Five ways security teams can more effectively manage identities in the cloud


Managing identities in the cloud has been described as a “big mess” by many security pros – and that’s why SC Media decided to focus on this issue as we celebrate Data Privacy Day.

For starters, the comparatively orderly on-prem days in which all identities were managed by Microsoft Active Directory, or network admins could geo-locate an employee based on an IP address that was in the company’s building are long gone.

Rather, the confluence of the cloud accelerated by the pandemic moved companies outside the building, where they are now managing hundreds of applications and data sets, and permissions and access right for all those applications and data.

“For just AWS alone, a company may have 100 different applications,” said Frank Dickson, vice president for security and trust at IDC. “Someone may have access to Salesforce, but only to the files for their customers. So think about the exponential scaling of that complexity across multiple applications and you begin to understand how challenging managing identities in the cloud has become.”

Based on interviews with Dickson and other security pros here’s a list of tips to consider for managing identities in the cloud.

  • Invest in core identity technology. Dickson said once a company gets past 100 users, managing identity becomes unwieldy. Businesses need to invest in a tool such as Okta or Azure AD that can automate the management of all the cloud-based identities – and that’s especially true for large organizations with hundreds, if not thousands of users.
  • Consider cloud identity management tools for IaaS and SaaS. There’s no one-size-fits-all solution to managing identifies in the cloud, said Dickson. There are products from the likes of CrowdStrike, Microsoft and Sonrai Security for example, under the umbrella of cloud infrastructure entitlement management (CIEM), that let different teams and developers implement least privilege access at scale. It lets security teams grant access to a specific segment in public cloud environments, and it can do this across all the major public cloud environments, such as AWS, Azure and the Google Cloud Platform. And then there are tools known as SaaS Detection and Response…

Source…