Securing identities has become a critical factor in the overall security posture for modern organizations, especially as more resources are being delivered from the cloud than ever before. Virtual Identity Security describes the practice of protecting user identities that access cloud-based and on-prem IT resources.
The cloud can be highly secure, but only if the correct tools and methodologies are implemented. Attackers know that most organizations leverage virtual identities to authenticate and authorize access to critical resources and information. They also know that once they are in, they can cause irreparable damage.
That is why it is absolutely imperative that organizations stay ahead of the curve when it comes to virtual identity security.
Identity Security in the Beginning
The concept of identity security is nothing new. IT developers recognized the need for a mechanism to authenticate and authorize user identities very early on, which is why we have directory services like Microsoft Active Directory® and OpenLDAP.
Active Directory and OpenLDAP have been the go-to options for managing and securing user identities for decades now. The trouble is they were designed before the cloud came into existence. Therefore, their approaches to virtual identity security are inherently outdated.
Virtual Identity Security with Active Directory & OpenLDAP
Active Directory is focused on protecting on-prem Windows systems and identities. However, it offers little support for Mac and Linux.
Of course, this wasn’t an issue back when Windows was the only show in town. Nevertheless, the IT world has grown to include macOS and Linux systems. The result is that Active Directory is now only a partial solution to a bigger problem, and the lack of management capabilities for these systems presents virtual identity security risks.
OpenLDAP offers somewhat of a more OS agnostic approach to virtual identity security. The challenge is that it leans heavily on the know-how of the IT admin that is responsible for implementation and maintenance. This is because OpenLDAP is an open source directory service that must be built from the ground up and configured granularly.
The result is that OpenLDAP implementations are highly error prone. Considering the fact that (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/virtual-identity-security/