Access Risk and the Cloud – Are you good to go?
Posted by Courion Corporation on Thu, Jan 19, 2012
The cloud is here to stay. Organizations are reducing costs, streamlining operations, leveraging Software as a Service (SaaS) applications (the cloud, that is) more than ever before — and there’s no end in sight. Sure, the cloud is part of the modern enterprise infrastructure, but are organizations’ access risk strategies accounting for all the apps they have in the cloud? It’s already challenging to identify, quantify and manage access risk without solutions in place that can help, and now doing business in the cloud adds another degree of challenge as to how organizations can protect themselves.
Here’s a common scenario. An employee leaves the company on his own, or is terminated. So, you shut off access to his accounts, applications and fileshares. You think you’re good to go. But what about his accounts in the cloud? Do you know for a fact that he can no longer access his old salesforce.com account? If you’re not emphatically saying “yes,” you have a problem. If he has access to his old account, you’re inviting him to access your company’s assets — Personally Identifiable customer and employee Information (PII), intellectual property and other critical data.
We’ve all heard stories about former employees stealing critical information, uploading deadly viruses, or embezzling funds. But many, if not all of these incidents might have been prevented had those companies had better access risk management controls in place.
Most organizations focus their access risk strategy on on-premise applications, yet they still want to take advantage of cloud-based offerings to reduce operational costs and streamline processes. Some are actually moving mission-critical applications and data onto cloud-based platforms without considering the access risk implications. Regardless of whether the apps are on-premise or in the cloud, companies need to apply the same level of identity and access governance to all applications and mitigate their access risk to keep their business secure. So how are they doing it?
Cintas Corporation has the right idea. The international provider of corporate identity uniforms, safety equipment and training didn’t want to end up as another headline in a long series of highly public data breaches so they chose CourionLive™, the SaaS version of the Courion Access Risk Management Suite, as their identity and access management (IAM) solution. Now they have a fast, easy-to-implement, highly secure and redundant solution for managing their user access privileges to vital IT systems. They‘ll be able to automate manually intensive, repetitive IAM tasks like user provisioning, password management and user access certification, and increase operational efficiency while reducing their overhead.
The American Red Cross had the same idea. They needed a way to provision access to the Microsoft Office 365 cloud computing platform for their full-time employees, contractors and volunteers as part of an organization-wide initiative. They wanted to streamline their operations and reduce system costs by turning numerous email systems into one global communication system. As one of the largest Office 365 implementations how are they managing access risk for their cloud-based solution? Courion’s Access Risk Management Suite. It enables the Red Cross to improve security and mitigate access risk across their entire organization, while providing a fast time-to-value alternative to complex, expensive conventional identity and access management (IAM) solutions.
While mitigating access risk arising from cloud-based applications can be challenging — when you have the right solutions, it doesn’t have to be. And you’ll be good to go.