How does adopting cloud and hybrid environments drive change in managing identities?
Denis Dorval of JumpCloud
Businesses of all sizes have had to accelerate digitisation across the entire business in recent years, as the adoption of hybrid working practices forces them to make changes to ensure operational continuity. By digitising processes and embracing the cloud, businesses have delivered faster, more flexible, and more resilient services for employees and customers, says Denis Dorval, vice president, international at JumpCloud.
The rate of cloud adoption shows no signs of relenting. Gartner forecasts worldwide public cloud end-user spending to reach nearly $600 billion (€550.96 billion) in 2023. This growth presents a multitude of opportunities, but the compounded cyber risk that comes with a widening digital footprint presents IT and security teams with a challenge.
IT teams now need to manage and secure a domain of on-premises and cloud resources, corporate-owned and personal devices, and employees working across various operating systems such as Windows, iOS, and Linux. This ‘tool sprawl’ necessitates a step-change in security strategies to manage an organisation’s entire estate of devices. However, the natural next step is to instead focus on identities rather than devices; this ‘identity transformation’ is the natural next step in meeting modern challenges with a centralised approach.
An approach to identity management
Despite large-scale cyberattacks filling the headlines and the growing emphasis on security in the boardroom, instilling good cyber hygiene into an organisation’s culture remains challenging. As organisations increasingly rely on digital technology to manage day-to-day operations and take advantage of working on cloud and hybrid environments, IT admins handle a number of users, devices, and applications. The doors for data and systems to exist anywhere and allow organisations to adopt work-from-anywhere practices also leads to cracks appearing and creating security risks for businesses.
Employees demand flexibility, operational efficiency from their IT stack, and security. Despite being widely accepted among CISOs and IT admins as the best threat mitigation strategy, the zero trust framework is rarely implemented with this in mind. The patchwork of point solutions and MFA applications used in many modern businesses creates a headache of fragmented identities that IT admins struggle to manage centrally. The core ethos of “never trust, always verify” only adds friction to a user’s day-to-day workload.
As we advance, organisations should put identities at the heart of their IT security strategies, leading to IT departments moving from patchwork solutions and on-premises Active Directory environments. An identity and access management strategy is the most effective way to protect organisations’ wider attack surfaces.
Changing the definition of identity
Contextual access policies go further than the traditional definition of an “identity”, combining the standard features of employee name, device, and access privileges with behavioural and geographic data. For example, an employee in London who rarely travels and never works on the weekend should be challenged if they try to access a database from Australia on a Saturday. While the user can work frictionlessly on a day-to-day basis, the organisation still benefits from the layered security offered by identity access management (IAM).
Ultimately, an effective, long-term IAM strategy uses risk assessment and contextual intelligence to guide IT admins on when to challenge users without standing in the way of a flexible or smooth working experience.
Identity transformation as the foundation of security strategies
Today, many modern-day businesses implement identity management in their security strategies. Driven by the growing complexity of the cloud and hybrid environments and an increasingly proactive approach to security, it is becoming clear to businesses that identity transformation is the future of IT infrastructure. With it, identity management shifts from being a part of the cyber security strategy to the foundation of it. To achieve this, organisations need to take the principles of IAM one step further.
Identity management strategies must be implemented and reviewed continually, and not inhibit workflows for employees who might otherwise ignore security measures. When users and their digital identities are not centrally managed, it is nearly impossible to get visibility into their resource access privileges, which devices they use to access company resources, and whether their systems and software are appropriately updated and patched.
Identity at the centre
Digital transformation strategies are continuing full steam ahead, but this is increasing the pressure on IT professionals as cybersecurity threats grow. To meet the requirement of new environments and equip IT teams with the right tools, organisations should review and update their security and identity management systems before it is too late.
Businesses must shift their focus to identities and have a centralised, organisation-wide approach to identity management. Once identity is at the heart of security strategies, IT teams can efficiently ensure the security of any connection regardless of the location or device of the user.
Centralised identity management strategies allow IT teams to monitor access privileges across their organisation and implement security measures whilst creating a frictionless experience for users.
The author is Denis Dorval, vice president, international at JumpCloud.
Comment on this article below or via Twitter @IoTGN