By Vince Lujan Posted August 25, 2017
IT organizations are constantly under siege from hackers. When you manage valuable resources and credentials, it’s simply the cost of doing business. Whether your identities are managed on-prem or hosted in the cloud, identity security is paramount. The more resources an organization has, the more opportunities are available for attackers. Hackers only need one way in to a network, while IT admins need to protect every possible IT asset. As a result, IT organizations must adapt to the latest threats in order to survive.
Identity Security Risks
User identities are one of the most valuable digital assets to hackers. Organizations leverage user credentials to authenticate and authorize access to resources. So it should come as no surprise that a compromised identity is valuable to a hacker (and often devastating to the organization). In the past, these risks have prompted IT admins to be reluctant to trust hosted identity providers (IdPs) in favor of more traditional on-prem solutions like Active Directory® or OpenLDAP.
However, innovation in cloud security has rendered this conventional wisdom obsolete. Cloud-forward security is security that has been built from the ground up with an understanding of modern threats and how to combat them. Instead of the relying on conventional firewalls at the perimeter, cloud security goes further and implements one-way hashing and salting to fortify identities. Instead of encryption via SSL, cutting-edge cloud security leverages mutual TLS to ensure that all data being communicated remains secure.
This may sound complicated to setup and manage, but one of the major benefits of the cloud is that trusted services exist that make identity management turnkey. In fact, one of the most significant ways to increase your IT security is by implementing a hosted identity management solution.
Identity Security Starts with the End User
Hackers prey on organizations with weak identity management practices. But even if the foundations of your infrastructure are sound, it can all be unraveled by a single user. If your employees are careless when it comes to thwarting phishing attacks and re-using passwords, that can make an otherwise secure company into an easy target.
That’s why one of most important practices for securing your organization’s infrastructure is educating your users. Encourage your users to be careful with their identities in addition to a cloud identity management platform. This can be a challenge because end users are notoriously nonchalant when it comes to security. That’s one key benefit to using a hosted identity provider: it takes most of the heavy lifting off of the end user’s shoulders – and frees the IT admin from constantly breathing down their necks.
For instance, when all of your identities are centrally managed in the cloud, you can implement password policies (e.g. complexity, rotation) or require that all users leverage multi-factor authentication from one browser-based dashboard.
See the articles best practices below on ways that you can implement better identity security:
Best Practices for Hosted Identity Security
- Enforce multi-factor authentication wherever possible (e.g. systems, applications, WiFi)
- Secure identity storage and never transmit user credentials as plain text
- Leverage only secure channels for data communication (e.g. SAML2.0, RADIUS)
- Have visibility over event logging
- Centralize control over identity and access management
- Enforce strong, complex password policies
- Utilize SSH keys wherever possible
- Educate your employees on security standards and how to ensure compliance
If this list of best practices appears daunting to you, know that there are services that can facilitate and streamline. Below, we’ll go into how a cloud-based directory can help organizations to securely manage their identities.
Hosted Identity Security with a Cloud Directory
JumpCloud’s Directory-as-a-Service® is one of the most comprehensive approaches you can take to achieve hosted identity security. This IDaaS platform securely connects users to the IT resources they need.
IT admins can ensure access is only granted to the right people with the right assets. They can limit the scope of access to systems, applications, files, and networks to only the right people. They can enforce security policies throughout their entire organization, on specific groups of systems, or on an individual basis. Admins can also enforce strong passwords through increased length, elimination of password reuse, password rotation, and more. You can also encourage users to leverage SSH keys for access to critical systems.
Multi-factor authentication (MFA) for systems and applications can be enforced with Directory-as-a-Service as well. With MFA enabled, authorized access is based on more than just a username and password, but something the user physically has like a smartphone or security token. MFA makes it exponentially more difficult for a hacker to compromise an identity.
Learn More about Hosted Identity Security
There is no perfect system when it comes to securing your IT organization. Threats are ever-evolving and so too are the best practices to subverting those threats. In fact, that’s part of the advantage of managing your identities through a cloud service: instead of staying on top of the latest security updates yourself, you can rely on another organization to do the legwork for you.
If you would like to know more about hosted identity security, and how Directory-as-a-Service can help secure your identities, drop us a note. You can also sign up for a free IDaaS account and see for yourself. Your first 10 users are free forever.