This blog is co-authored blog by Aubrey Turner and David Manks, Technology Alliances Product Marketing at SailPoint
In today’s modern enterprises, employees ask for three things: Access to their applications and systems from anywhere, at any time, and from any device. This seems simple, right? In theory, yes, but putting in the appropriate controls and protocols to enable on-demand remote work requires timing, vision and technology interoperability to facilitate this move in a manner that’s both secure and seamless.
The dramatic events of 1H of 2020 have resulted in companies being forced to rapidly change business models. This has also been accompanied by increased interest and adoption of cloud-based applications and resources. Moving an on-premises workforce to working remotely is one of the initial results of the rapid transformation, and Zero Trust is instrumental in achieving a secure transition.
Overcoming Access Security Risks
The transition to remote working comes with multiple challenges. The following are some key identity and data risks that need to be addressed:
Continued use of weak single-factor authentication or multiple authentication points without additional strong factors for web, SaaS, mobile and on-premises apps
Challenges granting and managing the appropriate access for users, given new or revised onboarding processes and access requirements
New responsibilities and ad hoc protocols for WFH users
Increased likelihood of errors
The need for managing increased help desk calls due to the sudden increase in remote workers
Verifying users for password resets or other access inquiries
Granting appropriate entitlements for access requests
More burdensome demands for administering access for third-party contingent workers (e.g., full-time contractors, consultants, freelancers) and partners
Potential "shortcut" measures taken when rapidly moving workforce to a remote access model, thereby creating over-entitled users
Visibility into who has access, how they got that access and how they are using that access
New data flows and users accessing sensitive corporate data from outside the corporate perimeter network
Discovering and classifying sensitive data
Knowing and managing effective permissions
Unmanaged corporate and/or personal devices remotely accessing corporate data
SailPoint and Ping Identity offer solutions that map to a Zero Trust architecture and address the access security risks posed above. Ping Identity helps organizations create an identity authentication authority that includes strong, risk-based adaptive consolidated authentication, authorization services and unified user attribute data, while SailPoint automates user lifecycle management, access requests, data classification and overall governance of access based on least privilege.
The Zero Trust Framework
Trust but verify has evolved to never trust and always verify. Zero Trust is not a product, and anyone promoting such a silver bullet is exaggerating their capabilities. Instead, it’s a framework that relies on multiple systems and solutions to ensure layered security across an enterprise’s applications and resources. It requires forward-thinking companies who understand the importance of interoperability and design their integrations around helping customers achieve a Zero Trust milestone.
This is why Ping and SailPoint closely partner to deliver foundational elements of Zero Trust: authentication, authorization, governance and policy-based access controls. Properly architected, the out-of-the-box interoperability between the solutions can create an enforcement point for web, SaaS, mobile and on-premises application and data access security based on devices and contextual rules and policies.
Below are a few points to consider when designing and building identity into your Zero Trust framework:
Enterprise security is a “team sport.” There are no off-the-shelf Zero Trust security solutions, and it takes an ecosystem of technologies working together to achieve this goal. You should consider solutions that integrate out of the box via standard protocols to ensure your solutions are built to work together and are future-proofed.
Centrally managed authentication and authorization controls are essential pieces to your Zero Trust implementation. They answer the most basic questions of “Are you who you claim to be?,” “Are you allowed to access the resources you’ve requested?,” and “How will we verify?”
Your environment is rapidly evolving. Where do your applications reside now—and where will they be in the future? Zero Trust controls and principles should be applied to all resources whether in the cloud, on premises or a hybrid combination. It is important that you consider not only where you are currently, but where you will be years from now.
Roles and permissions within a company are constantly changing. Leveraging solutions that continuously monitor, recognize and automate changes in assignments and policies prevents access for orphaned, unauthorized or over-provisioned users.
Zero Trust is one part of a security system. Set a detailed plan for how you will implement this strategy over time. Budgets for Zero Trust rarely exist, so outlining the strategy in the context of broader organizational security will ensure stakeholders across your organization understand the vision, intent and timing to achieve this.
The shift will take thoughtful execution. Manage your organization through the resulting changes, including end-user impact analysis, job aids/FAQs and communication planning.
Securing Digital Transformation
SailPoint and Ping Identity have spent years innovating and delivering identity solutions that address the most complex use cases and requirements across the world’s largest enterprises. Together we deliver a user experience that is secure as well as seamless.
You can learn more about our partnership and how we continue to work with our customers and industry partners to enable Zero Trust solutions for our customers.
Together SailPoint and Ping can help power a best-in-class digital transformation initiative to manage and secure identities anytime, anywhere that today’s modern workforce demands.