By Zach DeMeyer Posted October 1, 2019
With more companies making their way toward the cloud, their CISOs and IT organizations need to ensure their critical data is safe. According to the Cloud Security Alliance (CSA), identity and access management (IAM) is a key facet of Security-as-a-Service (SECaaS). Here’s why this is the case, and how you can optimize IAM for SECaaS in your organization.
What is SECaaS?
Conventionally, on-premises solutions were the backbone of security in IT. For a long while, the network was only accessible via a direct connection to the servers that housed an organization’s data. That meant that for all intents and purposes, security was completely under IT’s direct control. Admins employed several security tools that surrounded their organizations, forming the foundation of the perimeter security model. This defense in depth approach included layering of security tools.
At the network layer, firewalls, VPNs, and intrusion detection systems were used. Access control and multi-factor authentication covered the application layer. Encryption locked down the the data layer. These and many other tools created layers of defense around an organization’s sensitive core of data, much like a castle. This approach worked well when threats were generally on the outside and everything valuable was on the inside.
A Changing Landscape
With the general shift of IT toward the cloud, security models have had to adapt to cover resources outside of IT’s direct control. The zero trust security model, for instance, is one that has risen in popularity and is now used even by tech giant Google®. Security-as-a-Service is a natural progression from this trend, showing how security tools can make the shift to the cloud.
SECaaS is the use of cloud-based software hosted by a third-party to improve your organization’s security posture. This also optimizes the Total Cost of Ownership (TCO) of an IT organization’s security toolset by reducing on-prem server costs, access license fees, and management overhead.
The CSA breaks SECaaS down into ten subset categories:
- Identity and Access Management
- Data Loss Prevention
- Web Security
- Email Security
- Security Assessments
- Intrusion Management
- Security Information and Event Management
- Business Continuity/Disaster Recovery
- Network Security
IAM and SECaaS
Per the CSA, IAM is the first category of SECaaS. IAM has long been an underlying component of security. Like its other IT security tool counterparts, it has been located on-prem in the form of an identity provider like Microsoft Active Directory (MAD) or OpenLDAP.
Both of these solutions are incredibly popular in the IAM space, which, unlike the other categories of SECaaS, seems to be firmly rooted on-prem. Of course, using self-hosted, on-prem MAD or OpenLDAP cannot really be considered as an “as-a-Service” offering, so how can IAM be considered part of SECaaS?
IAM from the Cloud
Recent innovations in the IT world have paved the way for a new IAM solution: the cloud directory service. This Directory-as-a-Service® provides organizations with a cloud-hosted IAM solution, providing all the benefits of MAD or similar tools without much of the required work.
By using a cloud directory service for IAM, organizations can control the authentication and authorization needed to secure access to IT assets and other resources. In doing so, organizations also reap the benefits of SECaaS.
If you are interested in learning more about cloud IAM for SECaaS through a Directory-as-a-Service, please contact us. Our team includes the leading experts in Directory-as-a-Service and all things cloud IAM, and we would be happy to help you.