Page 6 - index
P. 6
identity, ideally in real time, ensures the validity of the attribute values, i.e., making certain the
correct value is placed in the correct location and that the placement was properly authorized.
On the other hand, manually modifying user accounts on downstream systems, including
manually entering attribute/value pairs just isn’t a secure approach unless the actions and the
person performing them have been authorized through identity management. We see countless
examples where manual approaches have undermined data integrity, leaving users at a major
disadvantage as their identities and sensitive information float around the cloud, which can lead
to improper representation of their identities in the cloud, as well as the inherent risk for the user
and the organization as a whole. This is an alarming reality, unless IdM is used to either prevent
the malicious events or to immediately detect the events so they can be quickly remediated.
Automated event detection, coupled with attribute management, facilitates protecting users
through proper enforcement of organizational policies. Further, automated event detection
eliminates requirements for manual administration of user attribute sets, which is the single
most-important aspect of securing user identities in the cloud.
Best Practice #2: Policy Management and Enforcement
Once automation is introduced, policy management and enforcement secure the remaining
aspects of a cloud identity. Policy management is the IdM layer defining who is authorized for
each level of access to be granted to downstream systems and applications. Policy definition is
the key to successfully securing cloud identities, whether required by regulations, good
governance, or the duty to comply with a specified set of standards and/or practices for
participating in global federations, i.e., attribute management processes meeting prescriptive
criteria.
Securing this layer entails prevention of unchecked “human” decisions to overrule policy as
these can directly impact how each user is represented in the cloud. I’d sleep much better as a
user by knowing that automated policy enforcement is managing my cloud identity, and that the
process adheres to organizational and/or regulatory guidelines, like CSA, to keep my identity
data safe and properly represented in the cloud.
6 Cyber Warnings E-Magazine – October 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
