Products Overview

The Cloud Services Challenge

Today”s strategy is to move services into the cloud. These cloud services have evolved over the last few years and with modern browser technology widely adapted, these cloud services compete with standard in house enterprise level products.

One major difference between these two models, could solutions or on premise solutions are the aspects license costs and security.

Leader and his team

License Costs

Most license models for on premise solutions do involve a once off payment with a yearly maintenance fee. In contrast, almost all cloud services are charged on a monthly basis. While the up front investment may be smaller for cloud services, the mid to long term costs can be significant. To keep these costs under control, a tight management of the accounts should be in place, ideally before the new services are rolled out.

It is clearly not enough to rely on the Administrative tools of the cloud vendors and manually create the necessary accounts, or just extend your SSO solution to trigger a new account creation whenever a user logs into the new system. With this approach sooner or later the number of unused accounts will accumulate and so will your monthly subscription base.


Similar to the license aspects of services, there are some distinct differences between on premise applications and cloud services. The on premise application is primarily only accessible from the intranet. If anyone wants to access these applications from the outside, a VPN connection has to be established and all traffic is routed through firewalls. This architecture makes it hard for your employees to collaborate with your customers. Cloud services on the contrast are much easier to access. No VPN tunnel has to be established to access the application which makes collaboration much more efficient. Obviously these cloud services remove at least one barrier for anyone trying to abuse your valuable company data.

To minimize the risk, a tight security model has to be in place also for the cloud services. Any dormant or orphan accounts in your cloud partition presents a potential entry door for an attack. As a first measure of defense, there should be no orphan or dormant accounts. This leads right to the following questions:

  • which accounts should be in the cloud?
  • when and under which circumstances should an account be removed?

How can Kona Enterprise Manager solve these challenges?

Kona EPM can assist you in minimizing the license costs and reducing the risks for your cloud services.

This is done by managing the complete account lifecycle from within EPM.

Planning the accounts

Provisioning of the accounts and assign ownership

Monitoring of active accounts

Terminating accounts

Once such a life cycle is implemented and managed from a centralized system an efficient account governance can be implemented:

  • monitor the account activity
  • implement account approval workflows
  • audit any account changes
  • report and act on policy violations
  • terminate accounts in a timely matter