ARCON and KuppingerCole once again co-hosted a webinar to discuss some of the most important issues in the Information Security space. On July 12th, 2022, Paul Fisher, Senior Analyst, KuppingerCole Analysts AG and Anil Bhandari, Thought Leader and Chief Mentor, ARCON turned their attention to the role of Identity and Access Management (IAM) in multi-cloud platforms.
In this webinar, both speakers covered the major risks involved in managing data and workloads in multi-cloud platforms, trends, and discussed how IAM technologies can help to build resilient security posture in the multi-cloud environments.
During the first half of the webinar, Paul Fisher highlighted how the identity and access management landscape in multi-cloud environments is changing radically. Below are the key takeaways from the first half of the session:
- Enterprises look for a host of business benefits from cloud adoption. The major ones among them are rapid delivery, uninterrupted user experience, convenience, data management and overall IT security.
- End-users and IT administrators find a multi-cloud environment extremely beneficial for remote working, multi-location access and collaboration among the workforce.
- In the ever-expanding IT infrastructure, the number of digital identities, including human identities, machine identities and cloud identities has increased exponentially. Many of them are third-party identities that pose IT security risks if not monitored in real-time.
- While sharing some statistics about cloud services, Paul said that 42% of organizations use three or more IaaS providers as different teams/ departments select different vendors for their required services.
- Moreover, 69% of organizations use proprietary IaaS IAM tools, whereas 39% of organizations prefer in-house IAM platforms to manage the security of their IT infrastructure.
- For a better understanding of the cloud atmosphere, Paul spoke about the containerization of identities. For business reasons, the risk assessment teams are now moving outside the CIO/ CISO zone of influence and creating their own solutions for business reasons—mostly flexibility of requirements.
- While managing identities in the complex IT environments, organizations need to focus on the IT security policies, data management, overall access management of the critical applications, and cloud resources and securing the identities from unauthorized intrusions.
- Another challenge in a multi-cloud environment is to achieve business agility and simultaneously meet compliance requirements – especially cloud compliance standards eg. FedRAMP, NIST.
- As per demand, adding AI-ML algorithms to the solutions for cloud security has increased the level of complexity. Only a robust solution that manages and controls identity governance can satisfactorily address it.
- The core IT infrastructure consists of the identities of the administrators, developers, end-users, third-party users and endpoints. The overall access of all these identities are controlled by the Privileged Access Management and Identity Access Management solutions. With the inclusion of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and on-prem private clouds, the security demands for secret files, servers, containers, virtual machines, admin accounts and privileged accounts have been much higher.
- The upcoming IT security trends speak of decentralized solutions that are compatible with the future of identities. This happens in two ways, to be precise: user-centric methods and reusable methods. For user-centric methods, the user holds the identity data and delegates access rights to multiple users. On the other hand, reusable methods include authentication and authorization of a single identity for multiple brands.
- While summarizing the entire discussion, Paul stressed the importance of decentralization and containerization of a network expansion that is inevitable. He also suggested that organizations need to accept IaaS infrastructure with automation that can address every possible workflow chore.
In the latter half of the webinar, Anil Bhandari from ARCON discussed the challenges in administering and governing multiple user IDs in an ever-expanding multi-cloud world in the current context and explained how ARCON’s Cloud Governance platform can help to overcome those challenges. Here are the highlights of the discussion:
- The evolution of digital identities is not yet over. In fact, a lot more is about to come in the next five years.
- There are four business models that are trending globally: outcome-based model, hyper-personalization, access vs ownership, and digitalization of businesses. All these models evolve around digital identities and the proactiveness of these identities.
- Digital identities drive business models with growth, efficiency, and excellence that is directly involved in profit-making and revenue generation.
- If we try to construct a digital identity, there are several parameters that are considered. Personal thoughts, likes, dislikes, professional details, online activities/ behaviour, which tools are used, where the information is stored/ saved etc. are taken into account.
- Today, most of the enterprise data related to identities is likely to be stored in the cloud and organizations opt for outcome-based business models where cloud storage offers the best operational experience.
- Along with digital identities, there is a great need for digital vaults today.
- If we classify the types of digital identities, there are interactive identities and non-interactive identities. Interactive identities include human identities and machine identities (bots). Non-interactive identities include mobile devices, desktops, APIs, web servers, database servers, application servers and more.
- Non-interactive identities might vary industry-wise. For the telecommunications sector, a phone number could be an identity, whereas for a government organization, a social security number is an identity.
- While talking about the privacy of the data associated with the identities, Anil emphasized that without data privacy measures, the whole idea of creating identities might go haywire. Social security details, property documents, financial documents, photos, and personal information, including personal certificates, – all require the utmost privacy to ensure the security of the identities in the cloud.
- In the case of identities in the cloud, along with data privacy, secure access management is the only way to protect the digital ecosystem with endless digital assets. SaaS enables easy access to cloud technology where identities are easy to track with a zero trust framework.
- As per the global trends of 2022, there are a couple of security domains that talk about attacks on digital supply chains that are embedded with vulnerabilities, for which identity threat detection and response tools are necessary. To ensure the integrity of the digital supply chain, it is critical to reframe security practices to ensure a timely response to emerging threats.
- ARCON in this aspect, offers a friction-less solution for the security of identities in multi-cloud environments. Available on virtual access platforms, this solution offers multi-factor authentication, single sign-on, and just-in-time privilege to build a strong visibility for a zero trust model across the IT ecosystem.
- ARCON believes in three basic principles of cloud governance: discover, monitor and remediate.
- ARCON ensures multi-cloud governance by incorporating the below aspects:
- Gain visibility across clouds
- Mitigate access risks across clouds
- Provision/ deprovision custom policies
- Monitor and govern entities
- Assess permissions with interactive graphs
- ARCON Cloud Governance tool helps organizations with a single view dashboard consisting of all types of identities and their activity details at a given point of time. It also shows the risk assessment perimeter in a graphical format for user-friendliness.
- This risk assessment graph also helps in understanding the trend from the details of what has been used and what has not. In the case of organizations with multiple offices
- in multiple locations, this analysis is extremely beneficial for the IT risk assessment teams.
- Lastly, ARCON’s strategy of business offerings is already aligned with the global trends. It includes a comprehensive governance framework, cloud-native access control applications, robust endpoint security, AI/ ML empowered solutions and compliance with stringent IT standards. With these, ARCON also stacks up to the expectations of ITDR (Identity Threat Detection and Response) compatibility.
As the curtain of the webinar drew down, Paul and Anil discussed the webinar-poll results. On the question, “What worries you most about access management for the cloud?”, 40% of the participants agreed with the answer “Not knowing who has access”. This proves that robust identity governance along with role and rule-based access management is the key to a secured cloud environment.