Loss of Perimeter #It used to be that a predictable, IT controlled network contained your Sensitive Data. You could use firewalls and IDS to physically insulate your infrastructure from outside threats. The perimeter is a Application-centric approach where the protection is focused on the keeping folks out of the Application or off a Secure network.
But this perimeter has dissolved. Users are increasingly connecting via the public Internet, Cloud computing or Mobile Devices. To quote Forrester Research,
“There is fatal ﬂaw in the main assumption underpinning perimeter-based security — the assumption that there is a ‘trusted’ internal network where data is safe and an ‘untrusted’ external network where data is unsafe. This implicit trust assumption is both incredibly naïve and untenable.”
Yet as organizations turn to new Cloud computing and Mobile Device infrastructure, they are losing control they once had over their IT assets. In the age of IoT and the work from anywhere mantra where 70% of employees have substantially more access than they need, proper implementation of a Identity and Access Solutions is no longer a nice-to-have for Organizations.
According to the U.S. DOJ Assistant Attorney General for National Security, "every internet connected device will eventually be compromised. The only question is when."
Data-centric security is a more pragmatic approach. In essence, with Data-centric security you shift your focus from securing networks, applications and endpoints to identifying, controlling and securing your Sensitive Data. Instead of trying to protect everything, focus on protecting what matters most – your most important data. With Data-centric security, effective risk-based security is centered on three goals:
- Understanding where Sensitive Data is located, how it ﬂows in the Organizational Entity and where it’s put at risk.
- Data Classification of that Sensitive Data.
- Monitoring and controlling the use (or misuse) of Sensitive Data.
IDaaS is effectively a user management system for and a web application SSO platform for a select few web applications.
The Identity-as-a-Service approach doesn’t take into account on-prem infrastructure and resources like Windows, Mac, and Linux systems which are typically out of scope of the cloud-hosted directory.
On-prem resources typically can not be connected to the directory, either. On-Premise directory service approach is more a user management system for a specific platform rather than an independent identity provider.
The challenge for any normal organization is how to deal with identity management for both Cloud and Associate identitties as most Organizational Entities are hybrid.
The Details For starters, it’s important to talk more about hybrid infrastructure. Many people think that hybrid means that you have your own data center or servers located on-prem and then cloud infrastructure as well. When it comes to how to manage your identities, the definition for hybrid becomes a lot wider. IT admins are responsible for connecting their users to systems, applications, and networks regardless of the location or platform. In fact, the challenge for IT is how to have True Single Sign-On™ across a wide range of IT resources.
The question for IT admins becomes, will the IDaaS Directory be able to handle a user identity across an organization’s entire IT infrastructure? Unfortunately, the answer is no.
What is required is for a well managed hybrid solution. Some of the desired features are:
One Identity#Create and manage a single identity for each user across your hybrid infrastructure. Where possible, a single point for Authenticaiton. Where this is not possible, keep users, groups and devices in sync.
Single-Sign On Provide single sign-on access to your applications including thousands of integration ready SaaS apps. Users log in once, their cloud apps automatically sign on and they’re away. Hopefully these SaaS apps utilize open standards as SCIM 2.0,
Self Service Users can securely manage their own services by registering new devices or changing passwords resulting in less strain on IT resources
Diiferent User Pools