Ride the Lightning

In the Cloud, Identity Has Become the Perimeter

August 2, 2018

I hadn't heard the phrase in the title until recently – another tip of my hat to Dave Ries.

For others who may not know of this concept, I refer you to a July 27^th post on DARKReading. In the post. Eric Olden, Oracle's new senior vice president and general manager of security and identity, discusses how Oracle plans to operate in a cloud-first world.

Oracle, a company with a long history in enterprise identity, now faces the challenge of adjusting its approach to security amid the transition to the cloud. Oracle's portfolio comprises, in part, a lot of identity management and cloud security products that include cloud-based enterprise software and Cloud Access Security Broker (CASB) solutions.

Whereas businesses used to be able to build their own data centers to protect their information and applications, and put up firewalls for security, the cloud is forcing them to change their approach, Olden says. Combined with the fact that most people are going mobile, it's time for defenses to evolve.

"We've pushed the notion of a post-perimeter world where the identity has become the perimeter," Olden says. "It's something I've seen coming for 20-plus years, and now we see it all the time." More and more businesses are flocking to the cloud, many after deliberating about it for years.

But once an organization begins its cloud transition, the volume and velocity of data can quickly overwhelm traditional manual approaches, Olden says. Moving to the cloud isn't a pilot project, and it's not something people can constantly watch for security alerts. Businesses are overwhelmed "with a sheer amount of noise," and the ability to detect threats in the chaos can't be done by humans alone, he adds.

Hackers see the opportunity to exploit vulnerabilities with increasingly sophisticated tool sets and new attack techniques. "We're past the days of writing a virus," Olen says. "Now we're talking about very organized operations trying to get identity data. [They] want the keys. Identity data is incredibly sensitive." Backing this up is a recent Threat Report 2018 from Bomgar, which finds that 62% of breaches are linked to the misuse of insider credentials.

Many organizations feel as if they're bringing a knife to a gunfight when they go up against advanced adversaries. Rather than feeling exposed and outdone, Olden explains, they should aim to reduce the time needed to detect and remediate threats.

How has Oracle adjusted its security strategy in response to the rise of cloud? Olden first points to the way in which customers receive updates for products such as the Oracle Identity Cloud. "We can push new capabilities and features into the cloud, and all of our customers get access to them immediately … that's a game changer," he explains. Oracle, for many years, abided by the enterprise software model of annual releases and planned upgrades for clients. The cloud has driven the level of agility, Olden says.

Oracle is also amping up automation and machine learning across its portfolio. Its CASB tool is an example: Once used to monitor activity in the hybrid cloud and detect abnormal behavior, it can now be used in authentication tools to automatically recognize rogue logins. If a CASB identifies suspicious activity, it can trigger multifactor authentication for the device. That too strikes me as a game changer.

By automating multifactor authentication, Olden says, you reduce the time to detect and remediate threats and eliminate passwords, which are "always the weakest link."

Identity as the new perimeter in a cloud world makes perfect sense. Well worth thinking about this, whether you are already in the cloud or positioning to move to the cloud.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson