How does access governance apply to the cloud? Well, while the cloud has been established as a standard for many organisations, access and governance to manage such solutions has not yet become a standard solution.

Access governance helps organisations of all sizes in every industry by ensuring that each employee has the correct access to the systems that they need to perform their jobs while keeping the company’s data and network secure. Access governance specifically allows organisational leaders to easily manage accounts and access, and is put in place to ensure that access is correct. This works by setting up a model of precisely the access rights for each role in the organisation, for every employee no matter where they may be based.

To provide a bit more detail on the meaning of this, access rights are created for specific roles in each relevant department. Access rights should be unique to the individual, not copied and pasted from another employee with a similar role or job function (this happens a lot in organisations where many employees perform much of the same work, like in manufacturing and healthcare, but should be avoided).

Checks and balances in access rights

Access governance means you can correct or populate access rights according to a model that you have established for your departments or teams. Again, individual access rights are important and an access matrix may prove to be a valuable tool to use when determining who needs access to which systems when for which role. Reconciliation is another way to ensure access rights. Reconciliation compares how access rights are set up to be in the model to how they actually are, and allows you to create a report on any differences found. Insomuch, any record or access point that is not accurate can then be easily corrected.

Attestation is still another form of checking access and helps verify all information. A report is forwarded to managers of a department for verification to ensure all users and their rights are accounted for and that everything in the log is correct. The manager verifies access and either marks rights for deletion, immediate change or maintains current access. After examining all of the rights, the manager must give final approval for the proposed set of changes to ensure that everything is correct.

During the course of an employee’s employment, it is an extremely common occurrence for the employee to receive too many rights, or to acquire access rights while working on projects. But these rights are often never revoked once they have been assigned. Access is frequently overlooked or not considered important enough to take away. What if one of your employees have access to a solution many of your other employees are assigned to use? The access governance concept allows you to provide and monitor access across the entire organization, from those using in-house solutions and those using cloud resources to access information.

Organisational access can be easily monitored through the use of access governance technology. Here’s why this is important: The typical access process goes a little something like this – a new employee is hired in the human resources department as a senior recruiter and needs accounts and resources created so he or she can begin work. The employee then automatically receives a Coupa cloud account, for example, PeopleSoft access and the ability to open the department’s shared drive and an email address. At this point, this employee should be ready for work.

Then, for those that employ access governance technology to monitor the goings on in their organisation, that process looks a little like this: Rules are created to review access rights of employees in each respective manager’s department. A review is conducted of who has what and why. Same goes for employees who are added to roles or newly hired to the organisation. Then, if access is no longer required following the completion of a project or a change in roles, the manager or other departmental leader can tag the access granted to be revoked and ensure that it is done automatically right away. This eliminates the need for a multi-level manual processes simply by the click of a button. All access for the employee to a specific system, or all systems, can be revoked. That’s the added value of a security measure. 

Why the cloud needs access governance

As more employees take to remote locations as their work environments, so do the number of users operating cloud applications. Access governance strategies can be employed to secure these applications for the employees not working in the physical corporate office or organisational facility.

Business leaders have many types of applications to manage and many roles for employees because of how teams are created within current organisations. Employees may be based abroad, working from home, traveling or just working offsite, all of which can effect access governance and technology use and access within across each of these situations.

Organisational leaders who invest in the cloud and building their companies through it may wish to add access governance technology to improve the security of their information while allowing their employees the opportunity to remain productive wherever they may be. Plus, and this is the bottom line of any security professional, you’ll be able to see who is doing what when and where with your information no matter where they happen to be. 

SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON’s 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.

read more

Tintri VM-aware storage is the simplest for virtualized applications and cloud. Organizations including GE, Toyota, United Healthcare, NASA and 6 of the Fortune 15 have said «No to LUNs.» With Tintri they manage only virtual machines, in a fraction of the footprint and at far lower cost than conventional storage. Tintri offers the choice of all-flash or hybrid-flash platform, converged or stand-alone structure and any hypervisor. Rather than obsess with storage, leaders focus on the business applications that drive value-and that requires that they keep storage simple.

read more

As software continues to pervade our lives, the security of that software continues to grow in importance. We need to keep private data private. We need to protect financial transactions and records. We need to protect online services from infiltration and attack.
We can obtain this protection through ‘Application Security,’ which is all about building and delivering software that is safe and secure. Developing software within an integrated toolchain can greatly enhance security.

read more

There is no more effective way to reduce your overall test environment spend than to migrate to cloud test environments and embrace testing and infrastructure automation. The nature of test environments is inherently temporary—you set up an environment, run through an automated test suite, and then tear down the environment. If you can reduce the cycle time for this process down to hours or minutes, then you may be able to cut your test environment budgets considerably.

read more

Cloud platforms like Azure provide the best options for organizations in their digital transformation. Most organizations have multiple combination of environment needs. Provisioning on time is always a challenge. Manual operations are prone to error and delays.
Difficult to size production like Environments due to resource constraints, this means most NFR (Non Functional Requirements) are not tested with the correct load and perspective.

read more

Adoption and use of cloud-based software engineering platforms will accelerate in 2017. Teams have been working in the cloud for a few years now, but in 2017, the trend will gain far more momentum as senior engineering staff and service providers realize and document the benefits of cloud-based development gains. Adoption will not be limited to open source or Microsoft solutions as all software engineering tool stacks are moving quickly to catch the adoption wave. Leading application lifecycle management companies are already delivering enhanced SaaS platforms for issue and backlog management, source code management, IDEs and testing, allowing for greater control among and between teams and environments. The elimination of «well, it worked on my machine» or «we fixed that bug last release» can be achieved by well-integrated and managed SaaS software engineering environments.

read more

Even though software as a service (SaaS) is more mature than its infrastructure as a service (IaaS) and platform as a service (PaaS) brethren – and therefore at a lower growth rate – new figures from Synergy Research show that Microsoft leads the ‘burgeoning’ market ahead of Salesforce, with Oracle and Google having the highest growth rates.

Despite the relatively low growth forecast, Synergy argues that the enterprise SaaS market is expected to double in size over the next three years with ‘strong’ growth across all segments and regions.

ERP, with SAP, Oracle and Infor at its top, will have the highest growth rate with almost 40% year on year revenue growth, ahead of collaboration – headed up by Microsoft, Cisco and Google – HR, and CRM, with the latter going at a mere 20% yearly growth. The overall market, the analyst firm argues, hit almost $13 billion in quarterly revenues.

“There are a variety of factors driving the SaaS market which will guarantee substantial growth for many years to come,” said Synergy research director John Dinsdale. “Traditional enterprise software vendors like SAP, Oracle and IBM are all pushing to convert their huge base of on-premise software customers to a SaaS subscription relationship; meanwhile, relatively new cloud-based vendors like Workday and Zendesk are aggressively targeting the enterprise market, and industry giants Microsoft and Google are on a charge to grow their subscriber bases, especially in the collaboration market.”

An example of the former was SAP’s announcement around a ‘new generation of intelligent cloud ERP’ last month which aims to help customers adopt business processes based on real-time insights through artificial intelligence (AI). Part of Oracle’s aggressive growth came in the form of acquiring NetSuite, announced in July last year and completed in November. At the time, Dinsdale told this publication that while the deal would naturally strengthen Oracle’s offering in ERP SaaS, it would also boost its CRM status, although remaining a ‘long way’ behind Salesforce and Microsoft.