Hed Kovetz is the CEO and Co-Founder of Silverfort, provider of the first Unified Identity Protection Platform, and a cybersecurity expert.
getty
As organizations adopt cloud technologies and transition to hybrid networks, there's a growing need to unify the management of secure authentication and access for different user identities.
Enterprises have traditionally used identity and access management (IAM) solutions to manage users and assets. The growing adoption of cloud technologies requires enterprises to work with multiple identity management tools in parallel. For example, separate solutions are required for managing:
• Cloud and web-based applications (or more than one, in some multicloud environments).
• On-premises systems.
• Controlling access at the perimeter.
• Privileged access.
To complicate matters, these various IAM solutions, including cloud Identity Providers (IdPs) and on-premises directories, can't talk to each other (due to both technical and competitive reasons). This creates multiple identity silos that only solve one piece of the problem and deliver different security controls, visibility and user experience. There's simply no way to centralize the management of user authentication and access between all these IAM components.
Today, even organizations with the most modern IT frameworks are looking for a way to establish a more comprehensive framework that can orchestrate identity and authentication management across hybrid-cloud environments. A concept known as unified identity protection centralizes the management of identities and access in a single platform.
Implementing unified identity protection is difficult to achieve using a do-it-yourself approach since there's no single standard for identity management systems to interoperate. This prevents organizations from having a global view of identity and a consistent way to manage user access enterprise-wide. New IAM solutions are available that can act as a bridge between incompatible identity systems, allowing security policies to be enforced in a standard way for cloud resources and on-premises resources.
Some of the benefits of unified identity protection include:
Clear visibility into the behavior of users across hybrid networks. This is critical to spot early warning signs of malicious activity and compromise. Detection and response can limit the blast radius of a compromise but siloed IAM solutions create a visibility gap. In addition, a consolidated audit trail that tracks activity across both on-premises networks and cloud environments provides better context and improved detection of anomalies and malicious behavior patterns.
Extending modern Cloud IAM protections to legacy on-premises resources. One example is multifactor authentication (MFA), which makes it difficult for attackers to access protected resources even when they have stolen valid user credentials. While cloud identity systems provide MFA enforcement for secure user authentication, on-premises directories don't offer this control, making it much more difficult to secure assets that reside inside the network with MFA.
Applying conditional access and risk-based authentication policies using on-premises IAM directories. Again, these capabilities are only available from modern Cloud IdPs. Today's threat landscape requires secure authentication and access both inside and outside the network perimeter to prevent compromise and data theft, which is one of the key elements of any zero trust security strategy.
Providing a better user experience. Since each IAM system for accessing cloud and on-premises resources provides a different user experience, this can disrupt workflows and lead to users finding ways to bypass authentication measures, which is obviously dangerous. A unified approach to IAM not only provides a consistent, less confusing experience but also means that users no longer have to authenticate multiple times, with a different sign-in method just because they're accessing resources that happen to be managed by different IAM solutions.
To implement a unified identity and authentication framework that spans on-premises and cloud resources, consider the following best practices:
• Look for a way to create a consolidated audit trail that tracks all user activity across all IAM solutions, both on-premises and in the cloud.
• Analyze the user activities to understand behaviors and detect anomalies and suspicious activity.
• Implement unified security controls to verify users everywhere, with a zero trust approach and block unauthorized and malicious access in real-time across all systems and environments.
As IAM and cybersecurity concerns grow with the shift to hybrid environments and remote workforces, it's not a question of whether organizations should consolidate their IAM infrastructures but rather how. With the ability to unify and enforce policies holistically and consistently, organizations can transform chaos into order.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
