MANAGING CLOUD APPS IN THE ENTERPRISE How to Overcome the Complexity Whitepaper
2 The Trouble with Managing Multiple Cloud Identities Over the last decade, cloud-based apps have become fundamental to how business happens, everywhere you look. Companies of all sizes and types now employ Software-as-a-Service (SaaS) applications that enable employees to engage with their work from multiple devices and locations. Licensing well-built (and road-tested) SaaS applications is generally seen as a money-saver for businesses and ensures that multiple parties can access the same information in real-time. This business enablement scenario, however, comes with inherent IT management challenges. Let s look at three that stand out.
3 Challenge 1: Managing policies, activities and security permissions across the organization Provisioning a handful of employees with one cloud service is easy. Workers choose a single user name and password, and from there, the administrator can establish authentication rules and entitle the users. It s a reasonably simple system to manage. However, once an organization sanctions the use of one cloud app, it s never long before more enter the scene. Because once businesses establish procedures and technologies to cope with the security concerns that often come with leveraging cloud applications, they quickly realize that they now have the ability to shift a lot more functionality to the cloud. And in the process, save more money, by reducing the need for internal application management, on-site storage, infrastructure and data management. But back to the users. With multiple cloud systems in play, employees are often left to manage different credential sets across various systems. Take for instance, a scenario in which an employee is using a popular SaaS application on an infrequent basis. She tries to log in three months after the initial setup and forgets the password. That s problematic for the user, and a productivity sapper as she works through the process of re-setting it. But the problem for the administrator in dealing with all of these third-party systems stems from the inability to manage policies, activity and security permissions throughout the entire organization. It s one thing to audit a single application to find out who has an account and who s entitled to use it. But to find out if, say, the entire marketing department is currently allowed to use it, the administrator has to go and check all of those permissions individually. With multiple cloud applications, figuring out everything the marketing team can do, and everything particular individuals can do, is laborious. If there isn t a single sign-on for these applications, helpdesk administrators also have an efficiency problem they have to perform password recoveries across all of the systems. And while many cloud-based applications have built-in password recovery portals, recovery still drives helpdesk calls within the enterprise because users often want to speak to somebody who can help them immediately. To address these challenges, and allow employees to use the same credentials across all the different systems, many organizations will try to tie the various logins to their own local directory.
4 Solving Cloud App Challenges with Enterprise Identity by BlackBerry Control access, across the organization Policies for both entitlement and authentication. Streamline processes for end users One set of credentials for everything means single sign- on (or even zero sign-on). Get a grip on compliance Easy reporting and auditing across cloud apps. Leverage BlackBerry security BlackBerry Identity Infrastructure has been running safely and securely for years. And directory details aren t copied to the cloud. Easy to integrate and deploy Choose cloud-resident, standards-based, turn-key setup with pre-federated services and 99.9%+ availability. Challenge 2: Federating identities in the On-Premise Directory The problem with this approach, aside from the time it takes to configure the integration for each application, is that not every available system ties nicely into on-premise directories. This can mean limited support for the complexity of real-world directory structures, or worse, the possibility of having sensitive Personally Identifying Information (PII) copied out to the cloud. There s another challenge: if a company has deployed ten SaaS applications, it now has ten separate holes in its firewall. Each one is talking to the directory for separate purposes, and every time a new application is deployed, the problem escalates. The proliferation creates more and more work; work that needs to be replicated every time a new application is put to use. Not long ago, IT administrators were being asked about new cloud-based applications a few times a year at best. But over the last two years, the frequency of requests has exploded. As a result, deployment needs have increased exponentially. Challenge 3: Bringing Outsiders In We ve established that tying multiple cloud applications into an on-premise directory is a lot of work, may not be viable for all SaaS tools, and opens up additional holes in a firewall. But there s another challenge: How do administrators address the issue of external users? In collaborative settings, it s quite common for vendors or clients to be working on the same documents or projects as employees. SaaS tools enable these external users to have access (with permission of course) from many different devices, from anywhere that has an Internet connection. How do administrators entitle these users? How can IT manage these protocols and protect sensitive data from being leaked to the wrong users? To address these unique problems and others associated with cloudapp proliferation, BlackBerry offers a federated identity solution. Enterprise Identity by BlackBerry makes it possible for any user with any device to access any cloud application in an easily managed way and if you so choose, pertinent information can be tethered to an on-premise directory as well.?? EXTERNAL USERS
5 How Enterprise Identity by BlackBerry Simplifies Cloud-App Management Unify entitlement, policies, and auditing across third-party and internal cloud apps. SSO for users: one account across all apps, with the ability to use familiar credentials. Federation in the cloud, optionally tied into on-premise directories, allowing IT to manage external users, too. ANY USER (Employees, Partners, Contractors, Customers) BLACKBERRY NETWORK SINGLE SIGN-ON (SSO) ANY DEVICE YOUR NETWORK ENTERPRISE SAAS APPLICATIONS STANDARDS-BASED INTERNAL CLOUD APPS File sharing Productivity Human resources Communications and collaboration
6 Why choose Enterprise Identity by BlackBerry? Enterprise Identity by BlackBerry makes it easy for employees to experience the benefits of cloud-based applications from any device with a browser using a single set of credentials. For IT decision-makers, Enterprise Identity by BlackBerry simplifies the management of cloud-based applications with a single point of entitlement, control, and audit for all cloud apps. A single point of control for IT. Enterprise Identity by BlackBerry provides a single point of control and management over your organization s identity and access relationships, across cloud-based apps. Securely leverage your existing directory services, such as Microsoft Active Directory, using BlackBerry Identity Proxy, without copying or syncing data to the cloud. Plus, with its reporting and auditing, Enterprise Identity by BlackBerry offers compliance capabilities for regulated industries. One identity. Single sign-on. Lots of happy, productive employees. Enterprise Identity by BlackBerry makes it easy for employees to access everything they need to be more productive. Their identity gives them single sign-on access to cloud-based apps, eliminating the need to recall multiple user names and passwords. And, identity federation drastically reduces the workload of managing identity across disparate internal and external identity systems, and directory services. Trust the proven, global infrastructure millions rely on. Enterprise Identity by BlackBerry is powered by the BlackBerry Identity Infrastructure and built on top of a proven global identity and access management platform that securely manages over 100 million identities and hundreds of millions of identity transactions each day. Let BlackBerry be your identity management infrastructure. Easy to integrate. Easy to deploy. Enterprise Identity by BlackBerry is a fully managed solution that is quick to deploy. Unlike other solutions that often require significant investment for integration, Enterprise Identity by BlackBerry is a standards-based solution that enables cost-effective entitlement and access for all types of users. It allows you to support a broader range of SaaS and internal apps with pre- federated elements that greatly simplify integration, configuration and testing, to save you time deploying cloud apps. Always evolving. As business use of SaaS applications continues to grow, Enterprise Identity by BlackBerry will continue to evolve, offering tight integration with BES12 to provide user-centric, device-aware control of cloud applications for highly mobile, multi-device users.
7 To find out more or to make a purchase, go to http://www.blackberry.com/enterpriseidentity 2015 BlackBerry. All rights reserved. BlackBerry, BBM and related trademarks, names and logos are the property of BlackBerry Limited ( BlackBerry ) and are registered and/or used in the U.S. and countries around the world. All other trademarks are property of their respective owners.