Policy Orchestration

What the multi-cloud world needs now is consistent identities & policies [ESG Webinar]

A big part of the modern, multi-cloud world means facing threats that target identity vulnerabilities. The hard reality is that most companies have lost sensitive data in the cloud. Yours is likely no exception.

Today’s hybrid mix of on-premises, SaaS, and public clouds creates challenges to effectively manage identities and policies in a multi-cloud environment. But ignoring the problem only inflates the issue.

Strata recently hosted a webinar with special guest Jack Poller: “Why Consistent Identities & Policies Are Needed in a Multi-cloud World.” As the Analyst for Identity Management and Data Security at ESG, Jack unpacked ESG’s research around the biggest identity management issues organizations face today. 

Here’s a quick summary of the highlights. You can also view the entire webinar on-demand via the above player or access the video transcript here.

Business-critical apps span hybrid & multi-cloud 

As more companies migrate to the cloud, their sensitive data is moving to the cloud as well. By 2024, a supermajority of organizations will have more than 30% of their sensitive data in the cloud. 

This cloud-resident data is scattered all over, with silos of data in multiple applications running on multiple clouds — as well as in on-premise applications. That data needs to be protected.

Yet, ESG found that 61% of companies knew or suspected that they had lost cloud-resident sensitive data. And that number is growing as more organizations place more sensitive data in the cloud.

“If you don’t know where your data is, and you don’t have the correct access and identity policies around that data, anybody can access it…and it can disappear,” Jack said. “It can get exfiltrated from your company. That’s one of the big challenges companies face.”

Most cloud attacks come from exploiting an identity

The number one cause of data loss to an attack is an organization’s own users. Users mishandle or misclassify sensitive data, or they have over-permissioned roles with unnecessary access to data. These are all identity-related causes of data loss.

“When you have sensitive data in the cloud, it becomes a target for attackers,” Jack said. “This is why Zero Trust is so powerful.”

Why consistent identities and policies are needed 

Today we’re seeing a free-for-all of sensitive data access. According to the ESG data, 82% of companies report that their full-time employees have access to sensitive data. Just about anyone can see just about anything. 

“Wrapped up in that concept of zero trust is another very important concept, which is the principle of least privileged access,” Jack said. “We should give our employees access to only that which they need to complete their job, and no more.”

In a free-for-all environment, there’s a dangerous lack of policies to determine who is supposed to have access to what. 

“It’s just easier to give people access than to deal with someone complaining that they don’t have the access they need, and to go through the pain of manually making the change,” Jack said. “Overly permissive roles are common among companies, which expands the attack surface — the more data someone has access to, the more data that can be attacked and exfiltrated.”

Policy & identity consistency is challenged by diversity

Jack said that the biggest issue that companies have is maintaining security consistency — especially when you need to go across multiple cloud providers (as well as your own on-premises environment). 

Every cloud provider has their own idea of what identity is, and their own idea of what policies can be put in place. You have to have a consistent security policy between them. If you can’t maintain consistency across your environment, then it becomes a massive challenge to maintain compliance with regulations such as HIPAA, SOC 2, and PCI-DSS.

Organizations need a unified strategy for multi-cloud IAM

Organizations need a unified strategy that helps to manage the identities in this huge multi-cloud and hybrid world.

Jack walked through a process for developing consistent identities and policies across multi-cloud and hybrid environments. This process lets you manage your entire identity footprint across your environment, from one single place. 

From there, you can get to a security consistency that lets you define your policies, set them, and have them apply throughout your IT environment, regardless of where your apps and data reside.

Protect your sensitive data in the cloud

We’re in a multi-cloud world that presents new opportunities as well as new security risks to your sensitive data. Consistent identities and policies are the key to protecting your cloud-resident data. And that’s where Strata’s Identity Orchestration platform comes into play.

Connect with an Identity Orchestration expert