Wrangling your Corporate Identity
Your Corporate Identity is no longer in control, as a matter of fact, it’s stampeding towards a cliff.
No, I am not referring to branding, viral marketing or even the advent of social media snafus, instead, I’m talking about accounts for your users and using that as a benchmark, IT no longer has direct control of the accounts users use to do their jobs, plain and simple. Blasphemy you might cry, my users are all in Active Directory! Well, yes, but that is not their corporate identity any more.
Instead, in this cloud based, web friendly world, a user now has part of the corporate identity in dozens of places that aren’t under IT’s control. The HR department has unique logins to submit employee data to the government, the Marketing Team has a login for dozens of off-prem tools from LinkedIn, Glassdoor, company Facebook, and Twitter. Purchasing has a unique shopping account everywhere they shop, from Amazon to TigerDirect. An employee might have dozens if not hundreds of accounts just to do their job. On top of that, we expect them to have unique complex passwords for each service but when they need help, IT doesn’t own the system to even reset a password. How did this happen? Well, let’s back up a bit.
In those heady days of the early 1990’s, users had one password to log into their PC, and all that the user accessed was local on their system. Anything that they needed to share, was usually on a floppy disk. That was it. Later, the need to collaborate led to file servers and email, which was initially disconnected from their PC login. Thankfully, that was quickly absorbed into Active Directory in the days of NT, and things were good again. The same login to access a computer was also used for email and file server access, often automatically. IT thought things were going pretty well.
Then the web came and users started using external services, from hiring employees, buying paper, sending documents to partners and filing tax forms. These were legitimate business needs – so of course, they happened whether or not IT was involved. Sometimes they shared these accounts on Post-It notes with co-workers. Most re-used simple passwords. Then the inevitable happened and security concerns popped up, so in response we asked them to stop reusing those accounts and passwords. More recently, the SaaS/Cloud movement took hold and even on premises systems were moved outside of the firewall and into the cloud. It wasn’t long before users would have a different password for Box.com, SalesForce, Jira, Kronos, PeopleSoft, Oracle apps, Google Apps in addition to their AD account.
This quiet revolution snuck up on IT, which was just happy when Single Sign On worked for resources like email, file servers, SharePoint and maybe a couple 3rd party apps that live on-premises like their ERP solution. We often weren’t involved as new services were spun up by “shadow IT” and if we didn’t know about it, how were we supposed to manage it? Learn about Catapult Systems’ Corporate Identity & Data Protection solutions >>
So just how deep of a hole are you in? Ask yourself the following questions:
- If an employee lost a password due to phishing, how would you even know? How long would it take to lock it back down? Could you ever guarantee that all of the services they re-used their password with were updated before your data was leaked?
- How many cloud apps do your users access? Zero is not a valid answer here. Now times that by 10 for the actual number. (Hint, IT usually guesses 8, reality puts the average north of 80)
- How many login prompts does an average user see daily in the course of business?
- Can my users download corporate data from the cloud to untrusted devices like phones or home systems?
- Who manages your corporate social media, and what would stop them from resetting the password and going rogue?
- How many hours and tickets does it take to onboard new users with every system they need access to?
- How many extra SaaS licenses (SalesForce, Box, GoToMeeting, etc) are you wasting due to employee churn?
- How do you know the user logging in, really is the user you think they are?
- Would you even know if an employee started offloading all of their data outside of your company for malicious use?
- How long would it take you to block access to every service a soon-to-be-fired employee uses?
- Can you see who accessed what data, when regardless of where they saved it? Can you revoke their permissions to view it after they’ve downloaded it?
Tools like a good Single Sign on, only scratch the surface of the above. Without securing the device, applications and data, an Identity Management tool is an incomplete solution. If only there was an umbrella corporate identity solution that covered all of the above? Well, thankfully there is, enter Microsoft Enterprise Mobility Suite (EMS).
The Enterprise Mobility Suite license includes Microsoft Intune, Azure AD Premium, Azure Rights Management, Microsoft Identity Manager, Microsoft Forefront Identity Manager and as a fresh addition, Microsoft Advanced Threat Analytics.
EMS is an impressive platform of tools, often poised to fill the gaps in and around other products. It is also your new best hope at wrangling control of your corporate identity!