Access governance ‘in the cloud’ can be no different than access governance in general. For most organizations, at minimum, the same levels of controls will be required that were in force before the service was transitioned to a cloud-based offering. Adoption of Office 365, Dropbox and similar cloud services requires translating access governance concepts such as managing and reviewing access, monitoring activity, understanding where sensitive data is stored to those cloud-based services. The key to this will be treating the cloud as an extension of the enterprise so that consistent processes can be applied independent of where data is located. Identity is the other key requirement, but this is less of a challenge as federation or synchronization of enterprise identities with cloud-based applications is a pre-requisite for any enterprise adoption. Extending from the enterprise outwards allows for a gradual transition to a target state that is partly or fully satisfied by cloud-based services. Deploying standalone solutions for cloud services and trying to integrate these with existing processes and tooling will likely be a step too far for most organizations in terms of cost and complexity.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Brad Bussie is an award winning fifteen year veteran of the information security industry. He holds an undergraduate degree in information systems security and an MBA in technology management. Brad possesses premier certifications from multiple vendors, including the CISSP from ISC2. He has a deep background architecting solutions for identity management, governance, recovery, migration, audit, and compliance. Brad has spoken at industry events around the globe and has helped commercial, federal, intelligence, and DoD customers solve complex security issues.