Identity: The New Perimeter
In the episode of the Risky Business Podcast entitled “Identity as the New Perimeter,” Patrick Grey interviewed Sami Laine. Sami Laine is the director of technical strategy for Okta – which is a company that provides access management and identity services to various industries. As both of them mentioned, identity and access management can be very boring and dry to most people. While the whole process is still somewhat tedious, the advent of the COVID-19 pandemic has made the idea of identity and access management a little bit more interesting. From this point of view, Sami believes that identity is the new perimeter.
Evolution of the Network Perimeter
To get a better understanding of what he means, one would also need to get a better understanding of the idea of a network perimeter. As Cloudfare states, a “network perimeter is the boundary between an organization’s secured internal network and the Internet — or any other uncontrolled external network.” If you were to look at a network perimeter in the late 90s (or even the first decade of the 2000s), it was probably pretty simple to define. That was because it was primarily geographically centralized. Over the past ten years or so, things have been moving more and more to the cloud. Companies are now accessing the cloud and using services through it (such as software as a service) as a means of production.
This is all fine and well. It’s more cost-effective and efficient for industries because they no longer have to purchase physical servers and spend enormous amounts of money to maintain them. And, when COVID-19 had everyone working from home, the cloud was a Godsend. Employees were no longer tied to their computers in an office or a cubical. They could access everything from the comfort of their own home.
Identity Management: A Critical Solution
Even still, this raised concerns about safety and security. With the cloud, employers may have not had access to every piece of technology that an employee was using to do their job (a cardinal sin in the IT and cybersecurity world a decade ago). They were accessing the network remotely, and things like user behavior analytics could be changing faster than IT could keep up(for example, a user could sign in one place one day and sign in somewhere else three hours later the next).
This is why Sami stated the thesis of the podcast – identity is the new perimeter. An identity that has proper authorization and authentication is needed to keep the virtual network safe. This includes proper care of the identity life cycle as well. Later in the podcast, both Patrick and Sami mentioned “orphan accounts.” Some organizations have these types of accounts that have access way beyond the least privilege. Of course, this can (and should) be considered improper identity management and should be thought of as a detriment to the network.
All in all, I agree with Sami Laine. As mentioned before, the world of IT has branched out far beyond a physical office setting. Going into the future (especially with more employees working from home), virtual networks are going to need to be protected even more fiercely. A proper identity management system can do just that.