There’s no denying that Cloud services is the way forward for new businesses. At this day and age, it is the de-facto IT adoption method especially for startups and tech based companies. Businesses simply love them for its zero CAPEX and almost zero maintenance model. With work from home being the norm, cloud adoption simply explode.
When we talk about Cloud services, the most common ones that come to mind would be SaaS (Software as a Service). Its beauty lies in its:
- Ready to consume and requires little, if any, development effort to kick start
- Requires the least resource intensive in terms of in-house IT support (And we know how hard it is to find people these days)
BUT not all SaaS are created equal. There are 3 broad categories of SaaS namely, the Cloud native, Hybrid and Pseudo Cloud.
Cloud Native: A standards compliant browser is all it requires and is able to support any Operating System (OS) out there.
Hybrid: Need to install a small light weight program or agent on the desktop with the backend on Cloud
Pseudo Cloud based: Need to install a program on the desktop that works well in offline mode with the need to contact Cloud backend for updates or subscription renewal. Very little functionalities are dependent on the Cloud.
Pitfall 1: Not choosing a platform independent application
This applies more for Hybrid and Pseudo Cloud categories of Cloud applications.
Today’s startups and new businesses are increasingly heterogenous in terms of their desktop. The development team would be coding on their macs, while their HR / finance departments are hacking away at their Excel spreadsheets or Words documents on Windows.
Hence it is not surprising that Windows desktop has dropped from their once dominant market share of 90% back in 2013 to less than 75% today. Their slack are mostly taken up by macOS that has been steadily gaining popularity among developers, content creators and startups over the recent years.
Choosing an application that supports only single platform or OS e.g. Windows only, will incur higher IT overhead down the road, if another similar software performing the same function needs to be sourced and maintained just to cover another platform e.g macOS.
An example would be Jamf Pro, a cloud based mobile device management (MDM) software for macOS. Feature rich and mature, it works exceedingly well in the Apple ecosystem, but simply isn’t supported on Windows. In the end the company may need to acquire another MDM called Intune from Microsoft just to cover their Windows fleet.
Pitfall 2: Not choosing a cloud application that support federated Single-Sign-On (SSO)
Your application should have federation capability whereby company users only need to authenticate once with a chosen identity provider (idP) in the Cloud and then securely access any company authorised applications via SAML (security assertion mark up language) or OAuth.
If your application lacks support for SSO, your users will :
- have to remember a separate set of username and password for each cloud application, each potentially having different password complexity requirements and policies
- perform login every time they want to use a different application within the same desktop session, resulting in authentication fatigue, eating into employee productivity
While choosing a SSO capable application is a good thing, watch out for those that price their subscription fees based on SSO vs non SSO options. Such application may charge up to 2x or more for SSO than for non SSO, without much additional user features or benefits. So be sure to check out their price plan to see how the subscription costs scale when your company grow from 10 users to 100 users whereby IAM ( identity and access management) becomes a compliance requirement, making SSO an indispensable feature.
Lastly using SSO federated applications not only allows the users to be authenticated centrally, but also be subjected to additional verification using conditional access tools like Zero Trust and MFA (Multi-factor authentication), increasing security posture down the road through defence in depth.
Pitfall 3: Not choosing a Cloud application that has API support and 3rd party software integration
Today’s business applications seldom work in silos and increasingly need to integrate with 3rd party software to automate company workflow or processes. A HR software may need to automatically trigger the de-provisioning of IT resources for an employee who has left the company, commonly known as the off-boarding process.
Any unintended residual access after that point will pose a security risk. It is like not returning the front door access key card after the employee has left.
API (Application Programming Interface) is a software feature that allows the functionalities of an application to be invoked without human intervention a.k.a automation. Application integration using predefined connectors for published API is an industry that have a compounded growth of 40%
An example integration would be JumpCloud plus AWS S3 integration which allows companies to store audit trail information regarding the where, when and how users access their company’s IT resources, beyond the default 90 days retention, thus achieving compliance.
Henley Ho (CREST Registered Pentester, AWS Certified Solution Architect Professional)
Henley is passionate about helping SMEs lay a strong foundation for a successful Cloud adoption journey, by building a flexible identity framework that enables the company to simplify and securely access IT. He believes the key to overcoming the current manpower crunch lies in empowering individual employees and automating processes as much as possible.