Your Cloud: Identity and Access Management
Does your cloud solution have a thorough identification and authorization framework?
Your cloud solution is the backbone of your organization’s functionality. It involves many resources belonging to many users, interacting intricately. You must ensure that the appropriate access control is maintained within your cloud environment to reduce risk to your data. These three earmarks are an excellent place to start with evaluating your identity and authorization framework or making sure that your Cloud System Provider (CSP) is meeting your needs:
Authorization
It would be best to determine who among your users can access which protected resources. You don’t want a lower-level employee accessing and altering business-critical data; this is where you start to parse out those who can/cannot access information.
Authentication
Authentication translates into who is getting access to what. Your Cloud System Provider will manage this through the Policy Administration Point (PAP), where authorization policies are stored.
Enforcement
Also referred to as Access control, Enforcement is primarily concerned with making sure that the right users have access to what they are requesting access to, and those who don’t have access are denied it. Activities surrounding Enforcement will occur at the Policy Enforcement Point (PEP), which receives access requests and sends them on to the Policy Decision Point (PDP) and ensures that the user is granted or denied access based on whether or not they are authorized to access that data.
There is an excellent paper on Access Control for Secure Cloud Computing available here, for more in-depth reading.
https://pdfs.semanticscholar.org/cca1/fe9b74bd819522df425a0cc53f94ad7148b8.pdf