Moving to Multi-Cloud? Time to Rethink Identity, Access Management

eWEEK DATA POINTS: Except for a few mission-critical processes that will remain on-premises because they require intense oversight and control, much of an enterprise’s workloads and data soon will be spread across multi-cloud environments.

eweek.logo.DataPoints-UPDATE

This could be the decade that the data center’s reign of influence begins to fall and multi-clouds come into larger influence. A multi-cloud strategy, which incorporates cloud services from multiple vendors, promises plenty of benefits, including improved resiliency and flexibility that makes it easier for enterprises to meet various application and data needs. 

But there also will be operational challenges. Expect security, and specifically identity and access management (IAM), to be one of them.

Gartner has predicted that by 2025, 80% of enterprises will have shut down their traditional data center, versus 10% today. Except for a few mission-critical processes that will remain on-premises because they require intense oversight and control, much of an enterprise’s workloads and data will be spread across a multi-cloud environment. Users will access applications from a range of devices from multiple locations, making it more difficult to secure, control, track and manage access to applications and services. 

Without a comprehensive IAM plan, an organization could be more vulnerable to attacks and data breaches.

Instituting the right IAM strategy now, in concert with an evolving multi-cloud architecture, will help protect threats and ensure that the right users have access to the right information when they need it. In this eWEEK Data Point article, we offer the following key recommendations, which originate from industry information provided by Insight Enterprises.

Data Point No. 1: Get Your ID Store in Order

IAM solutions are designed to make sure only people appropriately identified and cleared can access an enterprise’s systems and services. In an increasingly complex IT environment, an identity and access management solution must include an ID store that supports both on-premise systems and cloud services. Unfortunately, too many companies still rely on Microsoft Active Directory as the single source of truth for the IT services they provide. This needs to change.

Data Point No. 2: Active Directory Isn’t Flexible Enough

As companies begin to adopt multi-cloud architectures, they’ll soon discover that Active Directories are not flexible enough to support identity and access management, nor can they keep up with the growing number of potential threats. Integrating an identity software product that can manage users’ digital identities, credentials and groupings with Active Directory may work as temporary solution, but as user passwords and access rights are dispersed across on-premise and cloud-based systems, things can get pretty complicated pretty quickly, taxing even the well-resourced IT team.

Data Point No. 3: Consider Extending Active Directory to Azure Active Directory

If you haven’t already done so, it may be time to extend Active Directory (AD) to Azure Active Directory (Azure AD), Microsoft’s multi-tenant cloud-based directory and identity management service that enables Single Sign-On (SSO) access to on-premise and cloud applications, putting users through an authentication process to prove that they are who they say they are. It uses multi-factor authentication, a two-step identity verification system that requires two or more of the following methods: Something you know (password), something you have (trusted device), or something you are (biometric screening).

Data Point No. 4: Embrace Zero Trust

The premise of zero trust has been around for several years; the first model was defined by John Kindervag, at the time a principal analyst at Forrester Research Inc., in 2010. The idea is that when it comes to securing enterprise systems and data, no user–internal or external–can be trusted. Security threats are much more sophisticated today and are impacting organizations at greater rates than ever before. Malware such as phishing,  email phishing and drive-by downloads–which can occur when visiting a website, viewing an e-mail message or by clicking on a deceptive pop-up window–put an organization’s identity and authentication at increased risk. Once an attacker gets a working identity and authentication method, he or she can do almost anything, including system damage, data leaks and destruction and more. A zero-trust network that rethinks approaches to resource access is quickly becoming a necessity.

Data Point No. 5: Move Away from Passwords

Part of the move to zero trust should include a decision to move away from passwords, which are still widely used. Passwords are typically too weak or often re-used, making them vulnerable and difficult to manage. As such, they don’t deliver robust enough security for sensitive systems and confidential information. A passwordless approach eliminates this problem by removing the need for users to remember passwords and for organizations to store them. There are several ways to go passwordless, including adopting biometric authentication like touch ID  and face recognition, and token-based methods such as mobile app authenticators or secured USB keys

Data Point No. 6: Control Your Multi-cloud Strategy

Of course, distributing an enterprise’s workloads and data across larger numbers of clouds operated by different providers and located in various geographic regions can increase the complexity of IAM. IT staff will have to learn how to manage, provision, control, track and synchronize the systems in each environment, and such a highly distributed operation can easily become an operational challenge. Things can get even more messy, and risky, if an enterprise’s multi-cloud adoption develops in an ad-hoc manner.

Multi-cloud best practices include working with existing cloud partners, adopting orchestration tools, controlling the risks of shadow IT and keeping the number of cloud environments to a minimum by adding only those clouds that support and elevate an enterprise’s business goals.

Data Point No. 7: So, in Conclusion ...

With multi-cloud adoption on the rise, IAM is becoming increasingly important in order to protect against insider and outsider cyber threats and to ensure that the only the appropriate users can access the resources they need, when they need them. 2020 is the year to get identity and authentication right. It’s time to develop a comprehensive IAM strategy that includes an advanced ID store, zero trust, and controlled multi-cloud adoption.

If you have a suggestion for an eWEEK Data Points article, email cpreimesberger@eweek.com.