Managing Identities and Entitlements to Secure the Public Cloud
Accelerated digital transformation in response to the pandemic has blurred the line between the public cloud and the internal network, creating a much more complex environment that organizations still struggle to secure. One particularly troublesome area is managing identities and entitlements.
The COVID-19 pandemic forced many businesses to transition to a remote and distributed workforce, which has accelerated public cloud adoption. However, many of those businesses discovered that securing public clouds is anything but easy. The recent rise in cyberattacks gives credence to the assumption that enterprises are struggling to adapt to a cloud-enabled environment.
Forrester Research predicts that internal incidents will be responsible for 33% of breaches in 2021 as remote work becomes the norm. Simply put, digital transformation’s acceleration, in response to the pandemic, has blurred the line between the public cloud and the internal network, creating a much more complex environment that organizations are struggling to secure.
Most of those problems can be traced to one of the most basic tenets of cybersecurity: protecting identities and managing entitlements. Research giant Gartner acknowledges that properly protecting identities and managing entitlements is one of the last remaining barriers to cloud adoption, and recommends organizations go back to basics to consciously tackle the risks of the cloud.
Identity management, which was once a relatively easy process, has been complicated by the numerous cloud applications available today. Each offering usually creates a security silo, in which application-specific identities and entitlements are stored. At some point, a person must manage that security silo, and cloud adoption has dramatically increased management overhead, leaving room for credentials to be compromised and increasing the chances that users will be assigned excessive entitlements.
Dealing with these issues often requires tracking a diverse and distributed identity ecosystem, without the benefit of unified identity management. Numerous vendors have tried to solve the problem by offering synchronization or other approaches to mitigate the issues of siloed identities, but, to date, most leave much to be desired.
“While it’s virtually impossible to determine entitlement risks for users and machines using tools offered by cloud platform providers, third-party tools that rely exclusively on identity and access policies, without also analyzing network access, do not provide a true and accurate view of risks,” said Shai Morag, CEO and co-founder of Ermetic.
Morag makes a good point. To properly secure today’s hybrid cloud networks, it’s critical to not only manage identities across silos, but also to measure entitlements and comprehensively assess and govern the risks associated with complex scenarios of users, machines and resources.
Unifying identity management, often attempted using federated access and single sign-on (SSO) solutions, is proving insufficient. Companies like Ermetic are trying to shift to a new narrative by tying entitlements and identities together, managing them with policies and constant audits.
“Ermetic is the first solution to provide full-stack visibility into both identity entitlements and network access configurations, which enables customers to comprehensively assess and govern the risks associated with complex scenarios of users, machines and resources,” Morag said.
Ermetic claims to be the first, but there are other vendors building similar platforms to bring unified management and auditing to identities and their associated entitlements. On the auditing side, StealthAUDIT Management Platform and Netwrix Auditor are major players. Other products focus on SaaS entitlements, like Prisma SaaS and ManageEngine DataSecurity Plus. Despite the growth in these areas, there are still few vendors that have the complete picture of identity and entitlement management incorporated into their platforms.
As more and more businesses, spurred by digital transformation, move to hybrid clouds and multicloud solutions, the need for unified management and automation of identities and entitlements will only grow. In short, managing identities and entitlements will be critical to securing the public cloud.