Managing Resources Shared with 3rd Parties on Cloud Platforms

Over the years, my company has shared resources on cloud platforms with various 3rd parties, including ex-employees, clients, partners, and suppliers. However, this practice has become a significant security risk, as sensitive data and documents are shared with external entities who no longer have a legitimate need for access.

Is this a common situation? How do companies usually manage cloud resources? Is it all down to how diligent the account admins are?

Take Google Drive as an example. The platform allows you to share files with people outside of your organization, leading to a large accumulation of shared files with unnecessary access. The process of regularly reviewing and determining who needs access to these files is time-consuming and error-prone. Is there a better way? How do other companies handle this challenge?

Identity Management: A Full-Time Job

When you have a larger organization with a diverse IT infrastructure, identity management becomes essential. You need dedicated individuals or teams responsible for managing user accounts on all your IT resources. These roles involve creating accounts, assigning permissions, revoking permissions when needed, and regularly reviewing account activity.

Additionally, it is crucial to check if accounts are actively used and lock them when they are not. Critical permissions should be regularly evaluated, and records of all activities maintained for security purposes. It is also essential to educate employees about using only authorized cloud services managed internally.

Centralizing and Consolidating IT Infrastructure

To minimize the overhead of identity management, consider centralizing and consolidating your IT infrastructure. Hosting more services on-premise gives you greater control over your company data and allows for centralized account management. Many products support protocols like Kerberos, enabling the use of user accounts from a centralized system. This simplifies account management for both your company and its business partners.

Role-Based Permission Systems

Proper enterprise-scale permission systems should be role-based. Instead of granting access to specific files, users are assigned roles that determine their access level. For example, a user with the ‘projectx participant’ role will have access to all files under ‘/project_x/’. This approach eliminates the need to individually manage access to each file and simplifies permission administration.

Leave a Reply

Your email address will not be published. Required fields are marked *