Skip to main content

Securing Employee Access in a Mobile Cloud World

By June 28, 2011Article

That the mobile and cloud revolution is upon us is a foregone conclusion.
Mobile devices are set to overtake PC shipments within the next year. According to Gartner, 46 percent of the world mobile phones (nine percent in mid-2011) will be smartphones by 2013. Without a doubt, this will dramatically accelerate the growth of mobile Internet users and will inevitably lead to an explosion of mobile applications and data needs.
The growth of cloud computing is no less exciting: our ”Leaders in the Cloud 2011” research study found that 43 percent of the executives forecasted their revenues will be dominated (81 – 100 percent) by cloud-based services and products in five years.
The consumer market spawned much of this growth in the past couple of years. The enterprise market, on the other hand, has been slow to adopt even though they realize the potential benefits of cloud and mobile applications to their businesses. The reasons for this are many: burden of legacy investments, cultural resistance, and unique identity management and access control challenges.
The initial proliferation of SaaS applications for distinct line-of-business requirements led to disconnected islands of computing.

“We didn’t get single sign-on right up front. A lot of our deployment ended up being stovepiped SaaS. We are going back and fixing that now. They do not have support for all the applications, but they are working on it …. There is a big opportunity here for vendors to aggregate all these applications for the user and have workflow mechanisms that work across the SaaS landscape.” – CIO, media company

Every time a SaaS application is added, users need to create yet another password and navigate to yet another website. Single sign-on (SSO) capabilities enable users to login once with one password to access multiple applications. This is a great convenience for users and helps with accelerated roll-out of new applications.
But SSO alone is not sufficient as the adoption of SaaS applications accelerates within the enterprise. Employees can access these applications today from their homes, smartphones, and tablet devices, which are all outside the normal enterprise network access controls. For these reasons, deploying SaaS apps without strong access controls and audit trail creates many security and compliance risks. There are other issues as well. For example, how can companies ensure the security of company confidential data in a SaaS application after an employee quits the company?
Companies should therefore extend all their essential security services that are routinely deployed within the enterprise – including user management and provisioning, access control, and auditing – into the cloud. Unfortunately, traditional on-premise Identity and Access Management (IAM) software is expensive and requires significant effort, time, and resources to customize and deploy globally. Furthermore, these legacy solutions don’t work very well with SaaS applications: only 10 percent of SaaS applications use identity federation standards such as SAML. Developing custom extensions and connectors for cloud applications and integrating the various identity sources – such as active directly, LDAP, etc. – can quickly get very expensive. Except for the largest companies, this is beyond the budget of many organizations.
No wonder then that companies are finding out that extending identity management out to the external cloud is quite often extremely difficult, if not impossible, using existing tools and architectures.
“There are some pretty significant differences between identity management in the enterprise and identity management in the cloud,” says Eric Olden, CEO of Symplified, a company offering a single-point native cloud-based platform that integrates security and employee access across cloud applications and the enterprise. “Identity Management is not just about SSO,” continues Olden, “if you are also not doing the active user management and provisioning including access control, you really don’t have a solid foundation to scale.”
An ideal cloud-based Identity Access Management solution will offer the intrinsic elasticity, scalability, and cost advantages of the cloud architecture. It will also provide the flexibility to run locally in different geographies to satisfy national regulations and certifications. Furthermore, being cloud-based, it will act as an integration hub allowing access and secure connectivity to many leading as well as emerging SaaS applications. Likewise, it will enable secure collaboration between employees (including those in remote offices), customers, and partners.
The challenge will still be how to make such a solution work with traditional enterprise applications or the emerging private cloud applications. “We approach this hybridization challenge using a single point of management and a single portal,” adds Olden, “to unify public SaaS applications and public infrastructure (such as AWS) and make them work seamlessly with applications within the enterprise.” When it comes to unifying identity management across SaaS apps, Olden says “we support ‘universal’ SSO to both SAML and non-SAML apps using HTTP-FED.”
At the end of the day, Symplified does a lot of the heavy lifting, abstracting the complexity away from end users and developers. As their name implies, Symplified has made the whole process quite simple by providing a single platform for securing cloud applications outside the firewall.
Judging by their 700 percent year-over-year growth and more than a million user licenses, Symplified is clearly solving a significant problem around identity management and access control of cloud applications. Because of their reasonable costs compared to traditional solutions and custom point customizations, small and medium-sized businesses now have access to state-of-the-art IAM solutions.
We thank Eric Olden, CEO of Symplified, for sharing his thoughts on Identity and Access Management in the cloud.
Kamesh Pemmaraju heads cloud computing research for Sand Hill Group. Follow him on Twitter @kpemmaraju.