You may have heard this phrase before but what exactly does this mean?
As infrastructure, platforms, and applications are increasingly spread throughout the globe with different access methods, a convenient attack surface with a lot of "bang for the buck" is many times identity. It's far easier to send someone a phishing email or socially engineer an employee and compromise their account than it is to break into Microsoft's or Amazon's cloud data center. This may seem obvious but what it really means is that we need to secure our accounts with just as much fervor as we secure our global network and the server room itself.
"So is identity the new perimeter?"
A federated identity or single sign-on is such an administrative convenience it is basically a necessity at this point, but with single sign-on comes another type of risk; a single account that is compromised can now access multiple applications for a single user or departments in the business ("keys to the kingdom") or expose the hacked user to multiple breaches in their identity, such as medical records, tax information, confidential family information, etc. This is why technologies such as multi-factor authentication and tracking logins geographically are more important than ever. For example: say your account has just been compromised and you're currently accessing resources on the network locally, yet the system detects your account is also accessing office.com from another country. This is an example of the type of behavior that has been prevented on our network with proven results. Our investment in Microsoft ATP (Advanced Threat Protection) has already made a return on investment with this "impossible travel" feature.
The greatest advancement we are making for our customers in identity management is our Sailpoint initiative. I recently had the pleasure of joining Kristian Asphaug to the Sailpoint Navigate conference in Austin and also seeing the inner workings of Marin IT's Sailpoint setup. This is a huge step for us and really shows how we have matured as a service provider. It's very exciting to see how this implementation will continue to develop.
So is identity the new perimeter? Yes. No. It depends on your organization. Identity extends the perimeter far beyond the datacenter and presents an attacker with a potential jackpot with little effort, provided the security controls are insufficient. As we saw with the Norsk Hydro attack and many others, the perimeter / attack surface is really all over the place at this point. Identity may be the most tempting attack vector for an attacker today, until a vulnerability is published and exploited en masse. We certainly haven't seen the last of devastating worms and viruses either. This is why a holistic approach is needed; it's great to lock all the doors and windows but we shouldn't leave a key under the doormat or leave the basement door accessible. And if someone gets in anyway a guard dog should be waiting for them...
Shay Files, Marin IT
Comments