At the heart of any IT strategy is the need to uphold data security. Yet the rise of cloud computing has led the battle lines, once clearly marked as 'us' versus 'the outside world', to become blurred. Mobile, social, BYOD and the increasing demand to access applications anytime, anywhere has drastically altered the IT landscape and for many IT decision makers, it's a struggle to simply stay in control.
While the cloud provides employees with the freedom to choose, control and manage their own applications, both its openness and accessibility, whilst advantageous, present a new set of challenges. Businesses now have to contend with a whole host of different devices, not all of which are vetted by the IT department. Similarly, employees are increasingly using the tools and applications most familiar to them to complete their jobs, rather than those provided by the organisation.
The IT landscape is characterised by complexity and change. Users, each with different needs and responsibilities, require real-time and secure access to a range of applications. According to a new research report, employees are now believed to be accessing a minimum of eight cloud applications per month. Worryingly, just over a third (37 per cent) are doing so without IT jurisdiction. As a result, it's no surprise that the research also showed that only nine per cent of IT decision makers are confident that they have complete visibility of all the applications currently being used by employees.
In addition, access to cloud applications no longer just sits with employees within the business, but reaches across the extended enterprise. Indeed, 70 per cent of organisations surveyed use portals comprised of multiple applications to engage with partners, customers and other external users.
With a high percentage of cloud usage happening 'off radar', via mobile devices and across entire enterprises, businesses can no longer be certain that the use of cloud applications is meeting their IT policies and guidelines. Furthermore, with IT departments unable to read the whole story, organisations run the risk of losing control of their security and providing prying eyes with access to sensitive information. So how can they regain control over their IT environments?
Having a complete understanding of the network and its surroundings, no matter the complexity, is imperative. Yet, with visibility marginalised, understanding who has access to what across the business is fast becoming a significant challenge, and identity management (the management of electronic identities) is becoming increasingly important. With the cloud environment becoming more and more complex, having a complete understanding of the network and its surroundings is vital. But IT decision makers are struggling, as only 32 per cent of those surveyed - if asked to pull together a list of user access privileges for an IT audit - would feel comfortable doing so and be confident that this would be accurate.
2014 is set to become a record year for cloud. It's no surprise that the industry is predicting parallel growth for identity and access management (IAM). Quocirca referred to 2014 as a 'boom year for IAM, essential to securing cloud and mobile use.' Gartner cites IAM as one of the top three most sought-after cloud services in 2014, claiming that the sector is worth about $500 million (£297.4 million) today and predicts the market will hit $1.24 billion (£737 million) in 2017. Furthermore, the same analyst house predicts that by 2020, 60 per cent of all digital IDs interacting with enterprises will come through external identity providers through competitive marketing – up from 10 per cent today.
Organisations have previously turned to on-premise identity management software to help control and monitor access and privileges to business applications, however the proliferation of devices in the workforce, combined with a rise in the number of applications outside the firewall, means this approach is no longer sufficient.
The rise in flexible, mobile and open working has seen many security solutions become outdated and rigid. The dynamic environment in which organisations find themselves means they need proactive and comprehensive policies in place. Nearly two-thirds (64 per cent) think cloud is forcing businesses to re-evaluate their existing identity management practices. As such, identity and access management (IAM) has become an important tool for businesses looking to regain control of their IT security. Indeed, 57 per cent believe the adoption of cloud-based services has made IAM more of a priority in recent years.
With UK businesses unable to see the full picture, they run the risk of losing control of their security. What they need is a better way to secure and control a magnitude of more users, devices and applications that span traditional company and network boundaries, such as cloud-based identity and access management. Not only can such technology enable businesses to quickly, and securely, adapt to the ever-changing environment, but it can also provide a significant uplift to employee productivity, collaboration and happiness – providing workers with access to the applications they need, when and where they want them. Part of the challenge with identity and access management is to ensure the policies and strategies organisations put in place are able to respond and adapt to ever-changing environments.
The next two years are a critical time for organisations to close the identity gap and regain control of their IT infrastructures. The number of applications, access points and user types within companies will continue to grow and diversify, creating an increasingly urgent need to gain visibility and control, whilst also simplifying user access to cloud systems. It will be the businesses that are unprepared to deal with the sudden increase in cloud applications that will find themselves stretched and exposed.
Phil Turner is the vice president of EMEA at Okta.