Identity and Access Management Alignment

⭐️🏒 CoreThe cloud foundation team can make make decisions about governing identities and access permissions across cloud platforms and landing zones. A process is in place to align decisions with responsible IAM stakeholders of the organization.

Identity and Access Management is essential to use any cloud platform. Even though every cloud platform has a unique IAM system, it’s important that Cloud Foundation Teams establish a consistent set of requirements minimum standards for integrating existing Enterprise IAM processes and systems with cloud platforms.

Easy Management of Roles, Users and Permissions

Managing Identities is at the core of managing trust in the cloud. Doing so requires an airtight concept - especially for the growing complexity of multi-cloud environments.

Learn more β†’

The cloud foundation team should align these requirements early with relevant IAM stakeholders in the organization. You can typically find them by locating the team responsible for your organization’s Active Directory and asking for their stakeholders. This helps gain an overview of relevant organizational and technical requirements and prevent costly complexity increases due to inconsistent platform integrations.

Once your team has established and aligned Identity and Access Management processes, the cloud foundation team can proceed implementing concrete IAM capabilities for cloud platforms and landing zones like

Establish an Identity and Access Management Concept

An Identity and Access Management Concept is a document that describes your Identity and Access Management architecture for future reference. An important distinction is IAM for humans vs. IAM for workload. Making this distinction in the Identity and Access Management Concept enables a focused discussion of one topic at a time.

Core Questions

  • What is your source of identities?

  • How do identities flow from the source to other systems? (See Federated Identity and Authentication)

  • What level of separation will you have between different applications?

  • How do you keep a central overview over access permissions when there are multiple clouds involved?

Specific Questions on IAM for Humans

An Identity and Access Management Concept needs to answer the following questions:

  • How do you ensure Joiner / Mover / Leaver processes are supported in different parts of your Identity and Access Management landscape? (See Identity Lifecycle Management)

  • How does a cloud-native, self-service approach fit together with the control requirements your organization has?

  • Are there distinctions between identities (normal users versus admin users)? If yes, these distinctions must be laid out in the Identity and Access Management Concept. (See Privileged Access Management )

  • The public cloud providers have Resource Hierarchy that allow inheriting permissions. Carefully crafting permission inheritance is a proven way of staying in control of access rights. he design of your resource hierarchies must be taken into account for the Identity and Access Management Concept.

Specific Questions on IAM for Cloud Resources

An Identity and Access Management Concept needs to answer the following questions:

  • What documentation around access rights needs to happen? Documentation of access rights is a common requirement for companies in the finance or healthcare industries.

  • How does a cloud-native, self-service approach fit together with the control requirements your organization has? (See Service Account Management )

  • What guidelines do you have for teams migrating to the cloud? What guidelines should teams starting in the cloud follow (e.g. zero trust)?

Currently no tool implementations documented. Contributions welcome!