How Can Identity Help Your Organisation Reach Its Cloud Adoption Goals?
The race to the cloud has been underway for over a decade, but in the past two years its pace has picked up. According to the Cloud Industry Forum’s latest research, as many as 94% of global companies now rely on cloud services for at least some portion of their IT infrastructure or mission-critical applications.
Decision-makers have long been aware that taking advantage of cloud resources brings major benefits to businesses, including enhanced productivity, greater operational efficiency, improved agility and new opportunities to innovate. A growing numbers of organisations are realising these benefits, while their customers have come to expect rapid and ongoing innovation.
In the past, worries that cloud environments were inherently less secure than on-premises ones frequently slowed down cloud adoption. However, such beliefs are no longer widely held.
In fact, 61% of CIF survey respondents said that they believed that using cloud services would improve their organisation’s security posture. Nonetheless, security concerns remain top-of-mind for business leaders navigating cloud transformation projects.
Although myths about the cloud’s security risks have largely been dispelled, the fact remains that securing cloud applications and infrastructure requires new ways of thinking, designing security architectures and maintaining visibility.
The cloud may not be less secure than a legacy on-premises environment where all assets are behind a firewall, but security is different in the cloud. Modernising your approach to security and identity management can eliminate some of the major roadblocks inhibiting your organisation’s journey to the cloud.
Here’s how:
Making the Shift to Zero Trust
Moving to the cloud typically opens conversations about Zero Trust.
This is only logical.
Once your organisation’s IT architecture no longer fits into a model where it’s possible to offer near-unlimited access to an internal network to trusted identities, you’ll need to reconsider the framework upon which your security strategy is built.
When the concept of Zero Trust was initially introduced by Forrester Research in 2009, the core idea was that network security needed to evolve to stop trusting packets as if they were people and instead make security ubiquitous throughout the digital business ecosystem.
The limitations of the technology of the day meant that, in practice, adopting a Zero Trust model involved deploying large numbers of next-generation firewalls (NGFWs) to divide networks into tiny segments.
The cloud’s architecture renders this model entirely unfeasible: it’s simply impossible to deploy a firewall in front of every Software-as-a-Service (SaaS) application that your business relies on.
Since then, the Zero Trust approach has evolved from a focus on networks to a focus on data, which is far more relevant in today’s cloud-based, distributed IT ecosystems.
Not only can data now reside anywhere, but its value is better understood, and stakeholders realise that security architectures must be designed in accordance with an “assume breach” mindset. You can no longer assume that you can blindly trust any identity—whether it’s a human or a machine.
Managing identity is necessarily at the core of a Zero Trust strategy in the cloud.
Because there’s no longer a perimeter to defend, it’s crucial to maintain strong authentication, visibility and control whenever a user accesses a resource—regardless of location, or which devices and applications are involved. The right identity strategy ensures that people will always have the right level of access to the right resources at the right time, all without adding friction for the end user or risk for the organisation.
Continuously Assessing Risks Based on Context
Implementing best-in-class cloud security requires more than the adoption of a unified identity and access management (IAM) platform (though this does provide a foundation).
It’s important to be able to enforce consistent policies across on-premises applications and your SaaS ecosystem, and to be able to match up all those disparate identities within a single centralised identity cloud,. It’s also critical to enable that IAM solution to make the best-possible decisions about whether to grant access, trigger multi-factor authentication (MFA) or deny an access request—every time.
In order for the IAM solution to be able to achieve that aim, it needs to be able to integrate signals from a wide variety of other software applications and security tools. This gives it the rich contextual awareness that’s needed to provide end users with frictionless experiences when risks are low, while preventing small-scale incidents from progressing into damaging breaches when they’re higher.
For instance, if a cloud access security broker (CASB) detects a high-risk event that’s taking place within a specific SaaS application, the IAM solution can prompt the user to enter an additional authentication factor before allowing the session to proceed.
This concept has been championed by analyst firm Gartner, who established it as the foundation of Continuous Adaptive Risk and Trust Assessment (CARTA).
CARTA is a strategic approach to security that focuses on continuous re-assessment of risks and ongoing contextual decision-making based on those risk assessments. CARTA adds on to basic tenets of Zero Trust by incorporating dynamic risk assessment into access decisions, as well as flexibility and adaptability. This enables frictionless user experiences and robust security for SaaS applications as well as on-premises IT assets, ensuring that your global workforce can stay productive as cloud migration progresses.
Accelerating Innovation
For most enterprises, cloud transformation is ultimately about enhancing the organisation’s ability to innovate. The CARTA and identity-based Zero Trust approaches to cloud security enable organisations to build efficient, modern IT ecosystems without compromising security. Relying on a vendor-neutral partner like Okta makes it possible for every business to choose the technologies that best fit its individual computing ecosystem and business goals. This isn’t just about integrating with the tools that you’re already using; it’s also about whatever you might choose next.
The extensive array of integrations that Okta supports include:
- endpoint protection and endpoint detection and response (EDR) solutions
- automated toolchains used in DevOps and DecSecOps pipelines
- Zero Trust Network Access (ZTNA) platforms
- CASB and Secure Access Service Edge (SASE) solutions
- SSO into more than 7,000 SaaS apps and provisioning into 250+
- public cloud computing infrastructures
These days, every company has to be a technology company. Moving to the cloud can empower you to innovate at the speed that today’s customers expect, but it will also demand ongoing flexibility and adaptability.
By nature, a good cloud security program is always evolving. The threats are always changing, and they’ll continue to do so for the foreseeable future. To keep up in the short term, you need to be able to quickly respond to events as they occur. But to keep pace over the longer term, you’ll need to be able to divest from technology stacks that no longer meet your needs and move to new ones as requirements change
Discover how Okta helps remove the headaches from cloud adoption allowing you to transform IT efficiency, improve workforce productivity and deliver secure always-on access by clicking here.
Read our eBook where we explore seven ways an identity-first approach can accelerate your IT modernisation ambitions to increase growth, mitigate rising security threats, and help ensure your organisation continues to thrive in the digital era.