Here’s my rant for the week.
Passwords are the worst. Let’s face it. I spent a few minutes this morning thinking about how many I have in general, across my work life and my personal life. I lost count somewhere around 30, and those are ones I actually use at least once a month. There’s a whole substrata of logins and passwords that, thankfully, I don’t need more than once a year.
For work, I use my fair share of apps, both on my laptop and on my smartphone. These days, many of them are cloud-based: things like Salesforce.com, Office365, Box, WebEx, and Workday. So I’m constantly logging in to the critical tools I use to do my job all day long. Some of them remember my identity for a set period, which saves me some pain. But others don’t. And because I work for BlackBerry, I know a thing or two about security, so I use a different password for every tool, and I change them all the time.
I’m not kidding when I tell you I must have to do a password reset once a week. It gobbles up time I could spend in so many better ways. For enterprises, surely this is a productivity problem.
An IT Nightmare
I was complaining to my friend who works in IT about this the other day.
He pointed out that although it’s annoying for me and costly for businesses, it’s even more concerning for people like him. He said, “In most companies, IT has very little ability to see what you’re doing with your cloud apps. I used to install software on everybody’s machines. You forgot your password, I’d help you out. You tried to do something stupid, I made sure you couldn’t. Now, the majority of the key tools employees are using are cloud-based, and IT doesn’t have the control we should. Users choose them and often don’t even tell us.”
This is called shadow IT. ”Real” IT hates shadow IT.
I replied that surely there must be useful solutions to this problem. “It’s a growing space,” he said.
Indeed, my own research shows that Gartner predicts Identity and Access Management (IAM) in the cloud will be one of the top three most sought-after services moving forward for cloud-based models.
But managing your employees’ cloud identities so they don’t have to memorize dozens of passwords – that’s not without its challenges.
Multiple IAM Challenges
“The last company I worked for tried to build their own system to do this,” my friend continued, “but it got expensive and complicated, especially trying to account for mobile devices. Plus, they were reluctant to put their active directory in the cloud. So they paid for a service that appeared to address the need, but the costs kept escalating. It wasn’t a turnkey solution.”
“And who do you trust? If you don’t have full confidence that the system you choose is going to protect your identities from all forms of intrusion, you can’t go there.”
For him, the security issue is an especially hot topic.
He works for a finance company, which needs to comply with many regulations. He told me that while his IT department spends an incredible amount of time trying to cover all their bases for compliance, for many companies, all it takes is one user with one unauthorized cloud app to undo all that hard work.
Is it a question of user education, I asked? It is and it isn’t, he said. “We do a lot of training, but in the end, we need the tools to make sure we’re not relying on users. They need to do their part, but we need control to make sure they don’t mess things up inadvertently.”
As if he wasn’t already depressed enough talking about all this, he reminded himself of another issue: partners. Sometimes they have outsiders coming in for a few days or weeks, and those consultants need to be able to access the cloud-based apps his company relies on. File-sharing is a good example. But when that person’s brief tenure is over, how closely is anyone managing their access to sensitive files? Without a tight, secure system for all this, there are too many holes and too many risks.
How does your company handle it all? Is the enterprise world clamoring for a better, more secure way?