Identities, Risk and the Multi-Cloud Environment
The multi-cloud environment is having its moment. More organizations are moving applications into the cloud, and a multi-cloud environment offers better redundancy and availability, as well as pushes forward digital transformation. However, identity management presents a challenge to organizations adopting multi-clouds, according to research by Strata Identity.
Seven in ten companies use two or more identity systems, the study reported, but 75% of respondents said they lack the ability to easily discover all existing access policies.
“As enterprises increasingly adopt multi-cloud, there’s a greater need for newer and more advanced IAM solutions that can perform across both public cloud and on-premises environments,” said Eric Olden, CEO of Strata Identity, in email commentary. “While there are clear benefits to being multi-cloud, it can also create its fair share of challenges.”
Those challenges, according to Olden, are:
Identity silos. Multi-cloud environments mean dealing with visibility gaps in policies, apps and users, and because multi-cloud means multi-vendor, identity silos begin to emerge. User identities are distributed across multiple clouds that don’t play well together, so IAM becomes unwieldy and manually intensive, expanding the risk surface.
Passwordless/MFA. Passwords are the single biggest risk for identity-related breaches. Replacing passwords with ‘passwordless’ authentication or multifactor authentication (MFA) is the way to fix that; however, IAM solutions using passwordless and MFA weren’t built for legacy apps. Setting apps to require MFA is expensive and not always a feasible option for organizations.
Managing compliance. Organizations need to prove that access controls are in place; that they are consistently enforcing the right policies and that data has remained secure after your migration and shows exactly where sensitive data and identities reside. Fragmentation of policies across different vendors and clouds makes it hard to show how policies are configured through a single pane of glass, leading to blind spots and risk.
Multi-Cloud Identity Access Risks
When IT leadership must manage identities across multi-clouds, these environments don’t automatically thread together with disparate technology solutions. In order to protect, connect and monitor security vulnerabilities and threats, visibility across and within the entire technology stack is essential. When that doesn’t happen, you open up the entire infrastructure to additional risk.
“The primary risk covers both inside and outside risk,” explained Darren Guccione, CEO and co-founder at Keeper Security, via an email interview. “Within the organization, it is imperative that privileged access management and related controls be implemented to ensure that the right personnel, from permitted location(s) and on permitted devices, have access (or not) to relevant websites, applications and systems.”
When a multi-cloud infrastructure is implemented, the level of cybersecurity risk, if not managed and mitigated correctly, actually increases exponentially.
“It is imperative that technologies protecting these environments provide enterprise-wide visibility, security and control over every user, on every device as they transact with every website, application and system in the organization,” said Guccione.
Overcoming Risk in the Multi-Cloud
Organizations that cannot audit and identify at scale whether or not their multi-cloud environments follow least-privilege permission, have adequate resource provisioning while staying compliant–will be at a greater risk of a data breach.
At the root of these multi-cloud challenges is one common denominator: The applications are tightly coupled to their identity infrastructures. There are solutions that can help organizations decrease risk created by hard-to-manage identities across multiple clouds. These are identity orchestration solutions.
“An identity orchestration platform is lightweight software that deploys in the cloud or on-premises. It uses a distributed, multi-cloud framework called an identity fabric, which manages multiple identity domains on multiple clouds,” explained Olden.
Identity orchestration coordinates behavior across cloud systems so that applications can integrate with any identity system, regardless of vendor. The identity fabric sits between the user and the cloud systems. When someone wants to access an application, it acts as a proxy to enforce your company’s identity policies.
“All this is done without changing the application’s code or modifying configurations. The no-code integration means you can connect your apps and your identities without the expense and hassle of rewriting applications,” Olden added. “It also means you can easily switch identity providers as needed. Or roll out a new identity service, like passwordless, without writing any code.”
Or, if the organization needs a simpler solution when struggling to manage identity, verify MFA is rolled out across the ecosystems—this will do the most good while a consolidation plan is created, said Davis McCarthy, principal security researcher at Valtix.
“The consolidation plan should improve IT’s business process while also creating layers of security to manage the complexities of the multi-cloud.”
