Macnica (hereinafter referred to as Macnica, head office: 1-5-5 Shin-Yokohama, Kohoku-ku, Yokohama, Kanagawa Prefecture, President: Jun Ikeda), which provides solutions such as security measures, networks, AI, DX, etc., has announced that due to the promotion of telework, As the use of cloud services increases, we will once again call attention to the risks of ID management that occur during personnel transfers, and promote enhanced security through cloud-based IT management services (IDaaS).

In order to develop human resources and revitalize the organization, many companies Japan end their fiscal year in March, and personnel changes are actively implemented during this period. This fiscal year, due to the impact of COVID-19 (COVID-19), there are moves to reduce transfers that involve relocation, but the use of cloud services has increased due to the promotion of telework, and the number of accounts that should be managed by the Information Systems Department has increased rapidly. In addition, the number of cloud services introduced by on-site departments is increasing, and the management departments may not be unified. When the fiscal year changes, the system administrator needs to manage the accounts of employees who have joined or left the company in addition to the transferred employees, which increases the workload of the system.

Identity authority management is often overlooked in times like these. The available systems and privileges may change as departments, roles, and job titles change. In addition, it is necessary to make adjustments so that both the predecessor and the successor can use the system for a certain period of time when the handover of work occurs. Therefore, it is the timing when setting errors, omissions, and neglect are likely to occur.

This leftover misconfigured account is a security risk. Since attackers target weakly managed sites, there is a risk of ID information theft, misuse, and information leakage from the outside. In addition to being used externally, it can also be used for internal improprieties such as information leaks by employees.

A solution that companies can utilize is IDaaS (Identity as a Service). IDaaS is a service that manages IDs in the cloud. It is often introduced to realize single sign-on (SSO) and multi-factor authentication (MFA), and employees who have been managed using Active Directory (hereafter: AD) and LDAP servers. You can centrally manage member user information (ID, password, name, email address, organization information, other attributes, etc.) on the cloud. Therefore, it is possible to automatically create and disable accounts and change the associated privileges when joining, leaving, or transferring, reducing the man-hours of administrators and preventing omissions.
Okta, which the Company treat as an IDaaS product, can automatically synchronize user information on the existing AD and HR system side with Okta. In addition, based on the change of user information, create an account and change the authority of the linked cloud service. In other words, cloud service account management can be automated simply by maintaining AD and personnel systems.