Defining Identity as the primary security perimeter
In this, we will learn about how to define indentity as the primary secuiryt perimeter.
Digital collaboration has changed. That is to say, employees and partners now need to collaborate and access organizational resources from anywhere, on any device, and without affecting their productivity. Moreover, there has also been an acceleration in the number of people working from home.
Further, enterprise security needs to adapt to this new reality. The security perimeter can no longer be seen as the on-premises network. It now extends to:
- Firstly, SaaS applications for business-critical workloads that might be hosted outside the corporate network.
- Secondly, the personal devices that employees are using to access corporate resources (BYOD, or bring your own device) while working from home.
- Thirdly, the unmanaged devices used by partners or customers when interacting with corporate data or collaborating with employees
- Lastly, IoT devices installed throughout your corporate network and inside customer locations.
What is identity?
An identity is how someone or something can be verified and authenticated to be who they say they are. However, an identity may be associated with a user, an application, a device, or something else.
Four pillars of identity
There are four fundamental pillars of identity that organizations should consider when creating an identity infrastructure. Moreover, there is a collection of processes, technologies, and policies for managing digital identities and controlling the process of using access resources.
- Firstly, Administration. It is about the creation and management of identities for users, devices, and services. However, as an administrator, you manage how and under what circumstances the characteristics of identities can change.
- Secondly, Authentication. This explains the story of how much assurance for a particular identity is enough. In other words, how much does an IT system need to know about identity to have sufficient proof that they really are who they say they are? Further, it involves the act of challenging a party for legitimate credentials.
- Thirdly, Authorization. This is about processing the incoming identity data to determine the level of access an authenticated person or service has within the application or service that it wants to access.
- Lastly, Auditing. This is about tracking who does what, when, where, and how. Auditing includes having in-depth reporting, alerts, and governance of identities.
Reference: Microsoft Documentation