More than 30% of enterprises depended on the public cloud in 2020. Furthermore, 93% of those organizations stated they had established a multi-cloud strategy.
As more enterprises transition to deepening their usage of public clouds for their software and databases, the adoption of a multi-cloud model is gaining ground. The multi-cloud reality signals increasing trust in technology to protect an organization’s most sensitive digital assets. It’s crucial to ensure that only appropriate people access cloud resources and data, regardless of the provider selected. Much of the existing industry documentation and training describes best practices tailored for specific cloud providers but does not address multi-cloud identity management.
Identity management challenges in a multi-cloud environment
A multi-cloud model introduces some unique enterprise security challenges. Cloud service providers often need to invoke external services or application programming interfaces (APIs) to run their programs, adding to an organization’s network complexity.
All major cloud providers have mechanisms to implement security policies in their unique ways. However, these roles, permissions and resources are not standardized, further exacerbated by customized security features. This could lead to disparate security controls across the enterprise network.
These challenges often lead to identity management mistakes that could be avoided. For example, requiring users to have a separate username and password to access their app increases onboarding time. Moreover, it adds another password to a growing list that’s becoming more difficult for users to remember.
Another identity management challenge created by a multi-cloud environment relates to user permissions. Users may change roles, move between departments, or relocate to a new country. Some delay the deactivation of old user accounts or do not update permissions in apps. Sometimes, previously created API access tokens remain active. Overprovisioned access over a long duration for what was originally a short-term need. For example, rush approval to complete business-critical, one-time tasks results in lingering access months or years later, increasing security risks. Multi-cloud often has multiple auditing stores, increasing the chances they go undetected.
Tips for ensuring identity management
- Support single sign-on: Allow users to log in with identities they already have. Build integrations with other software that supports common standards.
- Provide easy onboarding: Make it easy for clients to add their end-users. Support invites by email workflows for individual users.
- Use existing user groups: Enable copying in user collections, such as user groups, and assigning them to cloud service/application roles. Leverage audit logs to ensure traceability. Forward machine logs from multiple clouds to one place for easy correlation.
- Implement additional verification: For unusual logins or sensitive operations, offer an additional verification method for the user.
- Maintain network visibility: Invest in alerting mechanisms to stay on top of multiple clouds and use observability solutions to quickly diagnose issues as they come up.
Complex technology environment
The pace of innovation in cloud technologies is incredible and increasingly complex. While there are significant differences between cloud providers, some aspects of identity management have a fair degree of standardization. Identity provisioning will become more versatile while access management will evolve from static to dynamic policies. As enterprises increasingly move to multi-cloud solutions, the need for advanced identity management will result in more innovation. Applying best practices will help organizations effectively navigate access for their end-users.
