Application access management (in Plain English)
AAM (application access management) should be a key part of any company's cybersecurity policy. Discover more in our handy jargon-free guide.
These days, businesses of all shapes and sizes run multiple pieces of software – from CRMs to online payment processors, from payroll to marketing automation to video conferencing… The list goes on and on.
This isn't new
per se. What's different is that now these pieces of software are mostly hosted on the cloud. This means they can be accessed from any device in any location. In turn, this means the attack surface is far bigger than in the days of office intranet and CD-ROMs.
Data breaches are a real threat – and even small firms can be adversely affected. They cause downtime, threaten customer trust and can result in fines under GDPR.
The question is how to enjoy the manifold benefits of today's software without putting sensitive data at risk. And part of the answer is application access management (AAM).
This term covers the processes and tools that IT deploys to manage and secure user access to applications. It keeps hackers and unwanted third parties out and makes life easy for those who need access.
What does application access management involve?
AAM is all about managing user authentication and access permissions based on the rights and roles within an organisation.
Imagine your company is a hospital. The operating theatre needs to be secure, so to get in you need an access card. Some members of staff will need to enter and exit freely. Other members of staff will need access but only under certain circumstances. And other members of staff will have no reason to go in at all.
In a complex organisation, this can get hard to manage. Translate that into a company with a hybrid workforce, a bring-your-own-device policy and third parties needing access to video meetings and documents. Now you've got a recipe for stress-related alopecia.
Every business needs a solid AAM strategy to ensure that people who need access have it and that the people who don't, don't. The alternative is to put sensitive data up for grabs, allow unauthorised access and fall out of line with security and compliance.
What are the key components of AAM?
Broadly speaking, AAM can be split into two big processes: authentication and authorisation.
Authentication is the IT equivalent of a sentry at a castle saying, "Who goes there?" Not just anybody can enter the castle – so you need to verify this person's identity.
Authentication can include a password, the user's location, a fingerprint or the device that's being used. Typically, it will be a combination of these checks – what's known as "multi-factor authentication".
Most of us are familiar with multi-factor authentication via banking apps and websites. You can't just put your password in – you also have to complete a CAPTCHA, approve a text message or even match your fingerprint to the one they have on record.
It's a belt-and-braces approach to app security that's pretty much essential in today's cloud-based world.
Authorisation is the next step. It makes a decision based on the outcome of the authentication process. This traveller on horseback is, it seems, the Archduke of Fitzmoravia. But does that mean you should let him in? What if he runs amok and steals some valuables?
Authorisation, then, is about giving or denying permission. If the user has the requisite permission, they can use the app. If not, they can't. It is that simple – at least, it is
if your company has a clear policy on application access management.
All of this can be automated through software. You don't need a digital doorman checking everyone's ID. Instead, you can deploy an access management solution that does the dirty work for you.
What is single sign-on (SSO)?
Single sign-on (SSO) is a way to let users access all the apps and resources they have permissions for with just one set of login credentials. This is something that's supported by most cloud-based AAM solutions.
An example of this that many of us will have seen or used is the ability to log in to social media sites with a Google username and password.
SSO is convenient. It means you don't have to manage multiple passwords. On paper, this might seem less secure than having lots of unique passwords (surely two locks are better than one?)
In fact, it can improve password security – something that many IT departments will embrace with open arms. It means that a user has one strong password rather than lots of weak ones (or worse still, a weak one used again and again).
How does AAM fit into ZTNA?
ZTNA (zero-trust network access) is a way of doing cybersecurity that assumes bad intentions of all users, no matter whether they've been working for you for 10 years or 10 minutes.
It's like a bouncer at a nightclub – but instead of doing spot checks,
everyone is suspect and needs to be patted down and have their bag searched.
AAM fits snugly into a ZTNA solution. Both insist on granular access permissions and multi-factor authentication. They ensure that verification has to take place on every access request – not just once and then you're in.
ZTNA will also include things like threat detection and data security tools. But AAM can form a key part of it.
What are the benefits of a robust AAM solution?
The benefits of an AAM solution all boil down to security. But we can split this into a range of benefits:
- It provides secure access to cloud services, keeping sensitive data safe.
- It improves the UX for staff at all levels of the company.
- It allows safe and speedy access for third parties, as and when required.
- It centralises app access management.
- It's easy to deploy and scale as your business grows.
- It creates an automatic audit of application access.
- It can detect and respond to suspicious activity.
All in all, application access management is a must for any company that uses a range of cloud-based software solutions.
Are you looking for a
VMware cloud consultant to help you nail cloud security? At Ascend Cloud Solutions, we're VMware-certified experts with years of combined industry experience.
Get in touch today to get the ball rolling.
