Identity and access management and adopting zero trust
As organisations move more applications and operations to the cloud, it’s critical to secure access to those resources – and to do so in a way that leaves everyone free to focus on pursuing business goals in the cloud, rather than dealing with access issues. That’s why you need identity and access management that provides reliable performance, flexible choices and adaptive authentication to support your organisation’s cloud journey. Here’s what to look for as you consider authentication and other identity and access management (IAM) capabilities in the cloud.
Rock-solid reliability you don’t have to think twice about
You need authentication that works all the time, every time, to keep people connected and productive in the cloud. That means technology with documented high availability, and more ways to stay connected – including having options for other ways to stay connected to the cloud if internet connectivity is disrupted.
Flexible choices for connecting to the cloud
Today, your organisation’s workforce is connecting from many places beyond the traditional corporate perimeter, using a variety of devices and platforms. You want to make it equally easy to authenticate whether someone is using a corporate-issued laptop or personal device. And you want a broad range of modern authentication methods available to accommodate both the organisation’s and the user’s preferences and circumstances.
Adaptive authentication for secure yet convenient access
Securing resources while making them easy for users to access is as important in the cloud as it is anywhere. Be sure you have a way to lower the bar when access risk is low, and raise it when a user or device poses a higher risk. Look for multi-factor authentication that adapts based on risk, stepping up to another factor of authentication only if behaviour analytics and other advanced capabilities indicate the risk warrants it.
Solution features to look out for when choosing the right approach should include:
- Flexibility – Ensure you get the reliable performance, flexible choices and adaptive approach to authentication you need to secure access to resources in the cloud, with:
- High availability, coupled with failover authentication capability that enables deployments to seamlessly pick up access if internet connectivity is interrupted
- Technology integrations with as many applications as possible
- Ability to easily and seamlessly extend on-premises capabilities to the cloud, at your pace
- Multi-factor authentication options in the cloud that are context-driven to user environments, user/device risk profiles, and organisational preferences
- Risk-based authentication that monitors user behaviours
- Identity and access management for cloud that makes it easy for admins to ensure appropriate levels of access
People have been talking about zero trust ever since Forrester introduced the term back in 2010 – but adopting zero trust has never felt as urgent as it does now. As organisations pursue more digital projects, adapt to a workforce that works from anywhere and explore new possibilities in the cloud, the idea of zero trust is central to IT security today. And identity – the very notion of who can be trusted and with what – is central to zero trust. As you contemplate the role of zero trust in your organisation’s security strategy, keep the following fundamentals in mind. As organisations pursue more digital projects, adapt to a workforce that works from anywhere and explore new possibilities in the cloud, the idea of zero trust is central to IT security today.
Zero trust is about the right level of trust
The name suggests having no trust, but it is more specifically about not assuming trust unless there is a clear basis for trust – even inside an organisation’s network perimeter. In that sense, zero trust means establishing the right level of trust, whether in a user or a device, before allowing access to the organisation’s resources. The level of trust required will differ depending on who or what wants to be trusted with access, what they want access to and other factors – all of which will change as the access environment and context change.
Zero trust is an ongoing endeavour
Zero trust isn’t a technology or a product; it’s a mindset. Employing the principles of zero trust is therefore an ongoing endeavour, not a one-and-done deployment. Zero trust is about thinking of trust as something to be established continuously, through a process of dynamic decision-making that is constantly informed by changing context and risk.
Zero trust is in the details defined by National Institute of Standards and Technology (NIST)
NIST has defined seven tenets of zero trust as part of its zero-trust architecture. Adhering to these tenets requires attention to a multitude of detailed tasks in the service of key goals: securing all communications regardless of location, granting access on a per-session basis and determining access by dynamic policy. Multiple components of identity and access management – including a policy engine, policy administrator and policy enforcement informed by data access policy – are essential to realizing these goals.
The requisite identity and access management capabilities needed to address NIST’s tenets of zero trust, are:
- Role- and attribute-based access, conditional access and risk-based analytics – all fundamental to establishing a policy engine and policy decision point as required by NIST
- The ability to act as policy administrator, with a range of authentication methods to determine access when requested at the policy enforcement point
- Governance and lifecycle capabilities that provide the foundation for governance-focused and visibility-driven authorisation of access to resources
- Integration with identity systems such as Microsoft Active Directory (AD) and cloud-based Azure AD and Amazon Web Services (AWS) AD to integrate identities with the policies, administration and methods required by a zero-trust architecture.
Originally posted 2021-06-05 15:22:37.
- Is your short-term remote workforce technology in for the long haul? - September 26, 2024
- Why should we use multi-factor authentication? - August 2, 2024
- Has there ever been a better time to ditch the password? - May 6, 2024