Why cloud-based identities play an important role in cloud security
The new security perimeter of an organization is cloud-based identities. Given its significance, Eric Olden, Strata’s co-founder, and CEO, discusses the role of cloud-based identities in cloud security in a recent Security Boulevard article. Olden also shares recommended actions to bolster security with cloud-based identities.
“Security identity in an enterprise, especially in a modern cloud/hybrid world, requires a different approach than was common five years ago.”
While multi-cloud brings significant benefits, it also creates challenges. Understanding the role of cloud-based identities is fundamental for anyone concerned with optimizing cloud security.
What role do cloud-based identities play?
As spending on cloud infrastructures is rapidly growing, legacy identity repositories are increasingly being replaced with cloud-based identities. Olden describes the key difference as “the identity object and attribute data about that identity are stored in a cloud service.”
According to Olden, “the role of a cloud-based identity is the same as any other electronic form of identity.” The cloud service facilitates access to services and apps that are authorized and trusted. The purpose of cloud-based identity is to “link a human to an account that represents them in the digital world,” explains Olden.
“Applying a consistent set of identity policies across innumerable cloud services is one of the biggest challenges for organizations.”
With cloud platforms such as Azure, Google, and AWS using proprietary identity systems, organizations struggle with the lack of interoperability. Olden recommends a different approach to managing the risk of cloud-based identities.
How to mitigate security risks of cloud-based identities
Many companies have thousands of system users with cloud-based identities. The scale and complexity of essential identity and access management (IAM) often stretch IT teams with limited resources.
Identity-related security gaps are common pathways for cybercriminals targeting enterprises’ data and resources. For that reason, Olden recommends focusing on protecting cloud-based identities to reduce security risks to your infrastructure.
Here are a few of Olden’s recommended best practices:
- Enforce authentication – Ensure all identities (including those associated with legacy applications) are authenticated to all applications. This is consistent with a zero trust approach and allows no exceptions.
- Implement strong identity governance – Define and enforce adequate policies and sound governance across all identities — whether human or on devices.
- Adopt multifactor/passwordless authentication (MFA) – Make the transition to passwordless authentication technology at the earliest opportunity.
- Protect data with encryption – User data should be encrypted at all times, during active sessions across networks, and while dormant in databases and vaults.
- Identify sensitive data and apps – Ensure compliant data storage for global operations with complex regulatory requirements.
- Use Orchestration – New security analytics services enable runtime policy evaluation and enforcement for every application. With orchestration, each user is automatically validated on a real-time basis against their known authorization and risk factors.
As Olden told Security Boulevard, “A distributed Identity Orchestration and Policy Orchestration platform can provide this service at the application and cloud infrastructure layer.”
The Maverics Identity Orchestration platform functions via a runtime enforcement layer that enables continuous real-time analysis and enforcement of identity authentication and authorization.
Automate IAM with an abstraction layer
Cloud-based identities are the new perimeter of cybersecurity, warranting robust security controls. Manually enforcing security and IAM is costly, inefficient, and opens the door to vulnerabilities due to inevitable human errors. There is an alternative solution that eliminates the need for custom coding. Strata’s Maverics Identity Orchestration Platform uses a sophisticated abstraction layer to automate IAM for multi-cloud ecosystems.
Discover how the Maverics Identity Orchestration platform can rapidly improve cybersecurity in your multi-cloud infrastructure.
Connect with an Identity Orchestration expert