one password to remember, change, and keep strong) and insight into who is accessing what and when. It can also make deployments of new applications faster, as users can be added via groups rather than setting up new accounts across the board.

Your policy still needs to spell out Active Directory management, however. At many organizations, you can find dozens of employees who are no longer employed still residing within the directory.

Have you faced any challenges with identity management and security while administrating your cloud environment? Sound off @greenhousedata!