USE CASE

Secure Cloud Access

Secure remote work, based on a cloud-based, automated and role-driven account and access management system.

Veiligere cloud-toegang
CHALLENGE

How Can You Work Remotely in the Cloud, in a Secure and User-Friendly Way?

We are working remotely more and more often, storing data in the cloud, using cloud-based applications, and doing so on the go from a variety of different devices. Not only should an organisation’s own employees have access to data, but the same goes for their flexible workers, clients and partners. In such a widely dispersed and complex digital landscape, information security is crucial, but how can we set this up effectively?

SOLUTION

Cloud-Based IAM With Role-Based, Automated Account and Access Management

The most solid foundation for secure remote work is a cloud-based, centralised and automated account and access management system. By using data directly sourced from business systems and by providing and managing access rights based on someone’s role, we are able to secure our information effectively and in accordance with the ‘least privilege’ concept, even within complex cloud environments. Aside from proper authorisation, secure authentication is also important when accessing applications. With modern access management technologies such as Single Sign-On (SSO) and Multi-Factor Authentication, security no longer hinders user-friendliness.

Automated and business-driven account and rights management

  • The account lifecycle (onboarding, transitioning, offboarding) is fully automated and driven by business systems.
  • When employment is terminated, accounts are automatically cleaned up. No more risk of data breaches due to active, forgotten accounts.
  • Access rights are managed based on an individual’s user role. Access is on a ‘need to know’ basis, eliminating an unwanted accumulation of rights.
  • Automated request for additional and/or temporary access rights, with configurable approval steps and adjustable duration.

Simple and secure user access

  • Additional verification methods, such as Multi-Factor Authentication, combined with Single Sign-On ensure that access is secure and user-friendly.
  • Users can easily open their applications and data shares from any type of device after gaining access./li>
  • Not limited to access for regular employees, but also for other user groups such as contractors, clients or partners.
  • Access rights can be refined based on context-driven factors such as time, location, network access and/or device type.

Cloud-based Identity and Access Management

  • Secure and scalable cloud-native multitenant solution.
  • Tools4ever is an ISO 27001 certified management organisation..
  • Agile solution. Configurable base platform, supplemented with add-ons and connectors for source and target systems.
  • Connections to both cloud-based applications and on-premises systems.
HOW IT WORKS

How Do We Establish a Remote and Cloud-Ready Identity and Access Management System?

6 steps that can each be configured using low-code or no-code solutions

  1. Source system: Integration of HelloID with source systems such as HR, SIS and/or scheduling systems. This way, changes in the source data are automatically available in HelloID.
  2. People: Conversion of data about people/roles from source systems to a common representation within HelloID using an ‘identity vault’.
  3. Business rules: Determining rules that determine which roles are granted which types of accounts and access rights, and under what conditions.
  4. Target systems: Linking HelloID to on-premises and/or cloud-based applications. This can be executed step by step per application.
  5. Access management: Set up access procedures, such as Single Sign-On (SSO) and Multi-Factor Authentication (MFA), in conjunction with — for example — Active Directory.
  6. Reporting and auditing: Configuring standard and client-specific reports and monitoring functions for analysis and audits.
FAQ

Frequently Asked Questions

Hybrid working refers to a combination of working in the office and from home. For example, someone may come into the office a few days per week for physical meetings with colleagues or clients and work from home on other days, staying in contact via the phone or online meeting solutions such as MS Teams. Some organisations also have multiple work locations, and some employees work partly at clients’ premises. All these are forms of hybrid working where it is necessary for people to have safe and user-friendly remote access to their applications and data.

Many applications today are offered as cloud-based solutions. It is important to understand how such a cloud solution was developed. Sometimes an existing on-premise system is simply converted to a cloud-based platform through, for example, rehosting. This often means missing out on the specific advantages associated with cloud-based applications. A cloud-native application, on the other hand, has been specifically designed from the ground up with the capabilities and principles of cloud technology, which is often reflected in scalability, manageability, improved data security and the agility of the solution.

RBAC is an approach where access rights are granted based on the role of a user within an organisation. For each role, it is defined which accounts and rights are necessary. As a result, users only have access to the information and tools they need for their specific role. This minimises the risk of unwanted access and supports compliance with the ‘least privilege’ principle, making cloud access safer.

MFA requires users to use two or more verification methods to access an account or application. This could be something they know (such as a password), something they have (such as a smartcard or smartphone) or something they are (such as a fingerprint). By using multiple layers of authentication, it becomes more difficult for malicious actors to gain unauthorised access. At the same time, combined with solutions such as Single Sign-On (SSO), the experience remains user-friendly because users do not need to log in separately for each application.

HelloID deploys an automated process for the entire account lifecycle, including the offboarding of employees. When an employee leaves the organisation and this is recorded in a source system (such as an HR system), HelloID ensures that the departing employee’s account is automatically deactivated or deleted. This eliminates the risk of having ‘forgotten’ active accounts with access to corporate information, which could cause potential data breaches.