160
status information from the CRM system can also be seen directly in the ERP
system. This combination corresponds to the concept of enterprise
application integration (EAI) using modern web service interfaces.
For the integration and management of infrastructure components
(
memory, virtual servers, etc.), the client is usually provided with
comprehensive management functions that make it possible to control use
as needed.
For IT‐departments, the long‐term prognosis is that their responsibilities will
shift towards those of an IT broker, since more and more external IT
resources will be commissioned and managed. An ever‐growing selection of
equivalent services will lead to a frequent change to the package currently
offering the most appropriate service.
Access management
As external IT resources are billed according to usage and in most cases
require access management for individual users, the planning and
implementation of identity management is a central function. This requires
specific role management and access administration with an appropriate
superior authentication instance. The more extensive the service package is
(
possibly managed over the company's self‐service portal), the more likely
the need for a uniform identity management with a uniform login
procedure, going as far as a single sign‐on (SSO), that is, a one‐time login
and automatic authorisation for further applications within a confirmed
session without having to log in again. However, two‐factor logins should be
set up, that is, not just confirmation by a user name and password, but also
a second validation, such as a security card with a dynamic access code, or
the use of a single‐use key sent via mobile phone, for example. Such
procedures have already proven very practical in the form of text messages
for online banking.
If such issues are not addressed early enough, you risk facing both a
considerable effort to introduce them later, as well as security issues and
unauthorised access to IT services, possibly leading to unexpected costs.
3.7.7
Cloud Auditing
For companies that have made the decision for Cloud computing, not only
their IT, but also their business processes will change. At the same time,
changes in IT Auditing, as well as in cost structures must also be taken into
account.
