The firewall is no longer enough. In the cloud era, what should lie at the core of your organization’s cybersecurity?

As part of the digital transformation that organizations find themselves embroiled in in the digital economy, many have actively embraced the cloud.

As a result, the threat landscape is also evolving as the attack surface broadens exponentially.

DigiconAsia had the benefit of drawing on the expert insights of Serkan Cetin, Technical Director, APJ, One Identity, on how security today should not be focused on firewalls and deterrence, but on how identity should be the key component of businesses’ defense in the cloud era.

What are the key challenges and trends for cloud security today?

Cetin: As enterprise’s operations expand to the multi-cloud, they are faced with an evolved set of IAM considerations to address the growing number of possible threats. Identity & access management is one of the most critical areas of cloud security as traditional perimeter does not exist anymore, identity becomes the new perimeter.

With cloud adoption growing, effective IAM is more important than ever as the first line of defense for a company. It is also essential that IAM solutions are able to support on-premise, cloud and hybrid cloud environments to cater for companies in different stages of adoption, and different requirements to support their businesses.

Having the right approach to IAM (one in which identity is placed at the center of security) can ensure the right people in an enterprise have the appropriate access to different resources. In that case, security should not solely focus on firewalls and deterrence, identity access management should be one of the key components of business’ defense.

As cloud adoption grows, how can we ensure that data is accessible to only those with the right credentials and access rights?

Cetin: We live in a rapidly changing world where new technologies are quickly emerging, and organizations are fast adopting these new technologies to support their businesses. In order to support this change, organizations will need to regularly test and evaluate their policies and processes and seek for an approach that maximizes unification, automation, and visibility.

To ensure that data is accessible to those with the right credentials, large organizations need an Identity Governance and Administration (IGA) platform to facilitate the correct access to applications and to data.

An approach that combines both IGA and Privileged Access Management are necessary in order to ensure only those with the right entitlements and access rights have access to data and systems, and also to identify and manage any risk with assigned privileges and access rights to privileged credentials.

With cloud adoption growing, effective IGA and PAM are more important than ever as the first line of defense for a company. Protecting the traditional network boundaries and perimeters is no longer adequate as organizations move towards adopting cloud technologies.

Identity has effectively become the new perimeter in being able to ensure that only those who are authorized and permitted are able to access applications and data, whether it is on-premise or in the cloud. It is essential that IGA and PAM solutions are able to support hybrid environments where users, applications and data reside on-premise and in the cloud, as this is the reality for many organizations today. 

An effective IGA and PAM approach for today’s organizations with hybrid environments should include the same security, visibility, and control that has long been the staple of on-premise environments, but coupled with the agility, flexibility, and convenience of cloud delivery.

How does access management measures help move an enterprise forward and make it more competitive in the digital economy?

Cetin: Enterprises in Asia Pacific are embracing digital transformation at an exponential rate. IDC estimated the spending on technologies and services that enable the digital transformation will reach USD 375.8 Billion in 2019.

A business-centric, identity-centered, automated, modular, integrated and data-driven approach will allow security to become a true enabler of business innovation. An IAM approach which is built upon these 5 points is able to provide organization the security and governance controls required to protect users and data, the automation of tasks and processes to speed processes and provide efficiencies, and allow for the organization to adapt to business user requirements and allow business users to obtain access to applications and data when they need it, whilst ensuring it is provided securely. As a result, organizations are not only secure but also more agile.

Cetin: How should enterprises deal with IAM and PAM when working with partners, suppliers and customers as the supply chain goes digital?

Quest’s Digital Transformation Security Global Survey found out that 97% respondents said they are investing in digital technologies to transform their business. However, this transformation carries a unique set of risks and security challenges.

Enterprises must take into consideration that corporate access from personal devices, managing cloud and hybrid cloud environments, shadow IT and securing IoT devices – all of which provide a gateway into valuable company data and resources. IAM solutions are robust, flexible, and integrated so that they can support and protect the entire range of platforms and technologies.

With the growth of BYOD and the growing network of partners, suppliers and customers, enterprises are adopting solutions such as single sign-on and two factor authentications to provide access to these users. But it all comes down to user access, and only a universal provisioning/governance solution can truly address those needs across the evolving environment. IAM programs need to be able to cater and support the needs for managing and securing various identity types, including employees, partners, suppliers, customers and things.

IAM deployments are multi-phase projects that touch every part of an enterprise. Customers’ involvement and active participation, especially executive sponsorships, are critical success factors for any IAM deployment.