This is an ongoing series of guest blogs written by TAG Cyber analysts in conjunction with various members of our SPHERE team. Offering insights from the perspective of the professional industry analysts combined with a technology company focused on the goal of establishing cyber hygiene. This article comes from a fearless leader, CEO & Founder of TAG Cyber, Edward Amoroso.
One of the most commonly repeated aphorisms heard across the cybersecurity community is that “identity is the new perimeter.” What this means, of course, is that where the corporate firewall was previously used as the primary perimeter-based control to separate internal from external threats, the identity of users is now used to drive access decisions.
This policy shift is driven by new security architectures guided by the zero trust principle, where the adjacency between two entities is no longer sufficient to establish mutual trust. Such implied trust was fine so long as users and systems were located inside a firewall, but it doesn’t work at all for modern hybrid cloud networks. This has led to the need for next-generation identity and access management (NG-IAM) systems that can handle virtual perimeter edges. Such systems must be flexible enough to integrate with the myriad of cloud, SaaS and premise options that exist for most enterprise networks—and one major requirement in this context is that the IAM supports a concept known as identity hygiene.
Cybersecurity company SPHERE has done an excellent job introducing and advocating for identity hygiene, so we will explain the concept in the context of their implementation. Specifically, identity hygiene is all about ensuring that user permissions and related entitlements are properly managed, tracked and cleaned up to avoid exploitable misconfigurations, settings and options.
Such focus on hygiene is an essential aspect of next-generation IAM, because if an enterprise must rely on identity to create a virtual, distributed perimeter, then this must be done in a manner consistent with the needs of the modern control auditor and compliance assessor. Without proper hygiene, the entire hybrid security perimeter is called into question. From a TAG Cyber analyst perspective, this concept is both fascinating and profound. It implies that the correctness, accuracy and completeness of permissions and identities must be managed carefully. This is good news for companies like SPHERE, because it places their solutions in the context of primary access control for the enterprise.
Therefore, if you are running a hybrid cloud network (which implies everyone), then you should accept the aphorism used at the beginning of this essay—namely, that identity is the new perimeter, and to ensure that this perimeter is working correctly, you need to commit to a program of identity hygiene. In our experience, SPHERE implements this concept with its platform as well as any we’ve seen.
Let us know what you think.