Identity as the new perimeter

Identity management should replace perimeter defence as the primary security layer, driven by the new era of cloud service and mobility.

CA's top security execs told delegates at the CA IT Management Symposium Africa last week that an outside-in approach to security is the only way to remain relevant as IT operations continue to evolve. And by doing so, security managers can work themselves back into the good graces of their users, and make security an integral part of business processes.

"Companies are starting to embrace the idea of an open enterprise," says Paul Ferron, director of security solutions EMEA, CA Technologies. "The changes that are now happening are driven by a perfect storm, what Gartner calls a 'nexus of forces': social, mobile, big data, and cloud. Those things are really changing how businesses behave and how people are interacting with IT. And before, IT could get away with preventing it, blocking access, saying 'it's not possible'. But today that's just not a valid answer any more. People know it's possible."

So many enterprises find themselves with "shadow IT", Ferron says, with users buying IT services from the cloud, exposing data and business processes to risk and unnecessary expense.

But the security manager must embrace this new paradigm, not try to stamp it out, contends Hila Meller, head of security strategy EMEA for CA.

"One of the biggest changes is in how security personnel position themselves," says Meller. "A security manager can become much more interactive in how they work with the organisation. They can start speaking the business language, and become more proactive in the way they engage security with business projects, rather than the traditional reactive, negative approach."

The transition is vital for security managers and CIOs to remain on top of the cloud-driven IT revolution, but does require heavy lifting. Evolving an entire security operation from a proscriptive to an enabling model requires extensive rethinking of processes, resources and policies.

Ferron describes a banking customer, which - faced with growing complexity of products with a tangle of customer data - embarked on an extensive programme to create a single central identity management platform, which feeds the various lines of business. Doing so streamlined the operation and allowed new products to be delivered with minimum effort.

In most organisations, once identities are reconciled and managed across internal services and external cloud providers, provisioning (and deprovisioning) users and services can be achieved faster, more consistently, and at lower cost, Ferron says.

CA has positioned several of its products to deliver identity-centric security, in public, hybrid and private cloud deployments.

The CloudMinder suite provides identity management, single sign-on and advanced authentication, with support for industry-standard connectors like OAuth, OpenID, and WS-Security, integration with existing identity providers including Microsoft and Google, and APIs for third-party extensions.