Restricting access and managing identities – systems for identity and access management can do more than that. EuroCloud's Nils Klute explores how IAM is getting SMEs ahead with cloud and Gaia-X.
IAM systems for SMEs
Managing access and authorisations with confidence: “IAM accelerates IT processes and saves costs,” says Ingo Buck, CEO at OGiTiX. “Furthermore, IAM shows the way to network distributed data spaces,” says Stephan Ilaender, CTO at plusserver. Both providers implement IAM systems in SMEs. And both providers are involved in EuroCloud Native. The EuroCloud Germany initiative has helped the German cloud native provider landscape connect and network since 2020.
“Modern IAM systems support companies in routine processes,” says Buck, “processes can be digitised and automated.” What does that look like in practice: Take human resources management as an example. “When new employees start, IAM controls the onboarding process and provisions the business applications and IT systems,” says Buck. Assigning authorisations, providing office software, setting up accounts or provisioning cloud resources: “IAM solutions relieve IT staff and handle everything as required,” says Buck. No matter whether it’s Accounting, Human Resources or IT: “IAM can control, regulate and define processes everywhere and thus also monitor IT landscapes.”
IAM secures IT and cloud landscapes in SMEs
Shutting down orphaned accounts and identifying weak passwords: “IAM is essential for the security of IT and cloud landscapes,” says Ilaender, “Admin accounts, in particular, are a popular target for hackers.”
IAM systems not only ensure that the right people have the right access rights to the right resources at the right time but also detect misalignments and potential problems. And what stops malware, bots, and cyber invaders in their skilled crafts keeps companies productive. “If you make a mistake in managing programmes in the server room, you usually have less serious problems,” says Ilaender. It’s different in the cloud, where services are accessible from anywhere: “Companies need to know what it takes to manage the interaction of cloud and local IT.”
Centralise processes and consolidate identity data: “IAM connects the different source and target systems via interfaces (API),” says Buck. HR source systems such as SAP HCM serve as triggers and ERP, cloud services or individual or industry software as target systems: “Data can be exchanged across the board, processes triggered and intelligently controlled.” Target image of the own IAM concept: All accesses and accesses are oriented to the business and are organised in roles and standard authorisations per cost centre or department. What matters here is: “Think big, but start small,” says Buck. “IAM must generate short-term benefits and then be expanded on an ongoing basis.”
Compliance and governance: standardise and simplify processes
Storing data portably and deleting it on time: “Lifecycle processes can be standardised and simplified,” says Ilaender. What is convenient is often also necessary from a regulatory point of view: “IAM provides legal and audit security.” Because regardless of whether banks, insurance companies or hospitals: IAM systems integrate compliance and governance requirements. Take the Digital Operational Resilience Act, for example: DORA, the European Union’s new regulatory framework, will make insurance companies’ IT more resilient. Ilaender: “IAM solutions offer already deposited frameworks on which companies can build.”
Building on existing solutions – collaboration tools such as Slack, Spike or Teams work no differently: “Since Covid, companies have been collaborating more intensively than ever before via these cloud tools,” says Buck. What is practical for employees is a cause for concern for IT departments. Access and permissions can be individually controlled by the users. The advantage: “Everything is very easy to administer,” says Buck. The disadvantage: “But often the functions run counter to the IAM concepts.” Companies have to balance security interests and user interests such as usability. “It’s not about radically curtailing user rights,” says Buck. “It needs a middle ground to lead IAM projects to success with user acceptance.”
Allowing IAM concepts to merge with Gaia-X even in SMEs
Where, on the other hand, a silver bullet is needed: Gaia-X. Because: “IAM concepts can be used to move information sovereignly and realise digital business models,” says Ilaender. In this way, the systems close the gap to Gaia-X and can ultimately merge into the distributed data infrastructure. Ilaender: “Data and workloads can be partitioned to process and share with other companies using high-performance cloud-native technologies, for example.” A needs-based and transparent approach that already exploits opportunities for data management across the board.
One thing is certain: “IAM brings SMEs into the cloud easily and without a hitch,” says Dr. Nils Kaufmann, Head of EuroCloud Native, “Cloud ecosystems can be managed in an agile and secure manner. And that from the server room all the way into the multi-cloud: “API-driven solutions are able to connect all worlds,” says Ilaender. “When applications, interfaces and services change, the IAM simply moves with them,” says Buck. What is also certain is that “all the big cloud providers have their own IAM answer,” says Ilaender, “even open-source solutions are available.” “If SMEs want to determine their own strategy, there are many paths to take,” says Buck, “Companies should weigh the options, enter in stages and make their concept scalable.”
Administering identities digitally and managing access – according to a recent study by eco – Association of the Internet Industry and techconsult, it pays off. Whether in contact with customers, suppliers or service providers: 73 percent of 170 companies surveyed see a direct influence of digital identities on their business success.
Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.