Why You’re Managing Access to Your Cloud Infrastructure in a Silo

The SailPoint Blog
| Doug Fierro | Market Views

You often hear the word “silo” used to describe security processes. Still, originally it was used to describe a structure built to store and preserve bulk material such as harvested grains. Fast forward to the 21st century, and the bulk material within organizations is now digital data. Unfortunately, many of these organizations are also utilizing a siloed approach to managing access across their cloud infrastructure, applications, and data.

While keeping silos of grains isolated from the elements is a good thing, keeping your cloud infrastructure, such as AWS or Microsoft Azure, isolated from your centralized identity strategy is not. With the latest release of the SailPoint Identity Platform, organizations can now extend the same provisioning, policies, certifications, and other identity processes across all applications, data, and cloud infrastructure, including AWS, Microsoft Azure, and Google Cloud Platform.

According to Gartner, the Infrastructure as a Service (IaaS) market is expected to grow 24% year over year. With the amount of investment organizations are putting into IaaS, it’s critical to ensure the right users have the right IaaS access.

The problem is that many organizations are using separate tools and solutions to manage this access but have no integration into their standard identity management processes used for applications and data. Why is that important? Because in the cloud, identity is your new security perimeter. Without that crucial integration, you are treating your cloud environments as silos that are separate from your existing policies and procedures for governance. This means that the provisioning, certifications, and other identity processes used to protect access to apps and other resources are not being applied to IaaS access, which can lead to security and compliance issues. Also, most organizations using multiple cloud platforms relying on native tools cannot provide the ability to provide a single unified view of access or support a global set of cloud access policies.

Some stand-alone cloud infrastructure solutions may be able to help address some of the challenges of managing the fine-grained cloud infrastructure access permissions in multi-cloud environments. However, they are not architected to provide identity-centric processes such as automating the process of providing or removing access as a user joins, moves within, or leaves the organization. If a user moves to a different role, how can you ensure their old access is removed, and their new access is provided automatically? They also lack the ability to validate access on a recurring basis or support a process for users to request access. For example, let’s say you provided a contractor special access to your AWS and Azure platforms a year ago. Would you be able to verify and prove their access (from both platforms) was revoked the day their contract expired?

Trying to manage cloud infrastructure without integrating identity can only lead to more unanswerable questions that open your organization to security and compliance risks.

To properly address cloud access, organizations need an overarching identity-centric view and control of not only their apps and data but also their cloud infrastructure. Organizations are likely already using an identity solution to manage and govern access to all their other applications and data—why not extend these same processes to cloud infrastructure? Well, now you can.

With the SailPoint Identity Platform, organizations can provision and govern cloud infrastructure in the same way they do for all their other applications and data. Deep integration between our Identity Platform and SailPoint Cloud Access Management enables organizations to get granular visibility and control of cloud entitlements while being able to use existing identity processes to request, provision, and certify access. Organizations now gain a complete view of a user’s access and the ability to create consistent policies and govern across all applications, data, and cloud platforms. Instead of having to request IaaS access through a separate process, users that require IaaS access as a part of their role can get the access they need as a part of their Day 1 provisioning. A single policy can be created to alert when someone has attempted to use revoked privileges within any cloud environment. And when it’s time to review access, you can kick off an automated certification campaign.

It’s time to get away from the silos of yesteryear and protect your cloud infrastructure with a modern strategy built around identity. Go here to learn more about how you can take a holistic identity approach to governing IaaS access.