Securing Cloud-Based Data Integration with Identity and Access Management (IAM)
As someone who’s been in the data integration game for 30 some odd years, I’m often asked about security. The reality is that security should be tailored to meet the needs of the organization, and that means you need to drive through the requirements first, and then select the right data integration security solution.
As data integration demands to and from cloud-based systems begin to rise, we’re finding that some of the best and most popular security approaches are solutions built around identity and access management (IAM). These security technologies are often managed out of the clouds themselves, and work and play well with data integration solutions, such as those from Informatica. It’s worth the time to learn more about IAM, and the potential use of this technology to secure your own data integration for cloud solutions.
Before selecting and deploying an IAM for cloud-based platforms, or otherwise, you first need to consider your core requirements. While each data integration problem domain is different, and thus the security solutions for each problem domain is different, there are some common patterns beginning to emerge:
• Identity Management Services
• Access Management Services
• Identity Governance Services
• Authentication Services
Identity Management Services refer to identity life cycle management, access provisioning, centralized role management, and workflow/integration design and implementation. The idea is to provide core identity management services that allow you to define core identities for all resources/actors (e.g., data moving through a data integration server), provide access for those resources, provide a centralized (enterprise-wide) mechanism for storage and reading those identities, and, finally, manage how they will be operationally leveraged.
Access Management Services refer to single sign-on services, federation services, role-based access, and access to the platform. This works in conjunction with the identity management services, leveraging identity information to grant access based upon authorization. In terms of data integration, it’s the sources and target being authenticated to produce and receive data.
Identity Governance Services refer to role engineering, compliance, and identity assurance. This places policies around how identities are managed, including their roles, how identities are linked with compliance policies, and other aspects of managing identities when governance controls should be put in place.
Authentication Services refer to multi factor authentication, out-of-band authentication, and managed authentication services.
What’s important here is that you understand the core components of the IAM system you select for your cloud-based data integration solution, based upon the requirements you’ve identified. The path to selecting the right solution means that you list your core IAM requirements, and match up the solution components provided by each IAM technology provider. Moreover, your IAM solution should work and play well with your data integration technology.
Enterprises typically fall down by not first understanding their own requirements and issues before creating an approach, a design, and then selecting the right IAM technology solution. The trick is to pick an IAM solution that’s able to meet most data integration requirements. However, in many cases, enterprises that deploy cloud-based platforms may leverage 2 or perhaps 3 IAM solutions. For instance, an enterprise might use one to manage identity, and another to manage the single sign-on.
For now, IAM is the way to go when looking at security for cloud-based data integration. The technology is well tested, and it’s just a matter of matching your data integration requirements up with the right technology.