MY TAKE: Here’s why identities are the true firewalls, especially as digital transformation unfolds

By Byron V. Acohido

Was it really that long ago that company networks were comprised of a straightforward cluster of servers, data bases, applications and user devices corralled largely on premises?

Related article: Taking a ‘zero-trust’ approach to authentication

In today’s digitally transformed environment, companies must monitor and defend systems housed on-premises and in overlapping public and private clouds. And they must account for employees, partners and customers using their smartphones to log in from Timbuktu.

This presents a convoluted matrix to access the company network —  and an acute exposure going largely unaddressed in many organizations. Massive data breaches continue to occur because companies caught up in the swirl of digital transformation continue to unwittingly authenticate threat actors — and allow them to take a dive deep into mission-critical systems.

The good news is that the identity management space is chock full of strong vendors innovating at a furious pace. I sat down with Mark Foust, Chief Product Evangelist at Optimal IdM, a leading supplier of Identity Access Management (IAM) systems, to get a better sense of what’s unfolding.

We discussed the leading-edge solutions being designed to help companies make much more precise judgements about each and every user trying to access sensitive assets. For a full drill down, please listen to the accompanying podcast. Here are the key takeaways:

Fresh vectors

Here’s the rub: accelerated use of cloud services, DevOps, software containers and microservices may be giving companies amazing agility and scalability; but they’ve also created a vast new attack surface, rife with fresh attack vectors.

This translates into unprecedented exposure to threat actors. Companies must manage authentication on multiple levels, while imposing policies to assure no threat actors are sneakily accessing sensitive systems. Accomplishing this without unduly penalizing productivity is not an easy thing to do. And, indeed, not many companies are doing it very well.

Foust

Erecting next-generation firewalls does nothing to deter a threat actor in possession of a phished logon, who is also expert at laying low, locating valuable data and methodically escalating privileges to get at a company’s crown jewels – just ask Equifax, Uber, Tesla, Panera Bread and myriad others.

Identity management vendors say a new approach is needed to disrupt this tried-and-true  pattern of attack. “The concept of the firewall has changed,” Foust maintains. “Now identity is the new firewall; identity is the boundary that must be protected. User authentication has become paramount to security.”

Unified access

Some of the most promising authentication breakthroughs are unfolding in the directory services layer of networks. Some context: IT administrators rely on directory services to unify the way they map resources and manage authentication across different systems. As company networks increasingly morph into a combination of on-premises and public cloud systems, many more directory services have been tossed into the mix.

Optimal IdM brings technology to the table that is designed to consolidate and synchronize authentication tasks company wide. These are authentication routines that otherwise might be unfolding haphazardly across multiple directory services.

“We offer the ability to immediately join all of your disparate directory services together to make them look like one, without any backend engineering of applications,” Foust explains. “Our solution can now be the proxy and provide that initial point of authentication. We take down the disparate directory boundaries you have, within your organization, and provide the ability to set identity policy, audit and make access decisions in a single place and authenticate a user on all of your systems.”

The truly cool stuff happens as a result of Optimal IdM gaining universal control of all directory services. The vendor is then able to apply machine learning and behavior analytics to study, and ultimately model, the baseline authentication routines of legitimate users. Over time, even slightly anomalous activity by a threat actor seeking to stay under the radar becomes easier to identify and isolate.

Context-based access

There’s a lot of work to be done to prevent a potentially malicious user from gaining access – as there should be. Requiring multifactor authentication to access high value assets is one example. However, attackers are adept at obtaining full, valid credentials, especially of users with elevated privileges.

It then becomes crucial to understand where a malicious user is coming from, including all of the conditions that made up the decision to grant access; the most efficacious conditions can then be set to enforce policy, as well as to audit, monitor and report.

Foust refers to this as “context based authentication.”  When a suspicious activity crops up, the system can be tuned to make reasoned decisions and take a series of progressively more aggressive precautions. It can detect, for instance, when a threat actor on the inside begins to navigate over to systems that the legitimate user would never touch.

“The fact that someone would want to do this should throw up a behavioral clue that something’s amiss,” says Foust. “We can certainly detect that.”

I’m convinced that Foust is right about identity being the new firewall. The anonymity engrained in the DNA of the Internet has always been a sword that cuts two ways. And thus far, cyber criminals have enjoyed free reign manipulating authentication systems to their hearts’ content. It’s time for enterprises to step up and take advantage of data analytics-driven authentication systems – or join the list of breach victims.

(Editor’s note: Last Watchdog has supplied consulting services to Optimal IdM.)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone