How organisations can secure the future of cloud
Terry Burgess, Asia-Pacific Vice President of SailPoint, shares why identity governance is key in the future of cloud computing.
The pandemic has sparked organisations’ transition to cloud, and this uptake will be here to stay, says Terry Burgess, Asia-Pacific Vice President of SailPoint. “This will happen as more people work remotely, and more users need to access their work environments via cloud technologies.”
But the future of cloud creates novel security vulnerabilities that organisations need to prepare for, says Burgess. He shares how identity governance can secure an organisation’s cloud and help it stay compliant.
As organisations shift to cloud platforms for convenience and accessibility, sensitive data can reside practically anywhere. Remote working also allows employees to access private networks from unverified locations and devices, creating new security vulnerabilities, says Burgess.
On top of that, more than three out of four businesses use multiple cloud platforms today. This makes it difficult for security teams to understand how the different platforms relate to each other, or have visibility over who has access to what sensitive data at any given time.
Access management and identity governance is essential in this future of cloud. Organisations first need to confirm the identity of users attempting to access company networks - that they’re indeed employees and not malicious actors.
Next, parameters need to be set for what employees can or cannot do with the data, otherwise known as identity governance. “That'll make sure that those users of that department only can see and only have access to the applications appropriate to them,” says Burgess. Identity governance ensures employees do not misuse data as well.
SailPoint Cloud Governance integrates with AWS, Azure, and Google Cloud Platform to import user identity information, giving organisations broad visibility of who has access across multiple platforms.
Insights from artificial intelligence and machine learning also allow security teams to make informed access decisions and monitor user access for suspicious behaviour in real-time.
Amerigas Propane used SailPoint’s cloud-based platform to automate user access and certification, leaving behind its manual identity process and saving the company hundreds of thousands of dollars.
The pandemic has also created shifts in organisational structures as manpower is redeployed to where they’re needed most. This creates access changes that need to be updated for organisations to stay compliant to government privacy acts.
With the large sectors of third party business partners or contractors accessing networks in the financial sector, ensuring the right access keeps them compliant to privacy regulations, says Burgess. Penalties for non-compliance with the California Consumer Privacy Act, for example, can go up to $7,500 for intentional violations, and damage the organisation’s reputation.
To avoid these knotty issues, cloud identity governance automates access policies to help organisations stay on top of structural changes. It identifies where sensitive data is stored, and ensures that only the approved people have access to them.
Cloud identity governance also produces audit trails and enables automated reviews of access rights for compliance with regulatory mandates. Such reviews also help security teams identify inappropriate and unusual access to stop malicious activity in its tracks.
Multi-tenancy cloud environments
With the uptake of cloud, multi-tenancy platforms will be important, says Burgess. “Agencies should be looking at identity management from a multi-tenant cloud delivered environment,” he adds.
A multi-tenant cloud platform is one that allows different users to share computing resources, though each tenant’s data is isolated and invisible to others. It regularly delivers software updates and patches to all organisations using the platform, and also has the ability to respond to security threats quicker than single-tenant applications with multiple versions.
SailPoint offers a multi-tenant identity governance platform and is constantly maintained and upgraded - giving organisations a peace of mind in security management.
Cloud computing holds massive potential in solving various problems in a post-Covid world. But as organisations reap the benefits of cloud, a rigorous identity governance system is essential to safeguard sensitive networks against looming threats.