Businesses must rework identity infrastructure as data moves to the cloud: Okta CSO
- 14 September, 2017 00:56
Burgeoning adoption of cloud-based solutions has pushed issues of identity management front and centre for Australian companies as they work to modernise their application infrastructure, the chief security officer of Okta has reported as the company this week moved to tap into local demand by opening its new Asia Pacific headquarters in Sydney.
The move comes in the wake of the mass breach of US credit reporting agency Equifax, which was compromised in a massive breach that saw the theft of personal details on 143m Americans stolen by attackers that capitalised on a Website vulnerability.
That hack – just one of many related to the acquisition of personal information that was, Verizon recently reported, used to facilitate 81 percent of hacking-related breaches – highlights the importance of raising the bar around identity management as companies increasingly put their data into cloud services that now form part of the enterprise infrastructure.
“There is this continuous migration to the cloud, and we have a large number of new platforms that an enterprise has to support,” Okta CSO Yassir Abousselham told CSO Australia.
“A lot of enterprise information is outside the perimeter – so the question becomes: what can you do to make sure that access to this information is provided in a secure manner, and that any application you deploy is usable and secure?”
Security specialists may intrinsically understand the need for broad security and the issues that cloud raises, but such an understanding is not ubiquitous within the business. A recent Epicor survey of business professionals found that 36 percent had heard of, but were not familiar with, the idea of cloud software-as-a-service and 30 percent said the same about big data. Just 47 percent agreed that IT would help their organisations overcome future challenges in the market and 38 percent said it would help them work more efficiently.
Those sorts of figures hardly suggest overwhelming recognition of the need for a new, identity-based business platform – which is why Okta has been pushing the concept hard through its technology developments and partner engagements.
Last month, the company debuted enhancements to its Okta Identity Cloud that include direct support for LDAP enabled applications – which lets the service’s Okta Universal Directory take the place of on-premises directory services. Okta also delivered basic two-factor authentication for all of its users as standard, helping raise the bar for identity protection in a move that Abousselham said reflected the need to rein in data leakage due to persisting use of ‘shadow IT’.
“IT used to hold the keys to allowing access or deploying new enterprise applications, but shadow IT completely breaks down your identity lifecycle,” he explained. “If access is not regulated through authentication that meets your security policy, that could lead to data breaches.”
Identity-management firm SailPoint is also asserting its role in the space, recently spruiking its progress in ‘identity analytics’ and demonstrating plans to add artificial intelligence to its SailPoint IdentityAI open identity platform, which it is promoting through its Identity+ Alliance.
Growing corporate recognition of identity management’s importance is driving investment at a rapid pace: a recent Gartner forecast predicted that worldwide cloud-based security services would grow 21 percent this year, with identity-related spending more than doubling from $US1.65b ($A2.07b) to US$3.42b ($A4.3b) by 2020.
Okta’s new site will bolster the company’s position in the Asia-Pacific market, where strong opportunities are emerging from robust growth: IDC recently predicted the region would be the world’s fastest-growing buyer of security products, growing by 13.8 percent annually from 2016 to 2020 – with endpoint security, security and vulnerability management software, and identity-related software driving more than 75 percent of security spend.
“We are enabling the IT stack and allowing the enterprise to extend its IT capabilities in a rapid and secure manner,” Abousselham said, noting that Okta’s recent acquisition of StormPath would give developers an SDK-based identity infrastructure designed to speed infrastructure rollouts.
“This means you don’t have to create entire identity infrastructures from scratch; you can free up your time and engineers to focus on what you do best.”