February 20, 2018
Strong Authentication in a SaaS World
Three critical components can help organizations secure their workloads in the cloud.
The cloud is everywhere. I speak every day to CDW customers who are looking to move workloads to the cloud in an effort to reduce costs, increase flexibility and provide their IT teams with time to focus on adding value elsewhere. Over the past few years, I’ve seen a dramatic uptick in the number of organizations turning to Software-as-a-Service (SaaS) providers for their application needs.
Moving to SaaS requires rethinking security. In the past, we built our networks using the model of a hard shell with a soft interior. We put multifactor authentication, firewalls and virtual private networks in place to keep outsiders on the outside while allowing our users remote access to internal systems. That model doesn’t work when “inside” includes cloud providers located in different data centers around the world. IT teams now need to build strong authentication infrastructures that are flexible enough to securely integrate with SaaS providers.
There are three pieces to this puzzle: identity and access management (IAM), multifactor authentication (MFA) and cloud access security brokers (CASBs). These three components recently came together for one of my clients, an advertising firm with 500 employees.
Manage Provisioning with Identity and Access Management
In years past, my client spent countless hours setting up access for new users. IT professionals created an account and carefully configured permissions across a variety of services. This often took days, all while the new employee sat idle, waiting to gain access needed to start work.
CDW worked with the firm to deploy a robust IAM system from RSA that automates this work. Now, when a new employee joins the firm, the HR department creates a record for the employee in a centralized system, and this automatically triggers the creation of an account for the employee and the provisioning of his or her access across in-house and cloud-based services. This all happens automatically. Nobody in IT even lifts a finger.
Secure Identities with Multifactor Authentication
Advertising agencies deal with all kinds of sensitive information, ranging from customer lists to client product plans. My client wanted to rest easy, confident in the fact that its security systems would carefully verify the identity of each user and protect them against phishing attacks, as well as other password-stealing exploits.
We rose to this challenge by helping the firm deploy RSA multifactor authentication using hard tokens. Each employee carries a small device on a keyring that generates a one-time passcode that is used each time a user signs into a system remotely. We’re also in the process of moving to soft tokens that exist as an app on a user’s smartphone.
Protect the Cloud with a CASB
Once users are provisioned and securely authenticated, we want to keep track of their activity. Along with my colleagues at CDW, I’m working with this client to roll out Cisco’s CloudLock CASB. Once we have this technology in place, my customer will have policy control and visibility into employee use of cloud resources.
By integrating with the IAM system, CloudLock will differentiate users by role. Account executives will have remote access to client data but won’t be able to download it in bulk. The creative team will be able to access product information but won’t have access to sales data. Management will be able to use the CASB to monitor activity and gain insight into how different teams use the cloud.
Together, IAM, MFA and CASB help organizations build a secure cloud computing environment that protects their data while meeting their business needs.
This blog post brought to you by: