Identity and access management and adopting zero trust

As organisations move more applications and operations to the cloud, it’s critical to secure access to those resources – and to do so in a way that leaves everyone free to focus on pursuing business goals in the cloud, rather than dealing with access issues. That’s why you need identity and access management that provides reliable performance, flexible choices and adaptive authentication to support your organisation’s cloud journey. Here’s what to look for as you consider authentication and other identity and access management (IAM) capabilities in the cloud.

Rock-solid reliability you don’t have to think twice about

You need authentication that works all the time, every time, to keep people connected and productive in the cloud. That means technology with documented high availability, and more ways to stay connected – including having options for other ways to stay connected to the cloud if internet connectivity is disrupted.

Flexible choices for connecting to the cloud

Today, your organisation’s workforce is connecting from many places beyond the traditional corporate perimeter, using a variety of devices and platforms. You want to make it equally easy to authenticate whether someone is using a corporate-issued laptop or personal device. And you want a broad range of modern authentication methods available to accommodate both the organisation’s and the user’s preferences and circumstances.

Adaptive authentication for secure yet convenient access

Securing resources while making them easy for users to access is as important in the cloud as it is anywhere. Be sure you have a way to lower the bar when access risk is low, and raise it when a user or device poses a higher risk. Look for multi-factor authentication that adapts based on risk, stepping up to another factor of authentication only if behaviour analytics and other advanced capabilities indicate the risk warrants it.

Solution features to look out for when choosing the right approach should include:

  • Flexibility – Ensure you get the reliable performance, flexible choices and adaptive approach to authentication you need to secure access to resources in the cloud, with:
  • High availability, coupled with failover authentication capability that enables deployments to seamlessly pick up access if internet connectivity is interrupted
  • Technology integrations with as many applications as possible
  • Ability to easily and seamlessly extend on-premises capabilities to the cloud, at your pace
  • Multi-factor authentication options in the cloud that are context-driven to user environments, user/device risk profiles, and organisational preferences
  • Risk-based authentication that monitors user behaviours
  • Identity and access management for cloud that makes it easy for admins to ensure appropriate levels of access

People have been talking about zero trust ever since Forrester introduced the term back in 2010 – but adopting zero trust has never felt as urgent as it does now. As organisations pursue more digital projects, adapt to a workforce that works from anywhere and explore new possibilities in the cloud, the idea of zero trust is central to IT security today. And identity – the very notion of who can be trusted and with what – is central to zero trust. As you contemplate the role of zero trust in your organisation’s security strategy, keep the following fundamentals in mind. As organisations pursue more digital projects, adapt to a workforce that works from anywhere and explore new possibilities in the cloud, the idea of zero trust is central to IT security today.

Zero trust is about the right level of trust

The name suggests having no trust, but it is more specifically about not assuming trust unless there is a clear basis for trust – even inside an organisation’s network perimeter. In that sense, zero trust means establishing the right level of trust, whether in a user or a device, before allowing access to the organisation’s resources. The level of trust required will differ depending on who or what wants to be trusted with access, what they want access to and other factors – all of which will change as the access environment and context change.

Zero trust is an ongoing endeavour

Zero trust isn’t a technology or a product; it’s a mindset. Employing the principles of zero trust is therefore an ongoing endeavour, not a one-and-done deployment. Zero trust is about thinking of trust as something to be established continuously, through a process of dynamic decision-making that is constantly informed by changing context and risk.

Zero trust is in the details defined by National Institute of Standards and Technology (NIST)

NIST has defined seven tenets of zero trust as part of its zero-trust architecture. Adhering to these tenets requires attention to a multitude of detailed tasks in the service of key goals: securing all communications regardless of location, granting access on a per-session basis and determining access by dynamic policy. Multiple components of identity and access management – including a policy engine, policy administrator and policy enforcement informed by data access policy – are essential to realizing these goals.

The requisite identity and access management capabilities needed to address NIST’s tenets of zero trust, are:

  • Role- and attribute-based access, conditional access and risk-based analytics – all fundamental to establishing a policy engine and policy decision point as required by NIST
  • The ability to act as policy administrator, with a range of authentication methods to determine access when requested at the policy enforcement point
  • Governance and lifecycle capabilities that provide the foundation for governance-focused and visibility-driven authorisation of access to resources
  • Integration with identity systems such as Microsoft Active Directory (AD) and cloud-based Azure AD and Amazon Web Services (AWS) AD to integrate identities with the policies, administration and methods required by a zero-trust architecture.
Bharat Panchal
close
The Business Bulletin

Don't miss out...

Enter your email address to ensure you receive the next edition of The Business Bulletin as it is published.

Bharat Panchal

After 30 years working in IT, Bharat decided to focus on helping businesses by offering the RSA SecurID® Suite which uses identity insights, threat intelligence and business context to provide secure access to all their users, across all their applications. Still traditional IT resellers, offering services and support in all IT matters however, what he actually does is deliver peace of mind to end-users and to management. With Bharat's help firms don’t need to worry about contravening strict rules on data access and GDPR regulations or about loss of data due to malicious attacks or plain forgetfulness.