When operating in the cloud environment, traditional IT security practices must be reimagined, as legacy controls such as firewalls and network security perimeters are inefficient in securing resources that reside in the cloud. Moreover, due to cloud configurations regarding data access, usage, and storage, too many variables are introduced which makes it impossible for traditional legacy programs to manage. Human errors such as misconfigurations only make the situation worse.
With the rapid expansion of SaaS applications, cloud infrastructure platforms, and cloud applications, Identity has emerged as the new perimeter where organizations must manage the permissions and access of their users to various cloud resources. Through automated tools and IAM policies, Cloud Identity and Access Management (IAM) provides controls to manage users’ access to resources and what they can do with them.
As per Martin Kuppinger, founder and principal analyst at KuppingerCole Analysts, security controls in IAM have emerged from an initial focus on preventive actions towards increasingly advanced detective and corrective controls.
Cloud Identity Defenses and Preventative Controls:
These are the tools, controls, and processes that prevent specific actions from occurring. Preventive controls were the initial focus of IAM solutions achieved through managing users and access controls in target systems. IAM tools help to provision entitlement rights for users based on roles, thus preventing them from unauthorized actions.
Detective Controls Help Determine Attacks In Progress
Detective controls are tools, processes, and controls that determine if an attack has occurred or not. They usually act during an event by alerting operators to specific conditions. These controls are configured to detect what identities have actually come into the system and monitor or record the activity. Through access governance capabilities, IAM solutions introduced detective controls to single out unusual activities. Many cloud-based IAM solution providers now provide Access Certification capabilities to detect incorrect entitlements.
Manual certification campaigns can now be replaced by these solutions to automatically schedule campaigns on specific time intervals and ensure effectiveness through periodic notifications and detailed entitlement views for managers/supervisors. Additionally, Access Intelligence and Access Risk management features such as user activity analytics provide real-time detection capabilities so that alerts can be raised instantly when undesired activity is detected.
Corrective Controls – Keeping Identity Defenses Strong
Corrective controls are the next logical step in the process, where IAM tools automatically react to adverse situations by changing the settings of preventive controls. Through automated provisioning/deprovisioning features, IAM solutions are capable of revoking access or entitlements when abuse of access or over-credentialing is detected.
How Can Your Organization Implement Cloud Identity Defenses?
As the business landscape becomes more and more complicated with multi-layered configuration of on-prem, cloud, and remote devices, IAM security controls have become increasingly important. However, choosing the right IAM tool is a complicated process and requires careful consideration of all the relevant elements. Thus, having the right partner with the knowledge and expertise to help in the process is essential.
Partnering with a firm like Idenhaus can help keep your organization up to date on your security practices. Need to get started but not sure where to start? We recommend beginning with an Identity Management strategy to define a solution roadmap that guides the organization towards a successful implementation.
You can learn more about the importance of an IAM roadmap by watching this video.
Read our latest blog, How To Leverage Identity in an Attack
To receive the IAM Strategy and Cybersecurity articles in your inbox every two weeks (Tuesdays 8 PM EST), subscribe to our Identity Management biweekly and/or our Healthcare Cybersecurity and IAM Digest.
Follow @Idenhaus on Twitter and subscribe to our YouTube channel.
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us.