HYBRID IT - RADIANT LOGIC

Identity Data Fabrics: The structural integrity supporting hybrid cloud environments By Chad McDonald, CISO at Radiant Logic

  • 2 years ago Posted in

As businesses are constantly pursuing rapid digitalisation, cloud migration has become one of the biggest priorities today. As a result of this demand, the cloud services industry is predicted to be worth over $1251.09 billion by 2028.

However, cloud migration is often a complex process, especially for larger enterprises with millions of data points scattered across multiple sources. Our research found that almost 70 percent of organisations are still in the middle of challenging cloud migration projects, and 26 percent have planned for cloud migration but are yet to start implementation.

With cloud migration largely being a work in progress, most organisations are operating with hybrid environments which further increases the complexity of the IT estate, and can create gaps and blind spots that can be exploited in cyber attacks.

To successfully achieve cloud migration without opening the doors to potential threat actors, these organisations need to effectively address the challenges associated with managing and controlling identity across their digital and hybrid infrastructure, as well as reducing the complexity of Identity and Access Management (IAM).

Efficient identity and access management is critical for cloud migration

Identity data is at the core of every cloud service operation. Whether you are defining access privileges or managing databases, identity is the key to most digital activity.

However, managing identity is complex, especially in a hybrid cloud environment. Enterprises today use multiple systems and applications, which have many accounts originating from different sources. Within one organisation, a single user can have several user accounts across platforms like Active Directory (AD), HR systems, databases, any SaaS platforms, Lightweight Directory Access Protocol (LDAP) directories, and any legacy systems. Now imagine the complexity of managing the myriad of user accounts across potentially millions of users.

Managing all these different identities across different systems is a nightmare for IT teams. The problem becomes more severe when cloud applications need to be integrated with on-premise systems in a hybrid setup. It becomes stressful to manage “Who has access to what”, as crucial identities are often scattered across on-prem and usually potentially disconnected systems, which means applications and protocols can’t communicate effectively with each other. In fact, our research found that for 52 percent

of tech executives, the manual provisioning and de-provisioning of access was the biggest cause of headaches when it came to IAM.

Scattered identities can create critical cyber risks

Having disjoined identities across multiple cloud and on-prem systems can lead to several problems like identity duplication, overprivileged access, and ghost accounts. It restricts security teams from having acute visibility over the entire IT infrastructure.

On the user end, it creates the issue of repeated verification and multiple sets of credentials. Without a single sign-on (SSO) system, employees need to verify their identities every time they want to access a different system. This leads to inefficiencies and often reduces productivity, with 64 percent of users stating that they are frustrated with needing different credentials to access different business applications.

More importantly, all of these issues can lead to significant vulnerabilities across hybrid set-ups, allowing threat actors to plot and carry out malicious cyberattacks potentially without being detected. Disjointed identities critically hinder the threat monitoring process. Security teams often fail to keep track of privileged accesses. Moreover, when an employee exits the company, it creates significant complexity for IT teams, as they have to manually find and delete all identities tied to that employee from every system, both on cloud and on-prem.

Scattered identities also make it challenging for security teams to detect red flags - a user accessing multiple accounts at the same time from different locations, or a former employee accessing business accounts. With constant changes in the workforce, manually managing access privileges can also leave the firm lagging behind and exposed to critical threats. For instance, when employees change their roles, their access privileges need to be modified to reflect these changes. However, with user accounts scattered across multiple disjointed systems, such processes often get overlooked - leaving organisations with stale or over-privileged accounts that can be exploited by cybercriminals.

Creating a unified single source of all identities

To successfully complete cloud migration and efficiently manage hybrid set-ups, organisations need to establish a single source for all identities across the entire ecosystem. We define this approach as creating an Identity Data Fabric- unifying all identities in one layer.

Automated solutions can help organisations to discover and collect all user accounts across the business network. From there, similar individual identities can be mapped to an abstraction layer and merged into a single profile, and that profile can be granted access to all required assets. Subsets of identity data, whether attributes or actual identities can be presented to relevant systems rather than providing access to the full landscape of identity data providing an additional layer of security during the transition to the cloud.

Implementing this framework will allow security teams to have clear visibility over the entire organisational network, and easily identify the true level of access associated with each user across multiple systems and applications.

Using Identity Data Fabric will allow users to seamlessly access the required systems without having to verify and authenticate their identities every time they access a different system, thus increasing productivity and efficiency. It will also help IT teams more effectively manage changes in access privileges. When an employee leaves the company, simply deleting their profile will remove their access to all organisational assets.

Unifying all-source identities will also create better scope for IAM automation. When all access privileges are linked to single unique identities, automated processes can reliably handle HR processes related to changing job roles and employee exits.

Establishing Identity Data Fabric can improve all aspects of cloud migration and help organisations to achieve better control over their digital infrastructure, without exposing critical business assets to malicious threat actors.

By Martin Hosken, Field CTO, Cloud Providers, Broadcom.
By Jake Madders, Co-founder and Director at Hyve Managed Hosting.
By Terry Storrar, Managing Director at Leaseweb UK.
By Dave Errington, Cloud Specialist, CSI Ltd.
By Rupert Colbourne, Chief Technology Officer, Orbus Software.
By Jake Madders, Co-founder and Director of Hyve Managed Hosting.