Recent years have seen a rise in the number of companies adopting cloud-based technologies, with cloud spending forecast by Gartner to climb 20.7% in 2023 to approach $600bn (£482.2bn). Such cloud adoption is due to the elasticity, agility, and scalable nature offered with Infrastructure-as-a-Service (IaaS), which is experiencing the highest growth rates, while Software-as-a-Service (SaaS) ) remains the highest spending category. ,
The IT footprint of organizations adopting the cloud will certainly expand along their IT network perimeter, while IT resources will become highly dynamic and distributed. Within cloud environments, as IT resources are continually provisioned, deprovisioned, and moved across containers, regions, or even cloud service providers, there are many new security challenges. A 2021 survey by the Cloud Security Alliance (CSA) and AlgoSec found that network security is one of the top leading security concerns for cloud projects.
Furthermore, another fundamental problem in cloud computing is the complexity in managing cloud Identity and Access Management (IAM) across multiple organizations. CSA’s Top Threats to Cloud Computing – Pandemic Eleven report lists identity management as the number one cloud threat today because “… access to cloud resources is determined primarily by identity, not network segmentation ” In other words, user identity is the new perimeter.
Given some of these key differences and challenges, specific security paradigms that are commonly used to secure enterprise networks and systems from cyber threats, such as perimeter-based security and defense[JS1] In-depth models may not be well suited for cloud environments. For example, in a defense-in-depth model, trust is eroded once a user is authenticated into the enterprise IT network. However, that identity could have been validated for longer or could have been compromised in the dark web or through a data breach at one of other third-party cloud service providers, such as was the case in Uber’s 2016 data breach.[RM2] [GSY3] In which the stolen credentials of an Uber employee were used.
Here are three main trends that I believe will become more prominent in the coming year:
Adoption of Zero-Trust Framework – “Never Trust, Always Verify”
With the increasing number of data breaches associated with cloud technologies, one of the most important trends in cloud IAM in 2023 will be the increased rate of organizations adopting a zero-trust security model to reduce their risk of data breaches. Zero-trust is a security concept that assumes that every user, device, and network is untrusted and must be continually authenticated and authorized before any resource can be accessed. This means that access to systems and data is restricted based on factors such as user identity, device security, and location. Proponents of the concept include Google’s Sundar Pichai, Microsoft’s Satya Nadella, and even Apple CEO Tim Cook. The US Department of Defense (DOD) firmly believes that this approach minimizes the risk of data breaches and cyber attacks by ensuring that only authorized users can access sensitive information. BeyondCorp, a zero-trust solution developed by Google, is one example. It uses device and user context to enforce access controls and provide secure access to cloud resources.
Since implementing zero-trust requires ongoing authentication and authorization, it is important for organizations to develop a comprehensive zero-trust architecture plan that outlines their strategy, policies, and technologies based on their respective needs. Is. Furthermore, as ISACA’s State of Cyber Security 2022 survey found the cloud computing skills gap to be the second largest, execution of the zero-trust plan will require awareness building and providing necessary training to employees, as Also what to expect from their behaviour. Behavior change will include shifting to stronger user authentication methods such as multi-factor authentication.
The Growing Need for Automation – AI/ML to the Rescue
Due to the mobility of IT resources within the adoption of cloud environments, organizations will need to rely on automation to streamline their security operations management and reduce the risk of human errors due to request fatigue that can lead to zero-trust adoption. can come from Such cloud IAM automation needs will drive another trend in cloud IAM, which is the integration of artificial intelligence (AI) and machine learning (ML) technologies. For example, AI can be used to analyze user behavior and detect anomalies that may indicate a security breach by filtering out noise. ML can be used to learn from these anomalies and improve the overall security of the system.
Cloud IAM solutions that incorporate AI and ML into their technology include Cloud Infrastructure Entitlement Management (CIEM) solutions that enable the management and enforcement of detailed access policies, such as Cloud Knox. As AI and ML technologies rely on data feeds for efficiency and accuracy, visibility and monitoring are some of the essential components that organizations need to get right through careful planning of monitoring integrated across endpoints, network traffic, and applications and user behaviors. required, which is supported by actuals. – Timely threat intelligence on potential security threats.
IAM-as-a-Service – Native Cloud Identity on the Rise
The third important trend we can expect to see is more companies adopting cloud IAM as a service (IAMAaS). IAMAaS is a cloud-based solution that provides IAM functionality on a subscription basis, and a growing number of IAMAaS providers are offering integrations for zero-trust, SIEM, and CIEM solutions. This approach primarily eliminates the need for companies to manage and maintain their IAM infrastructure, while allowing organizations to manage user access to their systems and data, authenticate users, and enforce access policies across multiple cloud platforms and applications. allows to apply.
However, recent data breaches, such as the one experienced by Okta, have highlighted the risks associated with IAMAaS. The breach was caused by a breach that originated from its third-party contractor, Sykes. Data breaches like this highlight the importance of implementing strong security measures when using IAMAaS. Organizational leaders should ensure that they choose a reputable IAMAaS provider with a proven track record of security and that they consistently implement best practices to secure their IAM systems, such as regularly updating software and using multi-factor authentication, as well as having appropriate independent verification of their IT environments. There is a growing need to review regulations and compliance
As cloud adoption continues to grow strongly, cloud IAM will become an increasingly important component of modern business operations. Several key trends shaping the future of cloud IAM include the adoption of a zero-trust security model, the integration of AI and ML technologies to support automation, and the adoption of IAMaaS.
Organizations that are aware of these trends and potential opportunities, as well as the underlying risks and challenges, are better equipped to manage user access to their systems and data, reduce their risk of data breaches, and improve their overall security posture. Will be properly equipped. However, as with any technology, organizations need to ensure they have a strong security foundation backed by talent with the right skills to complement these best practices and trends in cloud IAM.
Ser Yong Goh is a member of the ISACA Emerging Trends Working Group.
This news is auto-generated through an RSS feed. We don’t have any command over it. News source: Multiple Agencies: hindustantimes, techrepublic, computerweekly,