Identities have historically been hosted and secured on-prem. When all of the resources were located on-prem, this worked perfectly. However, with the emergence of cloud and SaaS applications, users needed to have SaaS identities to match these new resources. Today, SaaS identities are much more common, but how does the process of managing these identities work and – more importantly – how do you ensure that it is secure?
Protecting SaaS Identities
In the IT world, identities are the keys to the kingdom. With just a username and password, a bad actor can gain access to the underbelly of an organization. There are always attackers out there trying to find the companies not protecting their identities sufficiently, as evidenced by the number of breaches we have seen lately. As a result, it is now more important than ever to secure identities and the access they provide.
Typically, the way IT admins provision access is by connecting a user’s digital identity with the IT resources they should have access to. That process will involve an identity provider, which can then confirm or deny a person access to a particular resource.
Conventionally, the process worked as follows:
- A user attempts to access an IT resource (be that a system, server, application, file, or network).
- Once the request is received, that resource validates the authentication request with the identity provider, where a user’s identity lives along with what resources they are allowed to access.
- If the user is allowed to access the IT resource, then the identity provider signals to the application that the user is allowed to sign in to the application. If not, then the identity provider signals to the resource that they are denied access.
This approach was simple and effective, but new SaaS resources and workflows coupled with evolving security needs have spurred a revolution in Identity and Access Management (IAM) best practices.
A Change in Methodology
The authentication process was largely straightforward when the IT networks were virtually all Microsoft Windows based and located on-prem. Microsoft Active Directory® (AD) was the directory service of choice, because it could easily act as the IdP to authenticate to the other Microsoft resources.
As the IT landscape started to change though, identities hosted on-prem within Active Directory struggled to be connected to IT resources in the cloud, on the web, or hosted remotely. Further, as the world shifted to macOS and Linux, even on-prem resources struggled to be connected to AD.
The changing landscape created the opportunity for a new generation of identity management to appear. This cloud-based approach created SaaS identities which could be connected to not only on-prem, but cloud resources as well. Windows platforms and applications would be just one of the many types of IT resources that a person could access.
SaaS Identities for Modern IT
The benefits of employing a SaaS identity management solution are numerous. Since they’re built for the cloud era, these identities are far more secure in the face of contemporary identity theft and compromises. They can also be leveraged for a wide range of protocols including LDAP, RADIUS, SAML, SSH, REST, and many others. On top of that the SaaS identities allow admins to manage systems (Windows, Mac, Linux), cloud and on-prem servers (AWS, GCP), web and on-prem applications (LDAP, SAML), physical and virtual storage (Samba and NAS file servers), and wired and WiFi networks via RADIUS.
To achieve SaaS-based identity management, you can elect to implement a modern cloud identity platform called Directory-as-a-Service®. This innovative cloud directory is re-inventing the way people think about a directory, and is helping admins maintain control over their environments in an easy and stress free manner. If you would like to learn more about SaaS identities, drop us a note. We would be happy to answer any questions that you might have about them. Alternatively, you can see the SaaS identities in action for yourself by signing up for a free account. Your first 10 users are free forever, with no credit card required, so there’s nothing holding you back from getting started. Sign up for a account today!
This is a Security Bloggers Network syndicated blog post. Read the original at: JumpCloud 2017-12-06.