Editor’s note: This post is one in a series of posts about identity management. Check out the others below!
- Why IT Admins Can’t Think in a Siloed Fashion Anymore
- 8 Common Azure Active Directory Management Mistakes (And How to Avoid Them)
- 9 Things to Consider when Preparing for The SaaS Future
- 11 Steps to Ensuring Your Active Directory Identity Management Works Securely
- 5 Tips to Understanding License Models in the SaaS World
Since moving to all-cloud in Office 365, I have seen more and more requests from my counterparts and other business users for contractor and temporary user access. While it is exciting to have a place to work on projects with various partners, it does lead to some concerns regarding security and permissions management.
A. Software as a Service (SaaS) cloud solutions allow for more users to have access to content faster than ever before. This is often due to the fact that users who have admin access simply invoke their rights as admins to add people as they see fit.
B. This leads to a rather large problem – access is easy, cleanup is difficult. How exactly can these be balanced?
I. Setup dates of admission from the get-go as part of user management. If a user is a temporary or guest user, depending on the role, the user can have 30, 60, 90-day access.
II. To mitigate the pain of unexpected lockout, have a recertification process or email based on users who will expire in, say, 10 days or sooner. This email can be drafted to application owners who will then verify who should still be allowed entry.
Is your IT infrastructure ready for the recently-implemented GDPR? To ensure that you’re prepared, click here to access our free GDPR Resource Kit.
III. Require similar if not more stringent data access requirements for temporary or contractor employees compared to regular employees. Employ content containerization, limited scope of access, and multi-factor authentication for those users as if they were regular employees.
IV. Audit. Audit. Audit. Audit user activity such as log ins and access history to ensure bad actors are caught and/or proven guilty if data breaches occur. Work with the business to balance the length of audit data held versus the costs and liability for such data breaches.
C. What’s essential to keeping the castle keys with the right users is: a reliable process, trust (with verification), constant refinement, transparency, and ownership of identity as everyone’s respective role in online services.
I. Regularly reviewing which systems are being used and which ones are not, and working with the business of application priority can help scope and reduce both the cost of access and the application management burden for IT.
II. Building plans of application importance and organizing management and resources around them for user admission and identity management. This can help IT Service Managers allocate the right resources and security profiles for different cloud-based applications.
Want even more hot takes on identity management, Office 365 and more? Be sure to subscribe to our blog to stay in the loop.