Identities have historically been hosted and secured on-prem. When all of the resources were located on-prem, this worked perfectly. However, with the emergence of cloud and SaaS applications, users needed to have SaaS identities to match these new resources. Today, SaaS identities are much more common, but how does the process of managing these identities work and – more importantly – how do you ensure that it is secure?
Protecting SaaS Identities
In the IT world, identities are the keys to the kingdom. With just a username and password, a bad actor can gain access to the underbelly of an organization. There are always attackers out there trying to find the companies not protecting their identities sufficiently, as evidenced by the number of breaches we have seen lately. As a result, it is now more important than ever to secure identities and the access they provide.
Typically, the way IT admins provision access is by connecting a user’s digital identity with the IT resources they should have access to. That process will involve an identity provider, which can then confirm or deny a person access to a particular resource.
Conventionally, the process worked as follows:
- A user attempts to access an IT resource (be that a system, server, application, file, or network).
- Once the request is received, that resource validates the authentication request with the identity provider, where a user’s identity lives along with what resources they are allowed to access.
- If the user is allowed to access the IT resource, then the identity provider signals to the application that the user is allowed to sign in to the application. If not, then the identity provider signals to the resource that they are denied access.
This approach was simple and effective, but new SaaS resources and workflows coupled with evolving security needs have spurred a revolution in Identity and Access Management (IAM) best practices.
A Change in Methodology
The authentication process was largely straightforward when the IT networks were virtually all Microsoft Windows based and located on-prem. Microsoft Active Directory® (AD) was the directory service of choice, because (Read more...)