Another day, another massive security breach. Most recently, hackers exposed a security hole in Apple’s iCloud that grants unauthorized access to lost and stolen iOS devices. eBay suffered a crippling cyberattack that compromised its main database, forcing all users to change their passwords. And AOL confirmed a significant security incident involving unauthorized access to the company’s network and systems.
When even the most powerful Internet companies are vulnerable, it’s time to ask if traditional security measures—such as antivirus software, passwords, VPNs and firewalls—are still capable of doing the job.
Unfortunately, the answer seems to be a resounding ‘no’. This is not surprising given the increasingly nebulous nature of the corporate data center.
The data center has expanded to include cloud and mobile environments, with many employees accessing work-related services and data on their own devices. As a result, enterprise data has become exponentially harder to secure because so much is now happening outside the traditional security perimeter.
So here’s the question: how do we lock down this expanded work perimeter without losing productivity and without opening the door to more security breaches? Clearly, a new approach is needed to protect today’s cloud-based, mobile enterprise.
I would argue that organizations must begin by securing the person—an individual’s identity—as the first line of defense, rather than the corporate network.
Why? Because applications and data are increasingly controlled by a host of cloud providers—and are increasingly outside the control of corporate networks. However, the ability to authenticate users into those cloud-based and mobile environments remains the one central point of control. That, in my mind, is precisely why identity management is becoming the new security.
From a security standpoint, it no longer makes sense to distinguish between what happens inside the four walls of an organization and what happens outside. The old security perimeter has been blown to pieces. If organizations want to protect their data going forward, they first need to manage and secure the identities of their users.
With the traditional perimeter in tatters, organizations need to think differently about how they manage security and user identities. They no longer need to care about where their users are physically. Instead, they need to ensure that users really are who they say they are. In this new paradigm, user authentication is paramount—and the best way for organizations to keep their data and applications secure.
By adopting a centralized approach to identify management, organizations can finally begin to create a new perimeter that fully protects the business across the complete distributed IT environment of data center, cloud and mobile.
By Paul Moore, Chief Technology Officer and Founder of Centrify
Paul Moore is co-founder of Centrify and serves as its Chief Technology Officer, where he provides the technical vision for its award-winning software and cloud security solutions. Prior to Centrify, he was Vice President and Principal Architect for next-generation storage management products at Computer Associates, and prior to Computer Associates Moore was CTO of Netreon. Prior to Netreon he was a Program Manager in Microsoft’s Windows 2000 development group, where, among other things, he drove the integration between Active Directory and the Windows 2000 enterprise print subsystem. Moore also represented Microsoft on various industry standards committees, and authored several RFCs and other industry standards. Before joining Microsoft he spent 20 years in a wide variety of software development and consulting positions for companies including Hosykns Group (Cap-Gemini), BAT, AT&T, Nestle, the U.S. Navy, the U.S. Air Force, British Petroleum, Hamlet International PLC and Honeywell. Moore holds a Bachelor of Science degree in Math and Physics from the Open University, Milton Keynes, UK, and is a fellow of the Institution for Analysts and Programmers in the UK.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.