- Community Home
- >
- Services
- >
- The Cloud Experience Everywhere
- >
- 5 Steps to Better Identity and Access Management f...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Receive email notifications
- Printer Friendly Page
- Report Inappropriate Content
5 Steps to Better Identity and Access Management for Hybrid IT
In their quest for faster time-to-value and an optimized digital supply chain, businesses are increasingly turning to hybrid ITโs blend of public and private cloud solutions with traditional on-prem gear and composable infrastructures. But theyโre hitting a speedbump on the way. Identity and access management (IAM) systems, long recognized as a core component of IT security strategy, are showing signs of strain in a hybrid world.
Users perceive todayโs IAM controls as overly complex, slowing down access to the tools and data they need for their work and as a result making them less productive. They often have to juggle multiple sets of identity factors and credentials.
IT staff end up spending too much time on what should be straightforward tasks like authentication and account provisioning/deprovisioning when theyโre working across multiple environments, often including solutions from different cloud providers. Theyโre hampered by AIM technology โislandsโ that lack support for open, flexible identity and access control standards. Identity and access control data may have different levels of security, privacy and availability protection, depending on the location from which itโs consumed or the platform where itโs stored.
Itโs time to move towards a modern, integrated identity management system that spans cloud and on-premises infrastructure and provides a common control plane to manage your identities, credentials, devices, and applications, as well as access to them. Here are five steps you can take to get there.
1. Simplify your on-prem IAM. Most organizations have many different on-prem tools and solutions โ for example, multiple directories, single sign-on (SSO) solutions, and strong authentication solutions. This kind of proliferation will make the integration with public cloud providers (such as AWS, Google Cloud Platform, and Microsoft Azure) more complex, so your first move should always be to simplify. Bear in mind that many of the disciplines you rely on for your on-premises infrastructure are the same ones youโll need in the hybrid environment, so this is a great opportunity to review.
2. Honor the principle of least privilege. At many organizations, itโs not uncommon for sysadmins to use an administrator account to perform routine administrative tasks that can be done with a plain user account. This practice increases the risk exposure of privileged accounts. Limit the risk by giving admin accounts only the permissions they need to do their job, and only for the time they really need them. Sysadmins can use a plain user account for day-to-day work, then switch to an administrator account temporarily for tasks requiring higher privileges.
To do this effectively, youโll need to build a privileged user management (PUM) or privileged access management (PAM) system spanning on-prem and public cloud. Youโll want to make sure it includes multi-factor and strong authentication, jump hosts, secure operator rooms and workstations, and detailed activity tracking for your admin accounts. PUM calls for a true holistic approach. The technical security controls are important, but theyโre just part of the picture. They should be complemented with the right policies, processes and proof controls; for example, you may want to audit your admins and operators regularly to make sure they are correctly following procedures.
3. Evolve to a federated identity model. leveraging open standards โ such as Security Assertion Markup Language (SAML) โ to integrate on-prem and public cloud IAM and to provide a single sign-on experience. As a first step in that direction, most organizations start off with a directory synchronization engine: an on-prem master directory with slaves in the public cloud. But youโll want to move from there to a full federated model, in which you become your identity provider and all public cloud providers are resource providers.
All public cloud providers support identity federation. Make sure that you set up the correct group and attribute mapping between your internal on-prem identity provider system and the different access control systems of the public cloud providers.
4. Integrate IAM with and security information and event management systems. Make sure that all of your event and alert sources โ including compute, storage, networking, and security, and for both on-prem and cloud infrastructure โ feed up to your security information and event management (SIEM) systems. Also ensure that SIEM is integrated with your enterprise dashboard and ticketing/helpdesk systems.
5. Leverage software-as-a-service and standard public cloud IAM features to the maximum extent. Reduce time-to-production for IAM solutions by making full use of IAM SaaS products and the built-in IAM features in public cloud offerings. This simplifies your ongoing IAM operations and maintenance. It will also reduce the CapEx needed to get started with IAM in a hybrid IT environment.
Different cloud providers provide slightly different identity access management tools, and they use different terminologies to describe them. At first glance this can be a bit confusing, but if you spend a little time working with them youโll find that, to a large extent, they all offer basically the same controls.
HPE Pointnext can help you architect and build a tailored, future-proof IAM platform for your hybrid IT operation, one that empowers employees and enhances their productivity. Working closely with your team and our IAM solution partners, we can take you every step of the way, from an initial assessment of your existing environment, to roadmap development, to solution implementation. Learn more about HPE Pointnext Security services and start working with us today.
Featured articles:
- Surprise! You're running hybrid IT
- Hybrid cloud management: What you need to know
- Consumption-based IT: A primer for your business
- Want to know the future of technology? Sign up for weekly insights and resources
- Back to Blog
- Newer Article
- Older Article
- Deeko on: The right framework means less guesswork: Why the ...
- MelissaEstesEDU on: Propel your organization into the future with all ...
- Samanath North on: How does Extended Reality (XR) outperform traditio...
- Sarah_Lennox on: Streamline cybersecurity with a best practices fra...
- Jams_C_Servers on: Unlocking the power of edge computing with HPE Gre...
- Sarah_Lennox on: Donโt know how to tackle sustainable IT? Start wit...
- VishBizOps on: Transform your business with cloud migration made ...
- Secure Access IT on: Protect your workloads with a platform agnostic wo...
- LoraAladjem on: A force for good: generative AI is creating new op...
- DrewWestra on: Achieve your digital ambitions with HPE Services: ...