Last Updated on September 6, 2024
Enterprise companies have undergone major digital transformation initiatives and adopted multiple cloud technologies in the last few years. While these initiatives are necessary for companies to remain competitive, they also present new challenges with Enterprise security that need to be addressed.
What we’d like to discuss today, with the help of a guest expert, is how an effective identity strategy helps enterprise companies undergoing digital transformation strike the right balance between maintaining security and delivering superior customer experiences.
If you’re a business owner or operator of any kind, we highly recommend taking these points into account so that you can prevent security issues in the future.
Vijay Pitchumani, Identity Solutions Expert
Our guest expert is Vijay Pitchumani, who is currently Director of Product Management with Okta, a leading identity platform, and he’s been working with the company for about four years now. Pitchumani previously worked with VMWare, a leading cloud computing and virtualization tech company, and Sparkcognition, a company that provides enterprise-scale AI solutions. To put it another way, he has a great deal of experience in the enterprise/B2B space.
The focus of Pitchumani’s career thus far has been helping enterprise companies secure their resources and data as effectively and as safely as possible.
Throughout the rest of the article, Pitchumani will provide expert insights on the newer challenges currently being faced by IT teams in Enterprise companies and what can be done to effectively overcome these challenges.
Let’s start with an examination of what are some of the new challenges faced by IT teams.
Challenges with increased Cloud technology adoption
Hybrid or remote work is becoming the new normal, and employees and contractors are no longer localized to a single physical office space. To enable and facilitate employee productivity in this new working model, enterprise businesses are adopting more cloud-based technology and services, as Pitchumani comments on here.
“Businesses are spending more and more on the Cloud, and the trends of remote and hybrid work have only accelerated Cloud spending even further.”
This has resulted in structures where company employees can access corporate data from literally anywhere in the world, using any device, as long as they have an internet connection
On the surface level, that’s a major benefit. It allows employees to work from anywhere, gaining access to necessary data and staying productive. But as Pitchumani explained to us, having more points of access also means more security risks.
“When employees can access corporate data from any device, anywhere in the world, IT teams have to implement solid security practices so that corporate data can only be accessed in a secure manner.”
This is far more challenging than previous, more centralized working models in which employees could only access data via an internal corporate network, or use traditional VPN systems when accessing corporate data from a remote location. Pitchumani notes that early methods for facilitating remote employee access to company networks were definitely vulnerable due to an overabundance of trust.
“In the past, VPNs were used to extend enterprise networks and enable employees to access data from anywhere. However, an attacker could potentially steal user credentials and easily gain access to valuable data.”
The traditional VPN and network perimeter model assumes everything outside could be a threat and everything inside could be trusted. If a VPN network has been compromised, it enables any rogue actor to access any corporate data within the network as a trusted user, without being detected.
So what can companies do?
Pitchumani stressed that one of a few things companies could do to improve their security posture is to implement zero trust and adopt least privileged access for all of their employees across the organization
Zero trust
Zero trust is a security model that describes itself fairly well through its name. The guiding principle of zero trust is that no user or device should be automatically trusted without verification. Zero trust does not assume any automatic trust when resources are accessed through a corporate network, something which was a big drawback of traditional VPN systems.
In simpler terms, a zero trust strategy implies that users are denied access to any corporate data by default. In order to gain access, users need to verify their identity every time they access a resource, and access should be granted only through contextual policies that take into account data around how the user is requesting access.
At the business level, Pitchumani says that zero trust is an absolute necessity. Even a single instance of misplaced ‘trust,’ in other words a lack of verification, could lead to data and identity theft. At the employee level, implementing stronger authentication techniques such as multi-factor authentication and getting rid of passwords ensures far greater security, assuring that only authorized employees can access specific pieces of company data.
Implement Least Privileged access
The second necessary strategy is implementing principles of least privileged access.
In more straightforward terms, least privilege is all about ensuring employees get the right level of access required to do their jobs and continuously evaluating if users continue to have the right level of access.
For many companies, the way to implement least privileged access is to enforce effective identity governance programs.
This is, of course, one of Pitchumani’s professional specializations, and he reiterated just how important it is for companies to take the concept of identity governance seriously.
“As enterprise businesses continue to adopt more and more cloud apps, it is increasingly important to gain visibility on who has access to what and whether they should continue to have access. Modern identity governance gives you tools such as access requests and access recertifications which are critical to ensure only the right users have the right levels of access.”
These tools also allow business leaders to stay completely up to date on various users’ current permissions. They should be able to make changes at the drop of a hat to ensure tight and reliable security.
The takeaway
Remote work is here to stay, and Cloud spending is going to continue increasing. These are the realities of present and future enterprise working patterns.
Business leaders need to understand the security risks presented by these new realities, and as Pitchumani has demonstrated, identity strategies need to evolve alongside these changes.
“It’s critical that companies utilizing Cloud applications implement zero trust and least privilege if they want to maintain their security posture. Otherwise, they simply can’t guarantee that their data is secure or that it will remain secure for the foreseeable future.”
If a company feels ill-equipped to implement these strategies, then the next step is to seek the input of identity solutions experts.
That’s all for today’s look at identity security strategies for enterprise businesses. If you’d like to learn more, please visit the links we’ve included throughout the article.