Identity&AccessManagement(IDAM

Next Article

Working From Home

Why you should have ZERO TRUST if you are in the CLOUD

In a world where data is the lifeblood of businesses, identity and access management (IDAM) has never been more important. We pose some questions on IDAM in the cloud to Andre Lombaard, technical manager: Security at Datacentrix.

Today, we live in a world of remote work, meaning that increasing numbers of people are accessing corporate networks from their homes. What sort of IDAM solutions need to be implemented in this case, to ensure the person is who they say they are when logging into the network? Today’s world of remote working and cloud-based systems necessitates a ‘zero trust’ approach to keep an organisation’s data and infrastructure secure. This type of strategy – based on the premise of ‘never trust, always verify’ – revokes any type of access privileges that users may have previously had on a network, and gives them access to the absolute minimum, while frequently requesting user authentication.

The pre-Covid scenario, where a virtual private network (VPN) setup would permit employees/users to access all areas of the network, is no longer a secure strategy. In a zero trust world, legitimate, authorised users may access only those areas of the network, as well as apps and data, that are needed to complete a task, and nothing more. This should be applied to all the company’s system elements – including a company’s enterprise resource planning (ERP) software, email, and a document repository, for example.

This is where technologies like secure access service edge (SASE), in combination with biometrics on endpoint devices – such as laptops, mobile phones and tablets – as well as privileged identity management (PIM) solutions, are playing a critical role in helping companies to scale down access and increase the security of their systems. This decreases the risk of cybersecurity incidents.

Concisely, these technologies allow for the security perimeter to be moved away from the enterprise to the user or device. They then require users to be identified and verified, before permitting them to enter the network perimeter, and provide only pre-assigned access to certain areas. How do these solutions ensure network security and effectively manage cloud identities? With so many businesses currently making use of some type of cloud system, be it Office 365 or Google Drive, the protection of the cloud environment is more important than ever before. A zero trust approach means that the system serves users from either the cloud or on-premises, as there is one central point of access, all channelled through the SASE and IDAM security measures.

What is the importance of system design in enabling the effective management and governance of cloud identities, and how you can ensure that your security system is optimally designed? Designing a zero trust architecture must include, at its core, centralised policy

management, which includes identity-related and allocation policies. It must also align with local governance requirements, such as the Payment Card Industry Data Security Standard (PCI DSS), the International Organisation for Standardisation (ISO) or General Data Protection Regulation (GDPR), regarding the safety and security of data and cloud infrastructure.

This is where technologies – including configuration security analysis – have come into play. Traditional auditing methods of analysis of architecture are falling short when it comes to the cloud and its continuous, uncontrolled change. By leaning on solutions like configuration security analysis, businesses can continuously – and in real time – monitor security and compliance on current architectures, highlighting misconfigurations, remote employees, policy validations and so on.

How do digital solutions like automation, big data and artificial intelligence (AI) play into this security approach? The use of digital solutions like automation and AI plays a significant role when it comes to security. As a hybrid IT systems integrator and managed services provider, one of Datacentrix’s offerings is its Security Operations Centre (SOC), which monitors and defends customer ICT environments in real time against any potential security threats. The SOC uses AI for the analysis of all security events, which are received at an uncontainable pace.

It is no longer necessary for analysis to be conducted by people 24/7. Through AI, humans only now see around 40% of the data related to security events, and this is only the information that needs action, making for a faster, more accurate process.

And if you are leveraging big data, please outline the importance of good data hygiene and explain how an organisation can ensure their data is clean and effective? AI is hugely effective when it comes to ensuring cleaner (by cross-verifying the integrity and true identity), more effective data for further analysis. Correctly implemented, AI technology can close the gap between humans and machines, providing human analysts with cleaner, more to-the-point data on security attacks and events, and eliminating any ‘false positives’ already vetted by AI as not relevant. Can you tell me exactly how a zero trust strategy can play a major role in effectively protecting your corporate network from any form of infiltration, especially as the use of the cloud becomes increasingly prolific? A zero trust strategy is critical to the protection of a company’s assets, which in modern-day terms are its data and information. Through a zero trust approach, who or what connects to your infrastructure is strictly controlled and regulated, and the company is able to limit the exposure of these assets.

Traditionally, companies have always worried about who is using a device, where it is, what type of information is on it, and what happens if it is compromised or exfiltrated. Now, with data in the cloud, the focus has moved to who accesses it, and where it is.

The current security mantra seems to be ‘defend in depth’. How would you recommend implementing such a defence, and how important is it to involve all aspects of the ‘people, processes and technology’ trinity? Defence in depth can be defined as “an information security approach in which a series of security mechanisms and controls are thoughtfully layered throughout a computer network to protect the confidentiality, integrity and availability of the network and the data within”.

It refers to the combination of several advanced security tools together – including anti-virus software, anti-spam, firewall and privacy controls – into a multilayer cybersecurity approach that protects a company’s endpoints, data, applications and networks. The major benefit is that there are no capital expenditure requirements, as it is a service that is sold.

Aside from the technology element, it is essential to align processes and policies, as – while it might be possible to control the system – it is not necessarily possible to control the human behind the device; this is the one anomaly. You may not be able to change user behaviour but you can enforce processes and policies to best control engagements – leading to one path and one path only.

Since security has never been more critical, what final words of advice relating to the topic would you give to those organisations where IT might be necessary to ensure operations, but is not related to their core business? Although IT might not be the core business of many organisations, the potential effect of a compromise on the integrity and security of its data – and potential knock-on effect on the company’s reputation – is far reaching. A zero trust approach to cybersecurity can assist any business to create a safer remote and cloud environment, simplifying the security architecture and reducing organisational risk.