Access protocols definitions are integral to and necessary for cloud backup data protection and data security services. But, have you paused to wonder where the access technology offered by the cloud service fits in, in a maturity evaluation scale? Have you checked whether the identity management technology provided with the service follows standard access protocols?
So let us begin at the beginning and understand how identity management works and what you should be checking for.
Identity management is composed of “four A’s”—Authentication, Authorization, Account Management and Audit Logging.
Unfortunately, the only available standard Security Assertion Markup Language (SAML) defines standards for authentication only. Cloud service providers also view the Services Provisioning Markup Language (SPML) with wariness and regard it as overkill for basic cloud based account management. There are no standard protocols for managing access or for creating or deleting accounts. Consequently, each cloud service provider has developed a proprietary application interface for access to the cloud backup service. These SaaS applications enforce access through non browser interfaces and single-sign-on is becoming impossible due to proprietary nature of the interfaces being used.
So, what are the competencies and capabilities you should look for in the cloud backup service of your choice?
- Capacity for a single-sign on facility with standardization for identity tokens across multiple application interfaces so that users do not have to grapple with multiple identities and passwords for accessing different applications on a network.
- Synchronization of identify management interfaces between the user and the service provider interfaces for ease of account management.
- Just in Time (JIT) account creation facility to ensure that accounts are created only when logon attempts are initiated. This will provide additional advantages in pay as you go billing both for the administrator and the cloud backup service provider.
- Authorization services that allow the administrator to assign rights and permissions to users created for the account.
- Virtual Directory services and dashboards to provide an aggregate view of identity stores for administrative purposes.
- Password vaulting and secure authentication for cloud services by storing user credentials for replay on the SaaS website if the user directly logs in using the Web interface.
- User logs for tracking user activity on the network and identifying unusual activities and attempts at unauthorized logins.
If you have a tick mark against every item on the list above, your cloud service does offer you the security and operational benefits you need. The cloud service you have selected is fairly high on the maturity scale in identity and access management.