Hey, fellow Google Admins, this is Goldy again. Welcome to the Google Cloud Identity course.
In this first video of the course, let’s talk about why Cloud Identity in the first place.
Sure In this course, we will be covering what is Google Cloud Identity, How much would it cost, how to set it up, how it can help your business, etc, etc. But first to start with, let us understand, why do we even need Google Cloud Identity in the first place?
And for that, let me present a few of my slides which might help you understand why Google Cloud Identity in the first place.
Well, based on an article that I read from Wall Street Journal, it seems an average user is consuming more than 40 – 50 applications to get his or her job done.
But that is really painful for users and also for Admins to manage these multiple applications, especially when you do not have a centralized identity provider in place.
Let’s take an example.
Let’s say a new employee joins your organization. Your HR team will inform information technology team so that IT team can now go to all of these applications and create this new user account in all of them manually, which is very time consuming, very painful.
Of course, it’s not a good user experience and it’s not secure at all. Now let’s take it the user side.
User will receive a bunch of credentials (one credential set for each of these applications) which is too hard to remember.
It’s not secure at all and usually you will see that users who would need to remember multiple credentials set, they end up just taking one password and putting that password in all of those applications. Again, compromising on security.
Of course, it’s not a rich user experience because your users will then need to enter user ID and password, which is meant for just a specific application. So a lot of passwords to remember, not at all good user experience, absolutely not secure.
Now let’s take another side of it.
So let’s go back to the Admin side and look at one more problem here.
which is of administering multiple users where everyone is using multiple applications, everyone is maintaining multiple credentials set.
Some of them forget their password and go to IT and IT team is investing too much time on password reset and other administration tasks.
Again, not secure, poor user experience and time consuming.
Okay, so now let’s also talk about the user de-provisioning.
Let’s say this new employee who join your organization is now leaving you. That also means Admin will need to go to all of those 40 or 50 applications to de-provision this user account manually.
Just in case, because at the end of the day, we all are human beings, we make mistakes, so just in case if this Admin forgets to de-provision this user account in one of these applications.
Then it’s a security compromise because this user, even after leaving can still access that application and access corporate data.
Okay, now what else? In terms of security and controls, if we are not using a centralized identity provider, then there is no standardized multifactor authentication when these users are going to log into those applications like 50 plus applications.
All of these applications might offer MFA, but that MFA will be set up in the application itself, which means a single user will need to have MFA 50 times in case if they need to access all these applications.
Same case for conditional or context aware access.
In case if you need to apply in our policies which will grant access to resources based on user or device context, ideally, it should be performed on a centralized system instead of going to 40 different applications and putting those controls in each of those applications.
Same for standardized reporting.
In case if you need to know which user logged into which application, at which time and with which IP address, etc, that is ideally should be at one place instead of going to all of those 40 or 50 applications and looking at the logs at each of those apps.
Now, centralized identity provider is not a new concept. We all have been using one or another centralized identity provider from years.
One of the oldest one, I would say, might be Microsoft’s Active Directory, and in case if you need single sign on to SAML applications, you can still hook up Active Directory Federation services.
But I’m sure you might have been noticing that organizations are moving towards cloud based identity providers because they scale very well, and you do not need to worry about managing the infrastructure required for these centralized identity providers.
You just log in, get your job done, configure rules and settings, and administration everything from anywhere, any device. So things like Ping Identity, Azure, Okta, OneLogin and Google Cloud Identity. They all are examples of cloud based centralized identity providers.
Now, why would you need Google Cloud Identity? Well, of course we will talk about this in the next video on what Google Cloud Identity can do for your business.
For example, all the challenges that we talked about in this video, such as centralized user management, de-provisioning, authentication, security, endpoint management etc, Google Cloud Identity can help your business do all of that plus, Google has been managing billions of identities every single day.
I was reading somewhere that Google has seven products with billion plus active users, and it’s managing identity of all of those billion plus users every single day, so it already knows how to manage your identity securely.
Now the second one is security and control.
So for example, today you need to really make sure that right people would have access in the right context to the right resources and Google Cloud Identity can really help you do that with its functionality like authentication, authorization, directory, endpoint management etc.
We’ll talk more about that in the next video, and finally Google Cloud identity is also cost effective.
Let me explain in case if you are considering a centralized cloud based identity provider, of course, there are multiple such IdPs as we discussed in the last slide, and you can go to any of them based on who meets your needs the best.
However, you will need to invest extra because you are procuring a centralized, standalone system. However, in case if you have already invested in Google Workspace, you can get things done within Google Workspace itself, because Google Workspace essentially includes Google Cloud identity.
So if you do not need a standalone identity provider, you can get things done within Google Workspace itself.
We’ll talk more about that in the next video. So I hope this video was helpful to understand.
Number one, why do we need centralized identity provider in the first place, and number two, why should you care about Google Cloud identity as you are centralized identity provider.
Thank you so much. In the next video, let’s talk about what is Google Cloud identity and how it can help your business become more secure.