As more companies move to the cloud, the traditional perimeter is no longer enough to secure critical data, says Muzi Langa, MD of ManTK IT Solution.
As more organisations move into the cloud, implement remote and hybrid work models and run a multitude of disparate systems, the traditional perimeter is no longer enough to secure critical data. Identity has to be the primary control plane, and identity life cycle management is a key component of this.
This is according to Muzi Langa, MD of ManTK IT Solution, a specialist IT security and services provider. Langa says: “Traditional security initiatives focused on the perimeter in the belief that if the perimeter is secure, the data which resides within the perimeter would also be secure. In the cloud environment, hypothetically, that perimeter still does exist conceptually, but is no longer a reliable control boundary. This means that weak identity controls are a significant risk.” For example, he cites risks such as unmanaged service accounts that access the data that resides in cloud environments. “We see growing concern when it comes to issues such as shared credentials and a lack of multi-factor authentication,” he says. “These issues still exist even in major enterprises, and they increase the risk of account takeover and lateral movement within the cloud environment. We often see organisations that are adopting cloud at scale failing to prioritise strong identity governance and identity life cycle management. They struggle to implement the principle of least privilege – locking down the user as much as possible, but still giving them access to what they need to do their job.”Zero trust is widely accepted as a key component of identity risk management; however, many organisations overlook proper identity life cycle management as another key focus area, Langa says. Identity life cycle management extends far beyond onboarding and off-boarding, he explains. “When a person joins the company, an account is created for them with a specific set of role-based access control permissions, but as they change divisions or get promoted, their permissions will change. Life cycle management is the whole process of following the user during their life cycle with the company, assessing whether they need more, less or different permissions,” he says. Securing, managing and monitoring identity life cycles is an increasingly complex task, which could require certain organisational changes and the implementation of an identity governance and administration solution to support it, Langa says. “It raises the question of whose job it is to manage identity life cycles. Managing role-based access control is an IT function. But broader identity life cycle management goes beyond an IT function,” Langa notes. “It's a multi-party responsibility involving stakeholders like HR and IT, with guidance from the security officer and the CIO or the CISO, depending on the maturity of the organisation. There might be other systems that the user would need access to, which would then require pulling resources from the departments that those systems reside in, to grant that user that level of access that they need. “If you think about user life cycle management from a RACI matrix perspective, first we need to know who is the user owner – that would be the user's line manager. And then we need to know who's responsible for granting that user the access that they need to do their job. That would sit with the identity and access management/IT security division. And then there would be the trigger authority, which would be where HR comes in, initiating the joiner, mover and lever events, providing authoritative employee status data, and ensuring timely communication of employee change. Then there's the technical execution, that is the IT operations layer. That user might need access to certain line of business applications. So then the application owner needs to be brought in as well: they would be responsible for integrating applications with IAM systems, implementing approved access changes and maintaining role-based access control. "And at the end of it all, you have oversight and assurance. Here, the CSO, the governance, risk and compliance officer and the internal auditor would come in, and their roles would be on a policy and standard level to conduct regulatory reviews, check compliance with regulations and make sure that evidence is available for auditing purposes.” “In my experience, identity life cycle management is a ‘Jack of all trades’ situation in many organisations. We find they do not actually execute each and every one of the necessary roles in as much depth as is required. Small to medium-sized organisations – including local municipalities and some of the government organisations – are not that well organised when it comes to roles and responsibilities,” Langa says. “ManTK IT Solution offers consulting and solutions to help organisations bolster access control and identity life cycle management,” he concludes.
Mantk IT Solution Hybrid Work Models Cloud Computing Unmanaged Service Accounts Identity Life Cycle Management
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
India Crushes Pakistan in T20 World Cup Showdown, Advances to Next RoundIndia dominated Pakistan in a T20 World Cup match, winning by 61 runs and securing a spot in the next round. Ishan Kishan's impressive 77 set the stage for India's strong batting performance, while their bowlers effectively dismantled Pakistan's batting lineup. The highly anticipated match was filled with excitement, showcasing the intense rivalry between the two nations.
Read more »
Sacha Feinberg-Mngomezulu and Sarah Langa's Romantic Bali GetawaySpringbok Sacha Feinberg-Mngomezulu and Sarah Langa, reportedly dating, enjoyed a romantic vacation in Bali. They shared photos of their trip on Instagram, including a luxury villa and Valentine's Day flowers. This follows previous denials of their relationship.
Read more »
Global AI Summit in New Delhi Faces Challenges in Securing Concrete CommitmentsThe AI Impact Summit in New Delhi, attended by world leaders and tech CEOs, aims to establish a global AI governance roadmap. Despite the growing demand for AI, concerns about its societal and environmental risks persist. The summit's success in achieving concrete commitments from AI giants is questioned due to previous instances of narrow self-regulation.
Read more »
Klopper defends Ride for Sight titleHe powered home in 02:45:14, securing the victory ahead of teammate Reinhardt Janse van Vuuren and Ryno Shutte.
Read more »
Sekhukhune United keep Top 3 ambitions alive despite title setbackSekhukhune United are finding their rhythm after a challenging season, securing back-to-back wins and keeping themselves in the hunt for a top-three finish
Read more »
Nissanka's Century Propels Sri Lanka into Super Eights, Puts Australia on the BrinkPathum Nissanka's unbeaten century led Sri Lanka to a dominant victory over Australia in the T20 World Cup, securing their place in the Super Eights and leaving Australia facing potential elimination. Nissanka's explosive innings, supported by Kusal Mendis, saw Sri Lanka chase down Australia's score with ease. Australia's captain, Marsh, returned and scored 54.
Read more »