It’s time for corporate network security to shift to an identity-centric architecture. To build a future-ready identity-based corporate network security architecture, companies cannot remain on the network-centric model.
The rise of identity theft has made access to network-centric infrastructure a far greater risk − something that applies in the real world as much as the online one.
Organisations need to redesign their architecture to channel threat actors into an environment they control.
By designing an identity-centric architecture, they channel every individual accessing a given platform to a central “place” − one access point. This is especially vital in a world where the network has become software.
The software as a service (SaaS) market is growing rapidly. Fortune Business Insights predicts the market will grow from $130.69 billion in 2021, to $716.52 billion in 2028 at a CAGR of 27.5%.
SaaS has an inherent identity architecture − the software perimeter is identity, not physical infrastructure.
The perimeter is wherever the user is, rather than being static.
That’s as opposed to existing, less mature environments which still use network perimeters as their starting point. The move to identity-centric security architecture needs to be embedded in cyber security strategy, and requires a fundamental cultural shift, followed by an evaluation of current infrastructure. But what is identity-centric network security?
Think of it like a records room in a legal firm where confidential client data is stored, with access to the room from both accounting and client service departments.
Access control in the traditional model happens at the perimeter of the office, and the records room is automatically open once you’re inside. The identity-centric model reduces the number of access points from two ‘doors’ to just one.
That’s because you need to scan your keycard and prove your identity even if you’re coming from client service or accounting. You are the perimeter.
The network-centric security model views the architecture as a closed system with boundaries protected by firewalls. Like an office space with multiple external access points.
In an identity-centric scenario, the focus shifts away from the physical network, and it’s the individual who is authorised.
Access to resources is similar to social media platform access (like Facebook), or online banking access. For any given URL, you need a username and password, and possibly two-factor authorisation.
The perimeter is wherever the user is, rather than being static. It exists by default every time a user accesses a resource. Your identity is the key to that resource, and the system’s premise is “zero trust” − until you have identified yourself.
Identity-centric architecture limits the threat by reducing the number of “doors” to the system from multiple potential access points to just one − the user identity.
No longer will access to one system automatically entail access across multiple resources (in this world, one might go to the server room and pull out cables when a threat is detected!)
In the new world, single-sign-on technology maintains user convenience, but the user has to prove their identity every time they move between platforms.
In terms of response, this means moving from understanding what system was compromised to what ID was used to compromise the system. When something goes wrong, it’s no longer a question of figuring out where the user gained access.
Now there’s only one door and the question is simply: “Whose credentials were used to gain access, and when?” This simplifies audits and traceability. Given the zero trust assumption, the perimeter exists at every transaction.
My experience handling customer incident responses is that, for threat actors, it’s always been identity-centric. It’s just that organisations have looked at it from a network perspective.
The benefit of changing is that the network’s defenders have the ability to control the flow of the architecture and a given identity within that architecture. They define where an ID can go and what it can do, and disabling an ID disables its ability to do anything.
The impostor is locked out of the system, faster and more effectively reducing the risk. It also changes where “fortifications” are built.
In an identity-centric model, you worry more about the strength of the identity features than the strength of the firewall. If there’s a breach, you replace the “lock” on the “door”, rather than building a new “fence” around the “property”. Incident response therefore boils down to isolating an identity, rather than an infrastructure.
Africa organisations still mostly operate on a network-centric approach, and don’t necessarily understand where their current perimeter is.
The first step is to conduct a GAP analysis to understand the status quo and compare it to the desired end state. The second step is to integrate identity into the network security strategy.
The cost needn’t be exorbitant. In many cases it involves redeployment of assets rather than complete renewal. Cost needn’t be an inhibitor, and the changing networking landscape in a SaaS-driven business environment makes the switch to identity-centric security really important.
Share