Cloud Challenges: #2 Control


Passwords in the cloud - controlAs mentioned in the previous blog, fixed passwords can be a huge burden when it comes to cloud computing. Left to the end users, passwords are naturally managed in the quickest and most convenient way. The most frequent choice are dictionary words and sequences of letters from the keyboard. These simple passwords are usually quite easy to hack and as 7 out of 10 people re-use the same password in multiple intances, using fixed passwords for work related cloud services is not really a very good idea.

It is crucial that an organisation should manage its digital identites in a centralised, consistent manner. Password policies and strong authentication are no good if applied at random. For instance, corporate e-mail may follow company guidelines, but an online CRM system may have completely different rules, which the vendor might change over time.

What is more, adding and removing new users ought to be simple and transparent. An administrator shouldn’t have to rack their brains thinking whether a former employee still has access to the company’s online resources.

The solution is to bring back the control of the digital identites inhouse by using federation. The existing corporate credentials can then be used to log on to external cloud services and the user can experience the benefits of web single sing-on. That way, all identities are managed and stored in-house, rather than creating a new username and password each time and giving them over to service providers. Security features such as one-time passwords and two-factor authentication can be added to any service.

With single sign-on, service providers only fulfill their core function and are not actually involved in the authentication process. That is re-directed to the organisations internal authentication system, keeping all of the control within the perimiters of the internal network. Even if a cloud service should suffer a security breach, similar to recent widely publicised hacks, no user credentials would be compromised if federation is used.

When access to online services is securely enabled, users are free to move away from their workstations. From laptops to smartwatches, mobility brings endless possibilities and quite a few challenges. In the next blog post we will ta a closer look on how you can maintain a high level of IT-security in a mobile working environment.