This article is part 2 of a series of articles that will focus on the Business Value of Microsoft Azure. Microsoft Azure provides a variety of cloud based technologies that can enable organizations in a variety of ways. Rather than focusing on the technical aspects of Microsoft Azure (there’s plenty of that content out there) this series will focus on business situations and how Microsoft Azure services can benefit.
There are many risks that businesses and governmental entities face when it comes to data loss. Most have taken steps to do things like encrypt hard drives, enforce password change policies and limit the use of consumer oriented applications like Facebook. However, one the biggest gaps that exist has emerged as a result of the prevalence of Software as a Service (SaaS) solutions. These cloud based systems require little to no IT involvement to get up and running. A consequence of this ease of deployment is that countless new opportunities for compromise emerge.
Let’s take something like a file sharing service. Whether it’s Dropbox, box, or some other solution, an individual in an organization can quickly set it up with a username and password and begin sharing files inside or outside the organization. In most cases this isn’t carried out by a nefarious user with malicious intent. Rather, it’s set up to address a specific business need. Perhaps it’s a new product catalog and price list that’s too large to send to distributors via email. While this sounds good on the surface, let’s fast forward six months…
Six months after the service has been in use there are now a couple dozen fellow employees using the service, all with an individual username and password. The CIO finally becomes aware of this because he gets a link shared with him from one of his employees that takes him to a file in a box account. He immediately spots a problem – what happens if one of these employees leave?
- We don’t know that they are using the service
- We can’t terminate their access
- We have no ability to enforce any password complexity or change frequency requirements
Now, there are a variety of solutions to this problem. First, the CIO could disable access to box and prevent users from using the service. OneDrive for Business, part of Office 365 could be implemented as a secure, enterprise alternative. However, what if the CIO didn’t want to take away this service, but have more control over it. Is there a solution?
Enter Microsoft Azure Active Directory. Microsoft Azure Active Directory provides a variety of services to the enterprise that can help our CIO. First and foremost is the Access Panel portal for Single Sign On (SSO) based access to SaaS applications. This allows the CIO to configure access to box so that the user actually uses their standard Active Directory credential to authenticate against box. This also means that when that employee leaves or is terminated and their Active Directory account is disabled…so too is their access to box!
In addition to the Access Panel, another key feature is something called Azure Active Directory Cloud App Discovery. This service allows a small agent to be deployed to an end user workstation which allows for access to various cloud services to be monitored. This is a huge benefit to IT organizations because they:
- Get a summary view of the total number of cloud applications in use and the number of users using cloud applications
- See the top cloud applications in use within the organization
- See top applications per category
- See usage graphs for applications that can be pivoted on users, requests or volume of data exchanged with the application
- Can drill down into specific applications for targeted information
- Can view which users are accessing which apps
- Can easily proceed to integrate an application with Azure Active Directory
There are many other reasons for organizations to look at Azure Active Directory, but this is the first one that pops into mind whenever I think about security risks and simple ways to reduce exposure while still providing end-users with access to the productivity applications they desire.
As a partner with BlumShapiro Consulting, Michael Pelletier leads our Technology Consulting Practice. He consults with a range of businesses and industries on issues related to technology strategy and direction, enterprise and solution architecture, service oriented architecture and solution delivery.