Event Recording

Identity’s evolving role in cloud security


Log in and watch the full video!

As we emerge from the first wave of digital transformation, most organizations have embraced multi-cloud and hybrid environments. Companies increasingly use digital technologies to transform the actual products and services they sell to their customers, while modern service and app architectures drive adoption of containers and micro-services. These trends pose new challenges and opportunities for security. The number of machine-to-machine interactions is growing, as is the need to establish trust in real time across many distributed systems. In this thought-provoking session, Joy Chik will explore trends that are making identity even more central to modern security.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
Hello. It is always great to spend time with the identity community. And this EIC is so timely because as we all know, identity has become even more mission critical to our increasingly digital society. Over the past year, we saw entire workforces and school systems move online in response to the pandemic. And now many organizations have decided when never going back, they're adopting remote and hybrid work models, permanently something. This community made it possible today. I want to examine three additional mega trends that will have a huge impact on the long term future of our digital society. Identity plays a key role in these trends and that they underscore our community's mission to help people live in a digital world that feels safe, convenient, and the privacy respecting last year, we reached a moment of reckoning as attacks foundation states, targeted government agencies think tanks, consultants and non-governmental organizations.
Criminal syndicates have escalated their threats to our economy and everyday lives with ransomware attacks on critical infrastructure. The data from 2020 is sobering in the us. The FBI received a record number of cyber crime complaints with losses exceeding $4 billion. And in Europe, criminals took advantage of the pandemic to step up social engineering, DDoS and ransomware attacks. According to Europe, they are even joining forces when challenged by law enforcement. These criminal elements are applying significant resources to combine multiple vulnerabilities into methodically orchestrated multi-prong campaigns. With this onslaught from criminals indicates and state actors, cyber crime has reached level of cyber warfare. Me share an example that my colleague Tom Burt wrote about in may. Nobell accessed a constant contact account owned by an agency called us eight to send phishing emails that looked authentic. But these emails included a link to a malicious payload that installed a, a back door so that attackers could steal data and infect other computers. This attack was part of a playbook that no bellum has inspired other groups to adopt. They want to access trusted technology providers to infect their customers. And they're using advanced techniques that are difficult to detect like forging SAMO tokens. Their goal is to undermine trust in the technology ecosystem.
These developments impact every single one of us as policy makers, customers, vendors, and even consumers. We all need to respond and our best weapon against ever escalating a tax is a zero trust architecture. We know based on recent research, that zero trust is top of mind for almost everyone. Many organizations have been focusing their efforts on cloud apps and the modern productivity tools, but the intensity and the sophistication of recent attacks have shown us that zero trust principles must apply to the entire digital estate to protect your building. You don't just lock the front door. You also have to secure any other doors. Enter the windows. And these days attackers are coming through the pipes and the wires. They will in fact, squeezing through any tiny opening to the outside world.
Moving forward end to end zero trust strategy will rely even more on sharing signals across different security solutions and workloads and uncentralized policy orchestration. So as an industry, we need to get better at sharing signals and ensuring interoperability. For example, through standards, this will break down traditional silos in security, defense layers, as security solutions increasingly work together. We have always seen identity work in unison with employ management to verify device state and the health before granting access. And we have seen deep integration of cloud app security brokers with identity for end to end session monitoring and control. Moving forward more services and solutions will become identity aware like network access and the security protocols, so that systems can work synergistically to make better access decisions. And in fact, identity will be the common factor for integrating different solutions into one cohesive security architecture, not only attacks getting more sophisticated, but so are the environments we have to protect.
We started by moving on-premises resources to the cloud as digital transformation accelerated cloud first architectures became the norm and now almost every cloud first organization is multi-cloud cloud first architectures help organizations achieve unprecedented operational efficiency through scale and automation. All it takes is a one liner to execute intricate tasks like downloading an entire data set or building out or tearing down an entire data center. Cloud technologies can also automate access permissions for all kinds of digital entities across all kinds of resources, and then govern that access advancements in personalized digital services use software to match a user's profile with a customer database and then make targeting decisions in milliseconds. Many websites even have chat bots who place orders for you. But on the flip side, cloud native modern architectures with thousands of microservices also introduce risks. A single line of script is enough to cause massive disruption either by accident or by malicious intent.
We now have thousands, if not millions of complex digital entities with virtually unlimited access privileges. These are hard to keep track of some digital entities even have more privileges than administrators. And while we can now deliver more personalized customer experiences, it is a tremendous responsibility to ensure that any personal data accessed and analyzed does not get compromised or misused. Normally we do not think of identity as critical for protecting cloud infrastructure workloads, but as more and more entities operate independently in such complex and high stakes environments, identity is becoming the cornerstone of protecting multi-cloud environments include machine to machine authentication, these independent entities each get their own identity. So as cloud workloads grow, the number of identity is exploding. We need to make sure that interactions between non-human entities are trustworthy, that they can only do what is necessary and that we actually understand everything they can do.
It is easy to get lost. So we need identity driven tools to help us protect resources, apps, services, and data in all types cloud environments and everywhere in between. And this includes the emerging category of cloud infrastructure, entitlement management, or Kim, which helps organizations manage identity, lifecycle and access governance in hybrid and multi-cloud environments. But it is not enough to evolve. Identity's role in security identity itself must evolve today. We still live in the world of enterprise data centers. The first phase of digital transformation that moved intelligence into the cloud was just the beginning. The next big shift is to ubiquitous decentralized computing, which describes the smart cloud plus the explosion of smart devices and the smart things everywhere. When we are surrounded by fast array of smart devices, hubs, and compute power, we need a radically different identity system. There's simply not enough bandwidth for every entity to phone back to a central place and ask, do I have permission to do this, to deliver a delightful experience with speed and low latency, we need a massively decentralized model moving forward.
And we have already started this work. And in fact, we have all been on this journey together for the past few years in a decentralized model, each thing, or entity carries its identity information with it, wherever it goes. It does not depend on a centralized authority by making identity information, portable a decentralized model balances, the needs of identity subjects with the needs of entities, that issue, and a verify information. The result is a model that will improve performance, trustworthiness and control performance, and reliability will improve because issuers no longer need to be involved in. Every transaction trustworthiness will improve because entities can validate both the issued information and the rightful subject control will improve because subjects determine when and how their information is shared. A fully decentralized world will facilitate all kinds of user experiences and as exciting as it is to see this vision becoming real. We know we have more work to do. For example, on standards before organizations can take full advantage of the coming shift, the community has been conducting initial pilots. The feedback has been enthusiastic enough so that we need to accelerate our progress so that governments, enterprises, and even small businesses and individual citizens can fully commit to a decentralized model.
What are an exciting time to be working on identity? We have played such a crucial role in helping the world stay productive during the past year. And now we're becoming that linchpin of security and that the centerpiece of a more secure, efficient and a privacy respecting digital society identity is still the most popular attack factor. And the one component that ties everything together. So it is up to those of us who build and implement identity systems to work closely with security solution providers, infrastructure vendors, and the software developers to ensure that customers can adopt a comprehensive zero trust strategy and to deliver on this identity standards that enable interoperability are more important than ever. And so are automation friendly tools that optimize remediation whenever there's an issue, the writing is on the wall. We're moving from centralized cloud first architectures to ubiquitous and a decentralized computing with a small cloud plus an explosion of smart devices and things. This kind of paradigm shift only comes along once every decade or so. We are all hard at work on a new type of identity system that creates the trust fabric for this next big shift.
If all of this feels like a monumental undertaking, that's because it is. And if it's also feels terribly exciting, that's because it is. And as with any huge task, we have to start somewhere. Those of us building solutions need to participate in working groups, creating identity standards, like skim, continuous access, evaluation protocol, and OS proof possession. The more participation we have in these groups, the more likely we'll get this right. Given the state of cyber warfare, we need to work even more closely together so that our solutions can better interrupt and share signals. And this is how we protect our customers end to end. And if you are a customer, keep giving us feedback as your needs evolve. As we collectively build a decentralized future, we need to prioritize open source solutions and share learnings so that we can start the new era with a solid foundation, rather than with a fragmented word. This is our opportunity to build a better digital ecosystem for the next generation. So let's do it. Thank you.

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00