According to a recent report from Verizon, 81% of breaches are a result of stolen and/or weak passwords. That’s a staggering number and one that has only been increasing over the years. Traditionally, IT admins were focused on protecting the perimeter. However, the modern era requires a zero trust concept, a concept that starts with securing your identities by building an identity security tool or program to protect your critical digital assets.
In order to understand why it’s no longer enough to solely focus on protecting the perimeter, we need to go over how the IT landscape has transformed. First, though, what do we mean by securing the perimeter?
Legacy Security Practices
Historically, the IT network was based on Microsoft® Windows®, it was located on-prem, and IT admins utilized Microsoft Active Directory® (MAD or AD) to manage users and IT resources. In this setup, user identities and IT resources were kept safely at the center of the network, and IT focused their security efforts on implementing strong defenses (like a firewall) at the perimeter of the network. This security setup was often referred to as “hard on the outside, soft on the inside.” The downside to this network architecture is that it assumes all communication taking place within the network is harmless.
This assumption might have been justifiable when environments were on-prem and users had to be in the office to access work material. However, changes to the IT landscape have demanded a new mindset—one that doesn’t trust so easily. Let’s take a look at the changes that have impacted legacy security practices.
Changes in IT Call for Rethinking Security Practices
Today, resources aren’t kept at the center of an on-prem network. In fact, the perimeter has largely disappeared because end users are leveraging cloud-based solutions like AWS® cloud servers, G Suite™ (formerly Google Apps) and Office 365™, SaaS applications, cloud file servers, and much more.
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Natalie Bluhm. Read the original post at: https://jumpcloud.com/blog/identity-security-tool/