The rise of bring-your-own-device (BYOD) and bring-your-own-app (BYOA) is causing a fundamental shift in the way we think about corporate security, said Gil Kirkpatrick, chief technical officer at identity and access management firm ViewDS.
“We used to have corporate perimeters bounded by firewalls,” said Mr Kirkpatrick. “With the consumerisation of IT, those borders don’t exist anymore. Our applications have to accessible to anyone at any time using any device.”
This means where there used to be a defined security perimeter, the border is now defined by identity and access management.
“With the move to the cloud, there is an idea of identity as a service,” he said. “That means basic identity management, single sign on and access control for public cloud applications.”
Mr Kirkpatrick said that companies like Microsoft with its Azure platform, and Amazon, with its AWS platform, are doing a good job with this basic identity and access management.
The issue is that many large corporates and government entities aren’t using a single public cloud instance, and often are relying on a mix of on-premise, public cloud, hybrid cloud and private cloud.
With the old on-premise infrastructure, such as Oracle, there is a move to connect it to the public cloud, but according to Mr Kirkpatrick, that’s a short term approach. It’s something that may work well for securing the borders in the future.
“On premise will morph into a private cloud and we will have a multi cloud situation,” he said.
“What we will end up with is that some of the legacy data centre services don’t make sense to upgrade and so they will be managed through a private cloud in corporate data centre”
When it comes to identity and access management, however, there are reasons to avoid the systems sold by the large cloud vendors, and concentrate on smaller, cloud-independent third party applications offered by those such as Mr Kirkpatrick’s company.
“There are problems with outsourcing ID systems to cloud because it locks you in to ID services and applications, and you need your ID services to run close to the applications,” he said.
“The answer is to put the ID services in the cloud where it makes sense, where it’s close to users and close to the applications who are using it,” he continued.
According to Mr Kirkpatrick, the real thing lacking in cloud ID services is the fact that although they can control access to their applications, they can’t control access to the applications a company may have hosted in, or connected to, the cloud.
If you have an on premise ERP application, for example, a cloud ID service won’t allow identity and access management, while a third party application can.
He is also bullish about the general move away from passwords, which are generally considered weak and vulnerable to hacking techniques such as social engineering, towards two factor authentication.
The gold standard, however, is biometric validation, such as is implemented on the latest Intel and Windows hardware, using Windows Hello.
“Biometrics are where things are going,” he said. “That is what we are going to be promoting because it’s secure and easy to use.”
ViewDS Identity Solutions is a valued partner of InnovationAus.com’s Open Opportunity forum to be held in Canberra on Thursday, November 30.