Seite 160 - Cloud Migration Version 2012 english

160 
status information from the CRM system can also be seen directly in the ERP 
system. This combination corresponds to the concept of enterprise 
application integration (EAI) using modern web service interfaces. 
For the integration and management of infrastructure components 
(
memory, virtual servers, etc.), the client is usually provided with 
comprehensive management functions that make it possible to control use 
as needed. 
For IT‐departments, the long‐term prognosis is that their responsibilities will 
shift towards those of an IT broker, since more and more external IT 
resources will be commissioned and managed. An ever‐growing selection of 
equivalent services will lead to a frequent change to the package currently 
offering the most appropriate service. 
Access management 
As external IT resources are billed according to usage and in most cases 
require access management for individual users, the planning and 
implementation of identity management is a central function. This requires 
specific role management and access administration with an appropriate 
superior authentication instance. The more extensive the service package is 
(
possibly managed over the company's self‐service portal), the more likely 
the need for a uniform identity management with a uniform login 
procedure, going as far as a single sign‐on (SSO), that is, a one‐time login 
and automatic authorisation for further applications within a confirmed 
session without having to log in again. However, two‐factor logins should be 
set up, that is, not just confirmation by a user name and password, but also 
a second validation, such as a security card with a dynamic access code, or 
the use of a single‐use key sent via mobile phone, for example. Such 
procedures have already proven very practical in the form of text messages 
for online banking. 
If such issues are not addressed early enough, you risk facing both a 
considerable effort to introduce them later, as well as security issues and 
unauthorised access to IT services, possibly leading to unexpected costs. 
3.7.7
Cloud Auditing  
For companies that have made the decision for Cloud computing, not only 
their IT, but also their business processes will change. At the same time, 
changes in IT Auditing, as well as in cost structures must also be taken into 
account.