Deprovisioning in the Cloud
The topic of deprovisioning is familiar to me because this is part of what we do here at Hitachi-ID. I would phrase the problem with cloud access deprovisioning using two questions:
* Who has access to the company cloud services?
* What credential do they need to access the cloud service?
Deprovisioning is something not clearly tackled by “IAM as Service” solutions. It is, however, important to those concerned about cloud security.
When considering deprovisioning in a cloud environment some of the things you may run into are:
* Users accessing shared cloud storage service (e.g. amazon s3)
* Companies building out their application on PaaS or IaaS
* User accounts required to access these cloud services are administrative account and not something separated individually.
* Sometimes all you need is a secret key to remotely manage some cloud servers.
* Administrative account access to your Saleforce (or any SaaS) application.
There is sensitive account/key information that should be kept secured. How do you actually protect privileged access in the cloud? How
would you “deprovision” users from accessing privileged accounts/systems after termination?