security key on keyboard Getty Images

Cloud Identity Is ‘New Normal’ Replacement for On-Prem Tools

With the rise of work-from-home, SaaS, IoT, cloud, mobile and edge computing, the traditional on-premises identity and authentication systems are becoming obsolete, giving way to cloud identity.

Today's data center has very little in common with that of a few years ago.

The old model of on-prem servers surrounded by a tough, secure perimeter is out. Today, data centers are not just on-prem but in the cloud and on the edge and everywhere in between.

"Then there's the added complexity of mobile, SaaS applications, bring-your-own-device programs and the Internet of Things," said Gorka Sadowski, chief strategy officer at cybersecurity vendor Exabeam and former Gartner analyst. "Not to mention COVID-19, a human virus that has forced everyone to work at home on who knows what."

All these trends have burst the perimeter wide open, he told Data Center Knowledge.

"It's all the Wild West," Sadowski said. "In fact, it is widely accepted that identity is the new perimeter."

As a result, traditional on-prem identity solutions, such as locally managed Active Directory, and associated systems and processes are being replaced by cloud identity alternatives. The result is an identity authentication system that is more scalable, secure, user-friendly, manageable and plays well with all of a company's cloud providers.

"Web-based authentication and identification take on an important role when developing an overarching access and authorization strategy, especially as remote work, IoT and all ranges of new edge devices are brought online," said Liz Miller, vice president and principal analyst at Constellation Research.

That doesn't mean that every enterprise is transitioning completely to cloud identity. Many have legacy systems that they need to support, regulatory requirements that require on-prem infrastructure, or other concerns.

"Quick returns can be had by selecting to migrate small but important groups of users or a few applications at a time," said Mike Kiser, senior identity strategist at SailPoint Technologies.

That can provide a company with a growing knowledge base and comfort with the new technology, he told Data Center Knowledge. "And proving return on investment along the way."

Zero Trust

One of the main benefits today of moving to cloud identity and authentication, such as a single-sign-on solution, is that it helps position enterprises for a move to zero trust.

The way that zero trust works, Miller told Data Center Knowledge, is that authentication and identity must be proven for authorization to be granted.

A company can no longer assume that a person or device or process can be trusted simply because of its location.

"Trust must be tested, granted and earned with every interaction," she said. "It is no longer a case of assigned permissions or automated authorizations."

Once, that would have been a dauntingly complex challenge even within a controlled internal environment. In a highly distributed hybrid environment, trying to approach this task with traditional solutions would be madness.

But with modern web-based approaches to identity and authentication, such as that provided by Okta, OneLogin and Ping Identity, it becomes doable, she said.

As a result, zero trust becomes more practical and has become a recommended best practice.

"Over the past six months and as a direct result of high-profile breaches, the U.S. government has weighed in with an executive order stating that zero-trust architectural principles are the best defense against emerging cyberthreats in the cloud or on the premise," said David O’Berry, senior manager at Capgemini Americas’ Cyber Center of Excellence.

And the concept fits perfectly with good cybersecurity practices, he told Data Center Knowledge.

"For example, a work-from-home application implemented with two-factor authentication that relies on single sign-on can be layered on top of well-architected microsegmented enterprise networks," he said. "These can be set up to provide authenticated, transparent access either to a cloud provider hosting data or a SaaS instance."

In fact, according to a survey released this summer by the Identity Defined Security Alliance, 93% of organizations say that zero trust is strategic to security — and 97% say that identity is a core part of implementing a zero-trust strategy.

So it's no surprise that 97% of organizations surveyed say they will make investments in identity-based security over the next two years.

Manageability and Usability

One of the ways that identity-based security such as single-sign-on systems make management easier is by creating a single, central point for authentication.

"Much of the management and optimization of these postures is easier and more convenient," said Constellation's Miller. "And the intelligence from these solutions can be more readily integrated into larger security analytics solutions so that identity and authentication behaviors and events can help better optimize security practices and network awareness."

"The job of data owners and security teams is simplified," agreed Tim Bach, vice president of engineering at AppOmni, a San Francisco-based cloud security vendor. "Users can be placed in granular, well-controlled role-based access groups based on their corporate identity and expected levels of access."

With work-from-home, hybrid work and increased SaaS use, the adoption of cloud identity systems will only increase, he told Data Center Knowledge.

"This maps to the real-world use patterns we are seeing companies shift to," he said. "Employees are accessing data from any device, anywhere in the world."

Identity-Based Security Technologies

Companies deploying zero-trust-based cloud identity solutions typically also use strong authentication and fine-grained policy controls to replace simple passwords and credentials.

That helps protect against credential-based attacks, said Jasson Casey, chief technology officer at Beyond Identity, an authentication vendor.

Another security technology is identity detection and response.

This augments traditional perimeter-based defenses, such as firewalls and intrusion detection and prevention systems, or endpoint security.

Vendors in this space include Attivo Networks, CyberArk and Microsoft CloudKnox.

Scalability

A cloud-based, identity-focused zero-trust strategy allows data center managers to secure resources and grant access to them whether they're on premises, in the cloud or widely distributed, said SailPoint's Kiser.

"This, in turn, frees up a clear path to use the scale and speed that this approach promises," he told Data Center Knowledge.

As digital transformation continues, the speed of change will accelerate, and so will the requirements to set and enforce identity and authentication policies.

"Machine learning will be necessary to maintain velocity," Kiser said.

It will also allow identity systems to adapt quickly to support new applications and environments, he added.

And it's the right approach for environments where change happens rapidly, he added. "That is certainly true for today’s businesses."

TAGS: Cloud
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish