Assurance in the Cloud
This is not a paper about why or if you should migrate to a cloud environment, whether for one particular application or for your entire infrastructure, or for something in-between. Nor is it a paper about which provider of cloud infrastructure, applications or services you should choose to partner with. What this paper is about are the technical considerations that you should bear in mind during the process of moving to, or implementing, products or solutions that are cloud based. Note that we are specifically concerned with technical issues rather than with any personal, political or other concerns that may arise. In other words, we are principally concerned with "what" and "how": what issues you need to think about and, how, in general terms, these can be resolved.
The results of this survey show that interest in the use of SaaS applications among organisations in Germany and the UK is increasing; with flexibility, access by mobile devices and always-on availability being the primary drivers. However, security is still seen as the greatest inhibitor, including the need to protect data from being accessed inappropriately. Identity and access management technologies play a key role in authenticating users according to the rights that they have been granted. Today, there are relatively new breeds of identity management services that extend identity and access management capabilities to externally provisioned applications as well as catering to the needs of both mobile and external users, such as customer and business partners. Such services provide an efficient means of assuaging some of the prime security concerns that organisations have in subscribing to SaaS services.
Cloud-based applications and services, and software-as-a-service applications in particular, are coming into widespread use by organisations of all sizes. Such applications are used to process and store sensitive information making it imperative that user access rights are tightly controlled to ensure that information is secure from loss or theft and remains private. This paper discusses recent developments in identity and access management technologies that aim to extend such controls to services provided from external sources.