Jakub JirsÃ¡k - stock.adobe.com
Identity and access management (IAM) is no longer an IT problem, but a business one, with many companies struggling to provision integrated employee access to the plethora of applications and systems used by their organisation.
Ensuring all employees have secure access to the applications required for their work can be a time-consuming process, particularly if this access has to be managed manually.
This is especially true for organisations like the British Red Cross, which has to manage access for 2,500 permanent internal users and a further 20,000 volunteers.
To ensure users could access the necessary business applications, British Red Cross needed a single sign-on (SSO) solution that also, because of its work with organisations like the NHS, met Level 2 security compliance standards.
With two-factor authentication being the best way of meeting the stringent Level 2 criteria, British Red Cross also needed a software as a service (SaaS) application to provide SSO integration between all the other applications and systems in use, which has been provided by supplier OneLogin.
“The roll-out was completed in two phases for us,” said Phil Paul, head of service delivery at the British Red Cross: “We implemented OneLogin as a safer identity provider (IdP) to single sign-on, and then provided the two-factor authentication for our internet-facing, key business applications.
“From our perspective, we felt the implementation went very well and it provided the solution we wanted.”
Read more about access management
- IT leaders gathered at a CW500 Club meeting to hear from peers about the challenges of identity and access management.
- The first part of this identity and access management program guide details how to optimally structure the implementation’s foundation.
Although the British Red Cross is a large organisation, smaller rapid-growth enterprises can also be strained by the need to quickly on-board new employees to their businesses applications in an integrated way.
Catawiki, for example, is an online auction platform for rare and hard-to-find objects that was founded in 2008 as a community for collectors. In 2011, however, the company hosted its first auction and experienced massively increased demand for its platform.
Catawiki’s subsequent growth put its business model under strain because of having to substantially increase the number of new employees to meet demand.
At the time, the company was operating roughly 70 different SaaS tools, but with no centralised IT platform, it was difficult for the IT staff to determine which applications employees were using and how.
Like the British Red Cross, Catawiki opted to use OneLogin’s integrated SSO platform.
“Previously, let’s say we used the Windows machine, if we on-boarded any staff member, we would create their accounts within mail, and then separately we’d have to get our hands on a laptop and set the laptop up,” said James Thompson, IT manager at Catawiki. “Whereas now the [employee] accounts are provisioned automatically by HR essentially, via Workday.
“Because they’re automatically put into the correct organisation unit, that determines the access that they get, so, now, when they open the Chromebook, they are logging into the Chromebook with a password that they just created themselves on day one of starting in the company.”
Apps not always built for business
Catawiki Staff use a wide range of different apps, said Thompson. “The reality is with a lot of these apps, they didn’t start out with business users as the target demographic, so they still lack a lot of basic things that are expected if you’re putting it into a business environment.”
Independent analyst Rob Bamforth said IT used to be the preserve of a small set of technically proficient users who would access the systems through their organisation. Now, however, there is an increasingly diverse and geographically disparate set of users, who need access to a growing number of applications and systems to support their daily work.
“So you’ve got this confluence of activities and services that are being delivered to this mass variety of individuals. Yet, from a business perspective, there’s a need to re-exert some level of control,” he said at a roundtable discussion organised by OneLogin.
Dan Power, OneLogin’s UK sales manager, said many companies are using thousands of applications without fully managing them: “I was at an event the other day and there was a CIO from a reasonably large organisation.
“He’d taken the firewall logs for the last month and found over 3,000 cloud-based services that were being accessed.”
“It’s no longer a technical or an IT challenge I think that organisations are facing,” said Bamforth. “It’s a business challenge – it’s how they connect the people that need and are granted access to the things they need to access, and are allowed to access.”