Four questions for choosing a cloud authentication solution
Often, when choosing a cloud authentication service, organizations are guided by the desire to minimize investment in technical resources and the desire to reduce the total cost of ownership. However, in order to take full advantage of the transition to SaaS, allowing companies to get rid of the extra burden associated with integration and providing technical support, it should be borne in mind that cloud authentication services can vary greatly in terms of control capabilities. Today, there are products on the market of authentication tools that are able to fully satisfy all your needs in terms of authentication - these can be solutions built entirely on cloud technologies or solutions that imply a more hybrid model. However, before making a choice, you should look more closely at the main elements on which the successful deployment of strong authentication depends.
The first thing you need to pay attention to when choosing a cloud model for implementing a strong authentication solution is which applications you want to protect. It should take into account exactly where the data is located, and access to what types of services you would like to protect. Are these services cloudy, or are they deployed on your own hardware? The next important factor is to understand what additional efforts your IT team will have to make in terms of integration and customization. In this regard, you should study whether the authentication service you choose includes support for standard communication protocols such as RADIUS or SAML ? Does this service include the use of dedicated agents and special APIs? You have to make sure that you can really protect your entire IT ecosystem, because today it includes cloud services, locally deployed applications, VPN networks, local networks, virtual desktops, etc. You may want to find out what efforts your IT team will need to integrate future applications with the intended authentication solution. Therefore, for a start, it would be nice to make a list of applications that you would like to protect access to today, while wondering what applications your organization might need in the future.
As mentioned above, you may want to use a cloud solution, but it is useful to know that many of the solutions available on the market today will require you to place some local components in your infrastructure, without which the service will not work. Active Directory Connector, local SAML or RADIUS proxy servers, IDP systems are just a few examples of the elements that solution providers can offer their customers to install and manage in their local infrastructure. It is important to understand exactly which elements and systems you have to install and manage, as well as what you need for this. The time and effort required by your IT team to implement the entire solution depends on how many components are to be placed locally.
')
Achieving good acceptance of strong authentication by end users is possible by ensuring simplicity and ease of use. Flexibility is the key to successful implementation of the solution and translates into a number of benefits for your users. Often the ability to offer a range of different authentication methods leads to the fact that end users are more willing to use authentication mechanisms, and in addition, due to this, it is possible to minimize the factors that prevent the penetration of these services. Another point to consider is the amount of self-service services that the solution implies. Competently built self-service allows end users to more fully control the authentication process and frees the IT team from many routine administrative tasks.
Your current need for strong authentication services may be due to some special circumstance, such as the need to enforce industry standards. However, over time these circumstances may change and will require even more flexible tools for access control. Therefore, it is obviously worth asking what additional features the provider offers to meet your potential needs in the future so that it does not need to upgrade your current solution for two-factor authentication . For example, due to reorganization or growth of a company, circumstances inside the enterprise may change, or possible mergers and acquisitions may over time affect the work of your IT department and security environment. You may need to centrally manage authentication services, or vice versa, assign administrators to manage services locally and independently. All this can be implemented, for example, using shared services (shared services). As another example related to changing needs, we can cite the desire to provide end users with additional convenience when working with multiple logins and passwords. In this case, it will be useful for the implemented solution to support single sign-on .
So, when choosing an authentication solution that satisfies your current and (possibly) future needs, it is important to ask yourself the following questions:
What are your future needs, and can the solution being implemented meet them?
Answer these questions, and go on to choose an authentication solution - from a company or organization located in the local infrastructure to a cloud solution with remote access control.
1. Which applications to protect?
The first thing you need to pay attention to when choosing a cloud model for implementing a strong authentication solution is which applications you want to protect. It should take into account exactly where the data is located, and access to what types of services you would like to protect. Are these services cloudy, or are they deployed on your own hardware? The next important factor is to understand what additional efforts your IT team will have to make in terms of integration and customization. In this regard, you should study whether the authentication service you choose includes support for standard communication protocols such as RADIUS or SAML ? Does this service include the use of dedicated agents and special APIs? You have to make sure that you can really protect your entire IT ecosystem, because today it includes cloud services, locally deployed applications, VPN networks, local networks, virtual desktops, etc. You may want to find out what efforts your IT team will need to integrate future applications with the intended authentication solution. Therefore, for a start, it would be nice to make a list of applications that you would like to protect access to today, while wondering what applications your organization might need in the future.
2. Is there additional equipment in the local infrastructure?
As mentioned above, you may want to use a cloud solution, but it is useful to know that many of the solutions available on the market today will require you to place some local components in your infrastructure, without which the service will not work. Active Directory Connector, local SAML or RADIUS proxy servers, IDP systems are just a few examples of the elements that solution providers can offer their customers to install and manage in their local infrastructure. It is important to understand exactly which elements and systems you have to install and manage, as well as what you need for this. The time and effort required by your IT team to implement the entire solution depends on how many components are to be placed locally.
')
3. What are the benefits to users?
Achieving good acceptance of strong authentication by end users is possible by ensuring simplicity and ease of use. Flexibility is the key to successful implementation of the solution and translates into a number of benefits for your users. Often the ability to offer a range of different authentication methods leads to the fact that end users are more willing to use authentication mechanisms, and in addition, due to this, it is possible to minimize the factors that prevent the penetration of these services. Another point to consider is the amount of self-service services that the solution implies. Competently built self-service allows end users to more fully control the authentication process and frees the IT team from many routine administrative tasks.
4. How to prepare for growth?
Your current need for strong authentication services may be due to some special circumstance, such as the need to enforce industry standards. However, over time these circumstances may change and will require even more flexible tools for access control. Therefore, it is obviously worth asking what additional features the provider offers to meet your potential needs in the future so that it does not need to upgrade your current solution for two-factor authentication . For example, due to reorganization or growth of a company, circumstances inside the enterprise may change, or possible mergers and acquisitions may over time affect the work of your IT department and security environment. You may need to centrally manage authentication services, or vice versa, assign administrators to manage services locally and independently. All this can be implemented, for example, using shared services (shared services). As another example related to changing needs, we can cite the desire to provide end users with additional convenience when working with multiple logins and passwords. In this case, it will be useful for the implemented solution to support single sign-on .
So, when choosing an authentication solution that satisfies your current and (possibly) future needs, it is important to ask yourself the following questions:
- Which applications do you want to protect?
- Where exactly are they located - in the cloud, or in your local infrastructure?
- How many of your own resources are you ready to allocate for current administrative tasks? Are you ready to invest in locally installed components and also support their work?
- How can you minimize the factors that hinder the successful implementation of such solutions, and how to make the authentication process simple and convenient for end users?
What are your future needs, and can the solution being implemented meet them?
Answer these questions, and go on to choose an authentication solution - from a company or organization located in the local infrastructure to a cloud solution with remote access control.
Source: https://habr.com/ru/post/331824/
All Articles