- Identity and access management (IAM) is one of the most complex and difficult tasks that network administrators face, and it’s about to get worse due to the scale and complexity of cloud deployments.
- In some cases, it is simply not possible to bring SaaS and cloud services under the control of in-house IAM systems, and CASBs can be useful in these contexts.
- Despite the difficulties involved in working with IAM, there exists well matured technologies and techniques for securing cloud systems.
- Organizations looking to improve their IAM should focus on four areas: Scaling Single Sign On; Centralizing IAM; Scaling Multi-Factor Authentication; and improving employee skill sets.
Identity Mismanagement: Why The #1 Cloud Security Problem is About to Get Worse
Identity and access management (IAM) is one of the most complex and difficult tasks that network administrators face, and it’s about to get worse. The rise of cloud computing shows no signs of slowing down, and is about to pass a threshold where computing power, rather than the efficacy of managerial systems, will be the limiting factor on security.
Here at InfoQ, we’ve recently written about some novel ways in which cybersecurity analysts are adapting to this problem. Some are using blockchain for identity management. Others are looking to market-leaders on the scale of Netflix, hoping that the systems they have put in place provide a clear path forward.
In this article, we’ll take a more direct approach: we’ll look at why IAM is becoming such a huge challenge, explain why identity is the new currency, and then reveal some principles that can help you meet this challenge.
(Labeled for reuse: Pixabay)
Identity Mismanagement in the Cloud
In order to understand why IAM has become such a headache for network admins, it’s worth reminding ourselves of what IAM consists of in the first place. At a basic level, IAM is a simple enough concept. Any IAM system is concerned with defining and managing the roles and access privileges of users on a network, whether these users be employees, customers, or vendors. The core idea of IAM systems is that each user should be assigned a unique identity, and the associated level of access should then be managed throughout the user’s “lifecycle.”
This simple description, however, hides some of the complexities of contemporary IAM systems. In reality, companies have adopted a wide range of IAM approaches, and the way in which identities are managed varies considerably between them. In addition, the sheer number of systems in use at the average organization means that authentication technologies and processes struggle to keep up.
Growing Problems
There are two major reasons why IAM is more difficult today than it has been before. One is the sheer scale of cloud deployments; the other is the increased frequency of identity-based cyberattacks.
Let’s take the problem of scale first. According to recent research, enterprises in 2017 expected to use an average of 17 cloud applications to support their IT, operations, and business strategies. So, it’s no surprise that 61 percent of respondents believe identity and access management (IAM) is more difficult today than it was even those two short years ago. With so many different systems in play at any one time, IAM is no longer just about having a rigorous tracking and authentication system in place. In many organizations, the computing cost of authentication and encryption now forms the primary bottleneck on network performance.
#identity management #cloud #cloud computing #application security #devops #architecture & design #article
