The Cloud: Boldly Go Where No Man Has Gone Before…

I don’t know when it started, probably during my cartoon watching childhood days, but somewhere in days past — I developed a taste for Science Fiction. I suppose Flash Gordon and the Jetsons got me started and from there, I moved on the harder stuff — like Lost in Space, The Twilight Zone, The Time Tunnel, and of course Star Trek.

Cloud Identity & Access Management (IAM)

I realize that some of those shows might be unfamiliar to you. Honestly, based on the quality of CGI and the talented professionals behind special effects today, those shows would likely be classified as… well… lame. True enough, the special effects are rather pedestrian, but the story lines did draw you in and in the case of The Twilight Zone, would often keep you on the edge of your seat.

I was convinced that by the year 2000, we would all be using flying cars and catching cruise ships to the moon and beyond.

Through the more modern and familiar SciFi endeavors like Star Wars, Iron Man, The Avengers, and the many reboots of Star Trek, Spiderman, and Superman, interest in new and evolving technologies keeps us hoping that flying cars, regular space travel, and even holo-decks might be reachable in a few decades. If we only had a super car that we could use to travel back to the future.

The future of security is now

For all of the promise that future technology offers, there are some rather fascinating capabilities available now that can provide real, hands-on security benefits to companies today.

Cloud-based computing is one of the fastest growing segments of the IT marketplace. Just a few years ago, most companies were hesitant to even consider placing apps on a server in the cloud. There were simply too many unknowns and too much risk. Today, many companies see cloud-based servers as just another ingredient in their enterprise IT universe.

The evolving acceptance of the cloud reminds me of the virtualizaion migration that took place about 12 years ago. Those of you in IT at the time would likely remember that although VMware had the marketshare, at the time there were a number of other vendors with competing products. Some companies viewed virtualization as unproven and too risky. Many of those same companies have now embraced virtualization and consider it a key component in their IT strategy.

A change in perspective

What happened to cause the change in attitude? If you asked 10 people, you would probably get 10 different answers. I think it comes down to three basic driving forces that could be applied to both:

1) One driving force is being able to simplify your support model and focus on your strength. Cloud-based servers offload the problem of server management to the supplier. Man hours that were previously spent on hardware and OS maintenance activities can now be dedicated to the applications and the user experience. Servers become a commodity item and can be quickly added and removed as the business model dictates.

2) Another motivational factor is the changing needs of the workforce. In the case of Cloud Computing, we are seeing a much more mobile workforce than ever before. Companies have workers all over the world and it is no longer becoming practical to bring them into a central office. The cloud allows for access to applications from any internet connection without the need for VPNs or special firewalls to control access to on-premise applications.

3) The third and maybe most important is the availability of tools to let us manage and control access to these new resources. We have had tools available for a number of years that allow us to do centralized control of authentication and authorization for our on-premise servers. Centrify has been providing that solution since 2004.

Controlling access in the cloud

The challenge is how do we control access to those servers and applications now that they are no longer on-premise?

The answer lies in Centrify Identity Service (CIS). CIS extends those same great capabilities that have made Centrify a success in controlling access and authorization for on-site servers, to the cloud and the mobile workforce.

CIS allows us to leverage our AD credentials to control cloud-based and mobile devices. One identity managed and controlled from AD to provide controlled access to all of our devices and our cloud-based applications. We can add/remove applications as necessary and even disable a device or access to all devices from one console.

SSO single sign onUsers no longer have to keep track of many different identities and passwords to access servers and applications. Users are more accepting of stronger password requirements and multi-factor authentication when there is only one ID to manage. CIS also supports SSO (single sign-on) servers and apps using policies controlled by the IT department.

Customers also have expressed a desire to have controlled access to shared accounts (like service accounts and root). In the past, the shared password was either simply known by everyone or stored somewhere. In the latter case, users would need to “check out” the password and after using it, reset the password and store the new password.

Centrify Privileged Service (CPS) takes CIS one step further. With CPS, if the user is permitted to “check out” the account, they never see the password. CPS will open a connection and log the user in with the requested account. When finished, CPS will terminate the session and reset the password without user intervention. All of the activity is logged and can be monitored and terminated by the designated security team (see video below).

CPS also allows you to configure access rules for servers that will allow a authorized user access to cloud and on-premise servers without the need for a dedicated VPN. The user simply needs a internet connection with access to the cloud service.

Live Long and Prosper…