IDENTITY & ACCESS MANAGEMENT (IDAM)
Why you should have ZERO TRUST if you are in the CLOUD In a world where data is the lifeblood of businesses, identity and access management (IDAM) has never been more important. We pose some questions on IDAM in the cloud to Andre Lombaard, technical manager: Security at Datacentrix. Today, we live in a world of remote work, meaning that increasing numbers of people are accessing corporate networks from their homes. What sort of IDAM solutions need to be implemented in this case, to ensure the person is who they say they are when logging into the network? Today’s world of remote working and cloud-based systems necessitates a ‘zero trust’ approach to keep an organisation’s data and infrastructure secure. This type of strategy – based on
22
C YB E R S E C U R I T Y 2 0 2 2
the premise of ‘never trust, always verify’ – revokes any type of access privileges that users may have previously had on a network, and gives them access to the absolute minimum, while frequently requesting user authentication. The pre-Covid scenario, where a virtual private network (VPN) setup would permit employees/users to access all areas of the network, is no longer a secure strategy. In a zero trust world, legitimate, authorised users may access only those areas of the network, as well as apps and data, that are needed to complete a task, and nothing
more. This should be applied to all the company’s system elements – including a company’s enterprise resource planning (ERP) software, email, and a document repository, for example. This is where technologies like secure access service edge (SASE), in combination with biometrics on endpoint devices – such as laptops, mobile phones and tablets – as well as privileged identity management (PIM) solutions, are playing a critical role in helping companies to scale down access and increase the security of their systems. This decreases the risk of cybersecurity incidents. Concisely, these technologies allow for the security perimeter to be moved away from the enterprise to the user or device. They then require users to be identified and verified, before permitting them to enter the network perimeter, and provide only pre-assigned access to certain areas.
How do these solutions ensure network security and effectively manage cloud identities? With so many businesses currently making use of some type of cloud system, be it Office 365 or Google Drive, the protection of the cloud environment is more important than ever before. A zero trust approach means that the system serves users from either the cloud or on-premises, as there is one central point of access, all channelled through the SASE and IDAM security measures.
What is the importance of system design in enabling the effective management and governance of cloud identities, and how you can ensure that your security system is optimally designed? Designing a zero trust architecture must include, at its core, centralised policy
