Everywhere you turn in IT security today, everyone is talking about identity … identity … identity.
Exemplifying this is a joint study by JumpCloud and ESG Research that found 97% of security executives plan to expand or continue existing spend on identity and access management (IAM) tools this year.
The study reaches the obvious conclusion that the sudden prioritization is based on the fact that every person, machine, and device has its own identity—and every application and environment must be able to leverage those identities with a distinct set of rules and permissions applied to them. And with more than 40 billion user device and IoT identities that exist today, it’s no surprise that organizations struggle with managing, provisioning, and securing all those identities
We can all relate. Literally every day, when signing up for, or on to, an application or online service, we all go through the painstaking process of multi-factor authentication, entering passwords, responding to texted codes, checking boxes that have bicycles in them, clicking I am not a robot, and the list goes on in an effort to protect the business and ourselves from threats.
But wouldn’t it be nice if you only needed to provide the details of your “identity” ONCE to access an application or service and not be questioned , or texted, or called to prove permission to access the application.
A recent OpenView blog Investors Predict What’s Next In Identity and Access Management examined identity and access management (IAM) and pointed to advancements in machine learning and ephemeral access suggesting that an improved user experience was on the horizon.
What the article did not point out is that a Zero Trust cybersecurity mesh foundation, based on analytics, intelligence and triggering, distributed identity fabric and policy management and orchestration already exists in the form of a Software Defined Perimeter (SDP).
SDP is a fundamentally application-centric approach that is central to a true zero trust strategy – particularly for complex cloud native applications or applications refactored for the cloud.
The value of SDP in a Zero Trust model must be its ability to make applications and services invisible and second, its ability to deny access to applications and services for users without credentials – a cyber passport of sorts – authorizing access to applications and services in the cloud.
As active participants in the software defined perimeter (SDP) project initiated by the Cloud Security Alliance, SDP has grown from a specification to a reference architecture and spawned early stage commercialization of the opensource SDP with little value add by the vendors.
Now, RESILIANT introduces a identity centric SDP which enforces the user’s digital credentials – their identity – at a deny all gateway. These credentials identify authorized users on authenticated devices and informs the Gateway which users are authorized to access the specific application protected by the RESILIANT TRUST ZONE. Read – no privilege creep.
Unlike other solutions, the RESILIANT architecture enables the separation of the control plane from the data plane or policy decision from enforcement and provides full visibility into all connections into the Trust Zone. RESILIANT follows a key policy in cybersecurity: policies that cannot be enforced cannot protect services. Protected services in the RESILIANT trust zone are effectively hidden from the internet, leaving attackers and unauthorized users abandoned outside the gateway.
RESILIANT enables IT security to pivot away from VPNs and aging network centric infrastructure to an API based architecture implemented at the application layer. DEVOPS can define a RESILIANT-ready gateway to secure CI/CD for operations – avoiding lengthy security reviews and making innovation available faster. Enterprises using RESILIANT effectively reduce the number of successful attacks by deploying the invisible trust zones and admit only credentialed users using validated devices even while attacks are ongoing.
If the application is RESILIANT READY, credentialed users only need their cryptographic passport to access a RESILIANT READY application – any user, located anywhere.