Page 46 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 46

main technology for managing identities, cloud solutions like Microsoft Azure are increasingly gaining
            traction, especially in managing identities within a complex landscape. This landscape encompasses
            everything from user authentication to global resources (beyond the organization's internal network),
            application authentication, and even external 3rd party access from vendors.


            As the identity landscape continues to evolve and grow more complex, attackers continue to evolve their
            identity targeting methods. This is not surprising, as once an attacker controls a privileged identity/ies,
            they  have  almost  unlimited  access  to  an  organizations’  resources.  Due  to  the  complex  nature  of
            managing identities, these are far easier to compromise than, let’s say, developing a zero-day exploit,
            which have limited shelf-life and reach.

            In response, security vendors and directory vendors offer some solutions to help organizations better
            protect their identities. These include the use of MFA in cloud environments, introduction of PAM security
            solutions, Identity and Access Management solutions, credential vaults and more.



            The Achilles Heel of Identity Management: Complexity

            While  these  solutions  do  offer  some  improvements  in  security,  they  disregard  the  reality  of  identity
            security  in  organizations  –  identity  access  infrastructure  and  practices  have  been  evolving  for
            (sometimes) decades, creating an impossible knot to untie. Doing identity access the “right way” is hard,
            very hard. If you are an IT admin, going “by the book” using Microsoft's guide for privileged access model,
            you will need a very professional and dedicated team of experts that can build the entire network and
            identity plane from scratch, making sure tier0 (the control plane) doesn’t overlap with tier1 (the data
            plane), which doesn’t overlap with tier2 (users and applications plane):





























            https://learn.microsoft.com/en-us/security/privileged-access-workstations/media/privileged-access-
            strategy/legacy-tier-model-comparison-new.png






                                                                                                              46
   41   42   43   44   45   46   47   48   49   50   51