Centrify has invested heavily into a strategic partnership with SoftwareONE over the past 12 months, and we are excited to align our thought leadership between organizations. I would like to introduce Tristan Ackley, the Global Content Writer on the Marketing team at SoftwareONE. He has recently teamed up with Centrify’s WW Director of SaaS Sales, Fahad Rizqi, to relay the importance of IDaaS and application provisioning in today’s marketplace. He has contributed the following post as a guest blogger to the Centrify Blog:
Tristan: Did you know that roughly one in five workers routinely shares passwords with members of their teams? Which makes the fact that 14 percent of employees use the same password for every application quite alarming!
Wall Street giant JP Morgan recently revealed that a compromised employee account was at the root of the recent security breach, which led to one of the largest cyber-attacks ever and the theft of data on 76 million households and 7 million small businesses.
As more IT resources move outside the network and into the cloud, it has become more important than ever to have discipline with password management in order for an enterprise to prevent being the next JP Morgan. This is where federated provisioning of users comes in.
Provisioning and de-provisioning of users is core to enterprise identity and access management in the cloud. In order to leverage cloud applications such as Office 365, Box, Concur, Zendesk, etc., the user provisioning of these services has to match the scale and availability of the cloud.
Solving user provisioning and de-provisioning is really a misnomer; it has to be about the full account lifecycle management of the user.
Importance of Full Lifecycle Management – User Provisioning
Enterprise employees typically access dozens of apps on a regular basis. Trying to manually control all the user accounts across those apps is a daunting task for IT. Users who typically create their own passwords in each app frequently forget them or resort to reusing them when possible. This results in security lapses, increased helpdesk calls, and lost productivity for both users and IT.
When a user leaves the company, IT usually only has a limited amount of time to get that user out of the system so that a disgruntled employee doesn’t continue to have access to secure company data within these cloud applications. The picture becomes even more complicated when enterprises have to solve lifecycle management of not just the user and their apps, but also of their mobile devices.
What Should User Provisioning Include?
- Automatically create or update user accounts across apps
- Deploy the right apps the first time with Single Sign-On (SSO)
- Automatically assign role-based permissions within apps
- View who has access to which apps, how they received access, and when changes occurred
- Ensure the prevention of unauthorized access by automatically revoking access to all apps at once – de-provisioning
Most Identity as a Service (IDaaS) vendors resolve technical provisioning challenges but neglect underlying business problems that enterprises face regarding the process of managing employee identities. Even worse, some provisioning tools require additional hardware and software, which are complex and difficult to install, and do not handle business problems such as license management.
Characteristics of the Ideal Employee Lifecycle Management Solution
The ideal IDaaS solution addresses the complete application end-user lifecycle. It should handle the process from on-boarding to application authorization for both mobile and web, and when the time comes to remove a departed employee from the corporate system, the tool should function from a single point of contact for de-provisioning.
Centrify’s account provisioning functionality enables IT to automatically create user accounts across 2500+ cloud applications and platforms, including Office 365, Box, Dropbox, Concur, and Zendesk. Centrify’s unique IDaaS solution provides cloud identity management combined with mobile device and app management.
IT can instantly deploy cloud applications to new users immediately and assign their access to multiple platforms and devices, all from a single enterprise directory like AD. This capability to provision users also allows IT to assign the appropriate permissions and licensing to the user, restricting or allowing access to certain applications based on location, time, and endpoints.