Evolve IP has been working diligently to address the access management needs of businesses while enabling mobility, security. Evolve IP Workspaces include:
- Active Directory Integration – Control access to legacy and SaaS applications through AD
- Multi-factor Authentication – Increase security posture requiring a second form of authentication
- BYOD Friendly – Allow employees to use any device while maintaining security controls
- Custom Toolbelt – Users get just the tools they need, the way they want them, increasing efficiency
- SSO and Self-Service Password Resets – Users adopt, and adhere to technologies that make their lives easier
- Full DaaS capabilities for power users
Having provided virtual desktop and infrastructure solutions for over 11 years Evolve IP has seen a massive shift take place in the way IT provides applications to end-users. 11 years ago, customers were utilizing 90% client-server based software. Meaning companies would acquire a server, whether physical or virtual, install the application and then install the client on each user’s desktop.
Now, fast forward to today and I would argue that the number is down to around 25%. So, where are all those applications moving? It should be no surprise when I write ‘Software as a Service’ (SaaS). Companies like Salesforce.com, ADP, Concur, Outreach are all delivered via a browser with no software to install.
For the purposes of these posts, I’ll be using the term “before” to describe how applications were delivered to end-users in the “old days” and “after” to describe how applications are delivered today. We will cover the four main differences and what IT has to be cognizant of regarding these dynamics. This first post looks at Access Control.
As networks matured over time, IT realized they needed some “rules of the road”. Active Directory (AD) was put in place to control which network resources users could access. So, by creating user groups with permissions, IT could enable a user with one set of credentials and off they went.
Unfortunately, SaaS providers are all independent of each other. Therefore, there is no common framework IT can enable in order to control access to SaaS providers. In theory, you could control access from the corporate network to decide which SaaS providers your users could get to, but as with many ideas on how to lock down security, that would prove to be completely inflexible in practice.
The result? IT is forced to not only provide AD credentials for corporate legacy access, but then enable, manage and finally disable access to all SaaS providers individually.
For enabling and managing access, this equates to a massive commitment of time from IT. However, the larger consideration here is when employees are offboarded. IT must first figure out which applications users were given access to when they started, then what access they may have gained throughout their tenure and finally what other applications do they have access to that IT may not even know of – also known as Shadow IT. When this is an amicable parting of ways, it’s more of an annoyance, but when it’s a sensitive or negative offboarding, this can present huge business risk if not done quickly and accurately.