The complexity of identity management in a company’s cloud journey
When a company moves to the cloud, it opens up many possibilities – from increased flexibility and scalability to improved collaboration and innovation. However, this journey introduces more complexity than one might think. Many assume that an up-to-date HR database automatically ensures a seamless transition and control over users and licensing costs. In this post, we dive deeper into the practical challenges companies face during their cloud journey, especially concerning the management of cloud users.
From HR to the cloud: A digital identity journey
Take the example of Marie, who recently started a new position. Her journey from being registered in the HR system to accessing the company’s cloud-based applications illustrates the complex process of digital identity management. Upon hiring, Marie’s basic information is entered into the HR system. A user account with the correct access must then be created. Larger organizations often have an “Identity and Access Management” (IAM) system. This system is responsible for creating Marie’s user account and giving her access to necessary SaaS applications like Office 365. The IAM system is rule-based and should manage Marie as a new hire, when she changes position, and when she leaves the company. How often is it verified that these rules actually provide the correct access and licenses based on this intricate rule set? If the process is manual, the challenges are even greater as all changes Marie undergoes must follow an access management process with a certain error percentage that accumulates over time.
Challenges with cloud users not registered in the HR system
However, Marie is just one type of cloud user. Companies also need to manage:
- Administrative accounts with extended rights
- Test accounts for specific projects and general operations
- Service accounts for applications and services
- Guest accounts for external collaborators
- Accounts for contracted workers, suppliers, and partners.
These variables quickly complicate the overview of cloud users, and it can be concluded that there will always be a discrepancy between the HR system and a company’s Microsoft Entra ID. It’s normal for 15% of the user base not to have a match against the HR system. What are the consequences of this?
- Companies lose track of the totality and end up giving licenses to users who are inactive or have left the company. On average, companies can save 20% on their licensing costs.
- The company has inactive users, and inactive users pose a security threat.
- Poorer overview leads to poorer data quality, which in turn ruins the opportunity for full utilization of Microsoft Entra ID.
Effective management requires robust processes around Identity Lifecycle Management to maintain user security and cost control. Continuous reviews of license use to identify and deactivate superfluous accounts are essential.
Our tips for good processes on your cloud accounts
- Gain necessary insights: Use tools that provide detailed insight into the activities of cloud users.
- Define processes: Establish clear processes for Identity Lifecycle Management, including onboarding and offboarding of users.
- Regular follow-up: Set up routines for regular review of user activity and license use.
