Introduction

Different people in your organization will have different responsibilities with your data in the cloud. It is important to define roles and assign people to the roles that grant them the access appropriate for their responsibilities. Some people, like administrators, should be able to view and modify everything. Other people, like management, should only be able to view. The roles can be different from company to company, with different teams, and even among people on the same teams. Also note that roles can change with time. Some people might need a higher level of access temporarily. There are several factors to consider when it comes to management of user access:

• People should only be granted the access necessary to carry out their responsibilities. 
• What issues are raised if people have the access you define? 
• What issues are raised if people don't have the access they require? 
• What risks should be considered when granting access?
• If people alter data, is there a policy to monitor changes, can the changes be reverted? 
• Who should decide what roles are granted to which users? 
• What scenarios should be considered?
• What access level is appropriate for each department? 

Users will authenticate by username and password, or smartcard, or multi-factor authentication protocols. In all cases users should be responsible for securing their credentials. This may require training, recommendations, or communication of policy. For example, it is recommended that administrator accounts, or accounts that can alter data, only be used when the higher level permissions are required. If an administrator is performing duties that don't require administrator privileges, they should not use an account with elevated privileges. This requires that they have a second account with read only privileges for normal daily activities. You may also need policies for what to do in the case of identity theft.

Most people should not be granted full access because of the risks of damage and the difficulty tracing problems. You may want to consider special monitoring for accounts with high access privileges, perhaps enforcing policies regarding virus and anti-malware protection, or event log monitoring.

User management is an important task. You need to plan user management carefully to ensure you grant the right access to the right people.

Other languages

This article is also available in the following languages

• Norwegian: User Management in Private Cloud (nb-NO)