By Vince Lujan Posted August 29, 2019
As cloud security has become a focal point for organizations of all sizes, IT admins need to know how to create a secure cloud identity. While there is no silver bullet that can address all of the modern security concerns in one fell swoop, IT admins have found success by layering multiple security mechanisms together to suit their specific needs.
Of course, the challenge with the layered approach to security has historically been that IT admins would require an array of point solutions from various vendors to be integrated with their core identity provider (IdP). Fortunately, a new generation of cloud directory services is consolidating what was once an entire ecosystem of disparate solutions into one comprehensive platform, while still providing those critical layers of security.
But, what does a secure cloud identity actually look like?
Before we talk about securing cloud identities, let’s discuss how IT admins have secured identities traditionally. Historically, IT admins have leveraged directory services platforms (also known as an identity provider) such as Microsoft® Active Directory® (AD) or OpenLDAP™ to secure user identities.
When legacy solutions such as these were introduced, the IT landscape looked a lot different in that it was primarily on-prem and based on the Windows® operating system, another Microsoft product. This enabled IT admins to leverage their core IdP, usually AD, to securely manage and connect users to their Windows-based IT resources.
Traditional Identity Security
Because AD was located on-prem, the primary security perspective was that the network itself and the security of being inside the firewall would protect identities hosted within AD. So, the start was that you had an AD identity at the core of your IAM infrastructure, which was more or less secure because of a strong perimeter and because everything was on-prem.
But then, new innovations started to emerge outside of the perimeter such as web applications, cloud infrastructure, virtual file systems, and much more. So, admins had to stretch user identities beyond the perimeter to use that identity elsewhere. But in order to do so, IT admins had to use additional tools with additional costs and complexities.
Thus, identities were spread all over the place and on-prem wasn’t really on-prem, so was the environment really that secure? Add to that the benefits of shifting everything to the cloud, and then you had to stop and think about the concept of a secure cloud identity.
The question now is: how do you get the most secure identity?
Building the Most Secure Cloud Identity
Well, it makes sense to start with the identity provider. You need to have a strong central identity because everything else stems from that, and if you have other identities scattered around, that can be insecure and unproductive.
Okay, so you have the central identity, but then that central identity requires password complexity (NIST recommends a really long password). That password then needs to be one-way hashed and salted to be secure.
For servers, admins want to use SSH keys as much as possible. Then, you need to attach multi-factor authentication (MFA) to everything possible so that you aren’t just relying on one authentication factor. Finally, you secure the user system (Windows, Mac, Linux) so that user access to IT resources connected through the system are secure. Further, you really want to monitor these closely for any potential problems by recording events and system insights.
A Secure Cloud Identity Provider
Easier said than done, right? Well, not any more. By leveraging the modern Directory-as-a-Service®, IT admins can essentially shift the heavy lifting of implementing and maintaining their on-prem IdP to a third-party provider.
JumpCloud® Directory-as-a-Service ups the ante by providing numerous security mechanisms such as password complexity management, MFA/2FA, SSH key management, RADIUS, LDAP, and many more as features of the overall platform.
By building a secure identity with JumpCloud, IT admins have the option to layer a number of security mechanisms via one comprehensive platform, rather than an array of point solutions.
Learn More About JumpCloud
Contact JumpCloud to learn how the Directory-as-a-Service platform can help you create a secure cloud identity for your organization. You can also sign up for a free account and check out the Directory-as-a-Service platform today. Your first ten users are free forever, and we have a Knowledge Base of self-serve documents and videos to assist you in your JumpCloud journey.