Control and Security
For anybody making use of cloud services this involves an unruly patchwork of identities and credentials. A risky business for sure as we are finding out on an almost daily basis through harrowing stories of account hacks in the media. A scenario any organization wants to avoid.
To properly manage your corporate identities keep everything centralized.
Not every cloud service is highly sensitive or poses a vulnerability and many enterprises do not want to abandon their current user stores (most likely an MS active directory). But to properly manage our corporate identities and their access rights we have to keep everything centralized.
From a governance standpoint we want to ensure efficient use of IT budget. So we’d like to be able to provision and de-provision cloud subscriptions and users based on our central user store. We need to prevent running any unwanted security risks. Think of deletion or suspension of all account access when an employee leaves the company, proper Role Based Access Control (RBAC), a uniform password policy, etc.. Also, we need the means to report on the effectiveness of our governance measures.
A mature cloud supplier should offer a way to implement a federated identity. There is more than one standard however, which means that in most cases a third party solution should be considered to manage identities and access. The CCoE will support with requirements, designs and acquisition of an IAM solution. Standards and guidelines around IAM are considered to be part of the Enterprise Architecture.
If your organization is lacking in IAM maturity you should preferably fix that first. On the other hand, it’s not that difficult to find a simple but sufficient IAM application to hold you over until all the other IAM issues are sorted out. The message is, better to have something than nothing. Cloud adoption will move fast, fixing your IAM process issues will not.
Process or Activity
The CCoE will support with setting up requirements, validating designs and assist the acquisition of an IAM solution. Standards and guidelines around IAM are considered to be part of the Enterprise Architecture.
Demarcation of Responsibilities
Manager Enterprise Architecture is ultimately responsible.
Cloud Architect (and Software Architect) and provide design and integration proposal of IAM in Enterprise Architecture.
CCoE responsible for IAM operations (f.i. account provisioning and policy maintenance).
To Do List
Validate accuracy of current account structure, roles and privileges.
Set up additional accounts for a.m. Monitoring, Security and Backup.