The shift to a hybrid IT environment presents a fresh security challenge to enterprise organisations, particularly when it comes to identity management.
Making sure an authorised user has access to the right data in an authorised format at an authorised time and from an authorised location is difficult enough. Now, security teams are charged with authorising not just people, but anything that is network-connected: applications, machines, internet of things (IoT) devices and even data itself. On top of that, there are the breadth and diversity of the hybrid IT environment, which encompasses traditional legacy data facilities, multiple cloud solution providers, platform as a service (PaaS) and software as a service (SaaS) providers, and even operational technology (OT) solutions.
The hybrid IT environment promises to deliver dynamic capacity, flexibility, security and cost efficiency to the organisation. But these benefits can only be realised if applications are transformed to take advantage of new capabilities and if processes are reimagined to leverage and secure business data efficiently and effectively.
And it is also critical to note that the move to an “always-on” hybrid IT environment comes with a cost — an exponentially increased number of attack vectors for malware and other threats.
By following these six best practices, organisations can successfully integrate identity management into the hybrid IT environment:
- Adopt policies: Identity and access control policies should incorporate the explosive growth of bring-your-own-device (BYOD) practices and the requirement to extend policies to service providers.
- Start with identity: In a hybrid IT environment, an organisation’s ability to accurately authenticate each user’s identity is essential. It is also critical that the identity management system is able to quickly determine which workloads, applications and datasets each user is entitled to view, change and share.
- Apply artificial intelligence (AI): AI and other analytics tools can correlate security telemetry to information stored in the organisation’s data lake so as to provide an integrated view of the total data pool, not just the data in a single environment. In addition, by analysing this data, AI tools can detect urgent security threats and predict where attackers might be likely to strike in the future.
- Embrace hybrid thinking: Organisations should identify workloads that can be migrated to the cloud and understand each workload’s enterprise security requirements. Identify the cloud platform that these apps would be moving to and its architectural capabilities.
- Adjust existing approaches: Providing coverage for identity and access management, data protection and data privacy both on-premises and in the cloud requires that organisations adapt their current security approaches and solutions.
- Training is key: It is critical for organisations to provide IT staff with adequate training and experience in how to successfully plan and manage IT programs in the hybrid IT environment before making production systems reliant on cloud technologies.
Technology alone cannot solve the problem of identity management in a hybrid IT environment. A combination of solid security practices and philosophies across people, processes and technology will make for a robust and future-ready identity management solution.