Thales Blog

Why Should You Opt for a Cloud-Based Identity and Access Management Solution?

July 1, 2021

Danna Bethlehem Danna Bethlehem | Director, Product Marketing More About This Author >

Let’s find out why you should opt for a cloud-based identity and access management solution. But what is cloud-based identity access management?. For more clarity, before you read, click the link. When considering this solution, the questions to ask are, what is the security perimeter that modern businesses need to defend? And can this perimeter be defined with traditional terms?

In terms of the perimeter, certainly not.

Businesses have accelerated their digital transformation initiatives to an unprecedented pace, and they have migrated their services, apps and data to multi-cloud environments. At the same time, businesses have adapted to new work norms with employees accessing these corporate assets from everywhere using a plethora of private and enterprise devices, private networks, Wi-Fis, mobile devices, from home or a remote island.

The fact is that even though many enterprises have already transitioned a large percentage of their applications to the cloud, they continue to support indefinitely other on-premises apps and data stores. Regardless of how innovative an organization is, mature enterprises inevitably have legacy resources that rely on the technologies of the previous generation.

Identity is the new security perimeter

In the past, security policies and controls focused on protecting the network perimeter, and this is no longer feasible and effective. Now, security teams are shifting to protect access to data across a “constellation” of entry points. As a result, identity has emerged as the new security perimeter.

Securing access to these cloud-based deployments is critical, especially for ensuring regulatory compliance and business continuity in emergency situations that disrupt normal workflows. Unplanned events like disasters linked to environmental crisis, natural disasters such as earthquakes, business shut-down due to national security reasons or personnel illness due to epidemic phenomena can have a devastating effect on all businesses. The test lies in an organizations’ ability to enable secure remote access for all employees in a scalable and effective manner.

On-premises IAM are not adequate

Gartner defines Identity and Access Management (IAM) as the discipline that enables the right individuals to access the right resources at the right times for the right reason. IAM solutions provide a methodic framework for granting and requesting access to applications, enforcing access controls, and ensuring visibility into access events. IAM solutions are composed of various sub-areas, including Identity Governance and Administration (IGA), Privileged Access Management (PAM) and Access Management (AM).

As enterprises embrace modern technology trends and cloud computing, access security becomes a top concern. This is especially evident in the surge in phishing attacks against cloud services, many of which have led to massive data breaches. As a result, IT teams are seeking streamlined methods of centrally defining and enforcing access controls to manage security and compliance in a consistent manner across their cloud and on-premises applications.

With the proliferation of cloud-based apps and distributed computing models, legacy IAM solutions can no longer meet the requirements of modern access security. Legacy IAM solutions have many weaknesses when they come to protect data and apps in the cloud, including:

  • Directing cloud access traffic through an on-prem solution overloads the network and slows overall network traffic.
  • Relying on a legacy on-prem IAM solution for cloud access creates a single point of failure and increases the risk that employees will not be able to access critical cloud apps if the solution goes down.
  • Allowing employees to access the entire network with a single credential could prove disastrous from a security perspective if that credential were to be compromised.
  • The costs involved in maintaining and expanding legacy on-premises solutions to accommodate hundreds of cloud apps are much higher than implementing a cloud-based solution for secure remote access.

Cloud-based IAM towards a Zero Trust security

When employees are required to work remotely, the modern approach is to implement a zero-trust access evaluation. Businesses need to ensure that nobody is trusted and that access requests are assessed at the access point for each application. This will allow for distributed access decisions per application, per policy and per access scenario. Such a service will be able to step-up authentication for untrusted networks and ease the level of authentication method required for the whitelisted networks. Similarly, the access management solution should allow for establishing policies that will vary authentication rules according to application.

Cloud-based IAM solutions allow organizations to use Single Sign-On, multi-factor authentication and access controls to provide secure access directly to cloud services. Cloud-based IAM has become the preferred delivery method for the vast majority of new access management deployments because it offers a variety of benefits:

  • Reduced breach risk by protecting enterprise and cloud apps at the access point.
  • Reduced identity management complexity by offering seamless access into the required apps either from home or any other location outside the business premises.
  • Ease of deployment, taking advantage of cloud-based delivery.
  • Increased time to value and cost savings, without investing in servers to support access management functions in a sustainable manner.
  • High availability and reliability since the IAM services are offered in the cloud, thus avoiding single-points of failure.
  • Frequent and easy-to-consume functional upgrades.

A comprehensive cloud-based IAM platform should cover a range of authentication situations and provide iron-clad access security for all enterprise applications. Thales SafeNet Trusted Access enables organizations to protect enterprise applications and scale securely in the cloud with a broad range of authentication capabilities, while ensuring security with smart Single Sign-On and policy-driven access controls.