1 Introduction
Dynamic cloud environments require dynamic access. Dynamic cloud architecture is coming to dominate enterprise networks and operations, as business leaders and IT vendors understand a paradigm shift is necessary for organizations to compete as fully digital enterprises.
The new cloud dominated IT architectures have become essential to organizations seeking the speed and dynamism essential for organizations to run the applications and tools needed for fast changing markets and challenging operating conditions. DevOps and other agile teams within organizations have come to rely on dynamic clouds to complete workloads on a Just in Time (JIT) basis, in response to demands from their internal customers.
All the while, networks are much more open to employees, third party users, suppliers, and customers; what was once considered “privileged” is becoming the norm as collaboration and data sharing become ubiquitous. The emergence of non-human identities gaining access to cloud-based resources is also an important part of the new environment.
This new architecture incorporates multiple instances of cloud services including IaaS, PaaS and SaaS, as well as hybrid combinations of cloud and on-premises installations and within it all, clusters of teams using and running these clouds.
The speed at which these environments operate has put severe pressure on the capabilities of traditional access management platforms such as role-based IGA, IAM and PAM. While workloads have long been present in servers and private clouds these tended to be static and not time critical. What has changed is the breadth of access, but primarily the dynamic/agile/volatile nature of what needs to be managed. It is not about setting up a server on a physical machine that runs for years anymore, but about constantly changing workloads.
Hence the need for our cloud access management and entitlement platforms that can manage the challenges in the computing environments mentioned above. Such platforms must operate at the speed of the cloud and grant access based on tasks, toolchains, and workloads rather than roles – or only permission access to static resources such as servers or vaults.
The IT environment has inevitably become complex just as the business environment has made it harder to be competitive and profitable with the shifts in consumer behaviour and new delivery models of goods and services. None of this will stop; more likely the speed of change will accelerate as new technology, such as the metaverse and Web 3.0, opens new markets and opportunities. New technology, business practices and cultures are arising that will further put a strain on traditional Identity and Access Management solutions for multi-hybrid environments.
1.1 Highlights
- Businesses must focus on policies and not roles or jobs when considering cloud entitlements for identities of all types
- Fifty per cent of organizations see secrets, credentials or data left unprotected on clouds as a major security concern according to KuppingerCole research
- CISOs and other IT leaders are also concerned by the sheer complexity of multi-cloud environments
- KuppingerCole research shows that multi cloud adoption is becoming the majority standard in enterprises
- Software platforms such as Cloud Infrastructure Entitlement Management (CIEM) and some advanced forms of Privileged Access Management (PAM) are emerging to assist in cloud governance
- Clouds are purchased from different vendors by different LOBs and every cloud has its own protocols and IAM processes.
- The number of users and other digital identities accessing the clouds can run into the thousands and is hard to audit and manage
- Clouds are also accessed by third parties, contractors and customers often without proper governance.
- The KuppingerCole Identity Fabric paradigm and different tools can contribute to securing clouds and identities
- Standing privileges and entitlements are a huge risk to the stability and security of the business.