コンテンツにスキップ
検索
日本語
ブログに戻る

Identity is the New Security Perimeter with Zero Trust

著者: MJ カウフマン

日付: 07/09/2024

Long before the pandemic evicted office workers and sent them scrambling to set up laptops on dining rooms and kitchen tables, the shift to remote work gained traction. 

A decade ago, when technology enabling remote work began launching (like Basecamp, Slack, Google Drive, and Zoom), companies quickly saw the value in a distributed team. They could access talent across the country (and the world) and run a more streamlined operation. Nearly a year into the pandemic, many office refugees have permanent home office setups. Every day new companies announce plans to continue moving toward a distributed model or maintain a largely remote workforce indefinitely. 

Remote work is great for productivity and access to talent. But it creates a security nightmare for companies relying on the traditional perimeter defense model. Security based on administrators and standing privilege worked well for exclusively on-premise workforces. Now, many workers are outside the office more than they’re in it, using software and connecting to resources that live in the cloud. Work occurs on both personal devices and company-owned ones; traditional security models no longer apply. Modern companies need a new basis for the security perimeter. 

This post explores why identity is the ideal perimeter and how it works with the Zero Trust security paradigm.

Why We Need to Change the Perimeter

Several trends are driving the need for a change in how we define the perimeter. These trends range from technological developments to operational shifts. Let’s look at three that are especially influential.

The Cloud is Everywhere

Even in the largest enterprises, on-prem resources are losing their attractiveness. It’s simply cheaper, faster, and easier to use the cloud. This is especially true of software solutions. The average employee logs into eight different SaaS solutions regularly. And these SaaS solutions are often not well managed. 71% of companies have at least one SaaS subscription without a billing owner (meaning the employee who signed up has left the organization). IT departments struggle to know who is using what resources and, importantly, who should be using what resources.

With Remote Workforces, the Office is Anywhere

Remote workers rarely work from a single location. They’re typically migrating from home to coworking spaces, to coffee shops. Many of the places they favor have networks of questionable safety with untrusted devices connected to them. VPN tunnels partially help solve this problem, but they’re slow due to capacity issues and expensive due to hardware costs, additional networking, and configuration/management challenges.

Contractors: Temporary, with Quickly-Shifting Access Needs

Contractors present an especially confounding challenge to the perimeter defense model. From temp force nursing staff working for multiple hospitals to accountants pulled in for year-end to engineers doing highly privileged work, to integrate a new product — contractors are inherently difficult to manage from a security standpoint. Their access needs vary widely, and they are often temporary. Additionally, at some point, many are re-staffed in a different capacity or move to a different team within the organization.  

Modern Threats are More Complexban-tag

In addition to modern developments, we face modern threats, which come in various forms. Threats aren’t limited to bad actors on the outside trying to get in. There are numerous internal threats such as malicious employees, accounts with compromised credentials, and systems infected with malware that serve as jumping-off points for bad actors. These internal weaknesses are significant — the cost of insider threats has risen 31% in the last two years, from $8.76 million in 2018 to $11.45 million in 2020. 

Why an Identity-Based Perimeter with Zero Trust is the Solution 

Zero Trust is based on the premise that no one has standing privilege, not even administrators. Instead, every time a user or application submits an access request, all of the attributes associated with that user or application (role, position, duties, usage behaviors, etc.) are evaluated. To assess risk, the security system either auto-grants access or flags the request for further review. The full spectrum of identity determines access. 

Two key pillars of Zero Trust are time-limited access そして just-enough access. When a user or application’s identity is evaluated, a decision is made on what access to grant and how long it will persist. 

With identity as the perimeter, founded on time-limited access and just enough access, Zero Trust solves the challenges associated with the modern developments described above. Old credentials are no longer floating around. People cannot access data or resources they shouldn’t after moving to a different department — or organization. And everyone can work more efficiently because slow-moving VPN tunnels don’t bog them down. Additionally, identity allows us to assume that even employees, resources, and infrastructure inside the organization could be compromised. So we are better able to defend against modern threats.

オンデマンドウェビナーをご覧ください。 リモートワーカーのセキュリティ確保, to learn more about how Zero Trust and an identity-based perimeter will help you meet today’s security challenges.

関連記事

国防総省が DevSecOps を戦略に追加すべき理由
国防総省が DevSecOps を戦略に追加すべき理由
ブログを読む
CMMC 認定の実践ガイド
CMMC 認定の実践ガイド
ブログを読む
saviynt-cpam
Saviynt CPAM – PAM 市場の破壊
ブログを読む

報告

2024 年のアイデンティティとセキュリティのトレンド

レポートを読む

報告

Saviynt が IGA の Gartner Peer® Insights Customers Choice に選出

レポートを読む

ソリューションガイド

IGA バイヤーズガイド

ガイドを読む

ソリューションガイド

PAM 購入者ガイド

ガイドを入手

白書

独占的な ID とセキュリティに関する洞察を受信トレイで受け取ります。

購読する