Identity is the New Network Perimeter

Gone are the days when the castle wall perimeter approach could protect your corporate network. The distributed nature of modern enterprise systems and the lack of an obvious physical boundary calls for a better solution – where identity is the new gatekeeper.

What is the Old Network Perimeter?

It's 2022, and there are still organizations that use the old network perimeter castle-wall approach in which you build lines of defenses that network intruders need to infiltrate. This is the traditional network security architecture that breaks a network into different zones. 

In this perimeter model, firewalls restrict communication between different zones on a network with the aim of protecting information. Network address translation (NAT) became popular at organizations as a way to provide Internet access to internal client devices. The use of NAT enabled hosts on internal networks to communicate directly with hosts on the untrusted Internet with tight inbound traffic controls still in place.

Clever hackers began masquerading malicious traffic as apparently normal inbound traffic that passed through firewalls. For example, an email sent to an employee with a seemingly harmless link could, in fact, contain a payload that results in malware. The malware establishes a connection between a remote Internet device and the compromised employee’s computer. 

Why the Perimeter Model Isn’t Secure Enough

The perimeter model often fails because the firewall and other security policies only work at the network zone boundary. Compromised devices can communicate with other devices, enabling lateral movement through the network. Firewall exceptions or other attack vectors can provide hackers with a way to escalate their privileges from one device and gain access to the most sensitive information assets on a network. 

Amplifying this problem is the nature of modern corporate IT infrastructure in which cloud computing and remote work feature heavily. Employees can access corporate resources from almost any device once it has an Internet connection. As a result, the physical network perimeter is literally breaking down so that it no longer makes sense as a primary way to architect against attacks. 

Identity as the Perimeter

The distributed nature of modern corporate networks and its lack of an obvious physical boundary calls for a better approach. With so many different users and devices capable of communicating with the corporate network, the surface area for attacks is far greater than ever.  

Using the old model, all it takes is one successful phishing attack to get a foothold in your network. A lack of identity controls combined with too much trust facilitates this foothold. The solution is to take a zero trust approach in which user and device access requests are always appropriately validated using their identities. 

Organizations need to have visibility over who and what is trying to access data and the context in which such access requests occur. This means confirming that users/devices are who they say they are and only then providing the permission needed to access a resource. Ultimately, this approach establishes identity as the network perimeter by allowing organizations to secure their valuable information assets while giving users the convenience they want. 

Why A Solid IAM Solution Matters

Understanding that identity is the new perimeter is not sufficient to get the level of security your network needs. The crux of the problem is providing the right levels of access to the right people in a secure way. While it’s important to confirm device identity, users are often seen as the weak links in terms of an organization’s information security posture. 

Weak and stolen credentials remain a shockingly common cause of data breaches. Orphaned accounts with no valid business users exist on many networks. Such problems stem from not having a good identity and access management strategy and solution in place to keep track of user access.

With the dynamic nature of modern corporate IT environments, a manual approach to provisioning and de-provisioning user access is asking for trouble. A solid IAM solution addresses many critical aspects of establishing identity as the new network perimeter. Here’s why IAM matters:

• Multi-factor authentication: It’s critical to avoid granting permission to corporate resources when users only provide a username and password combination. IAM solutions help you enforce multi-factor authentication so that even if an employee’s credentials become compromised, a malicious intruder still needs to provide another distinct piece of evidence before getting permission to resources. 
• Automated policy enforcement: An IAM solution helps to enforce your identity access policy across a multi-cloud environment with automation. 
• Orphaned account detection: IAM solutions can detect and alert you about risky orphaned accounts that you may otherwise have no visibility over.  
• Security context: A good IAM solution can take into account or provide data on several important contextual factors before granting access to resources, including where the access request comes from, the time of day, and the nature of the resource being accessed. 
• Auditing: An IAM solution can provide metrics, reports, and audits that provide confirmation of a functioning IAM policy across the identity lifecycle.

How Tuebora Helps

Tuebora’s IAM solution allows you to choose self-service IAM workflows that meet your use cases and scale with your organization. Our machine learning and analytics platform equips you with the power of behavioral analytics to discover and disable unused access and over-provisioned access, both of which pose security risks in a world where identity is the new perimeter.

Get your demo here.