<>
| |December 20199ery application, server, and service needs to thor-oughly identify the connection and access re-quests--and passwords are not good enough. In the old paradigm accessing the corporate network required either a physical network connection or VPN access utilizing multi-factor authentication. With all assets being directly on the internet each individual application, server, and service needs to require multi-factor authentication. Also inherent in implementing "Identity is the new perimeter" is the management of users and user accounts. Each person should have 1 identi-ty and that identity should be utilized across all of the assets. If a user leaves your company then all applications, servers, and services should know immediately that the user is no longer permitted to have access. Having a central, cloud based iden-tity management tool integrated with a SAML based Single Sign-On tool will help secure the "New Perimeter". In this new paradigm, your business is uti-lizing SaaS applications and internally written applications running IaaS and PaaS in the pub-lic cloud. In both of these situations you will be depending on the service provider for much of the security and you need to do your homework. SaaS providers should provide you with inde-pendent reviews or audits that show proper secu-rity controls are in place and that the application is free of vulnerabilities. A SaaS service that is SOC 2 Type 2 Compliant indicates that the ser-vice follows secure practices. A clean third party penetration test and vulnerability scan shows that the application is free of known vulnerabilities. Many SaaS applications provide you with the ability to configure the application to your liking. Ensuring that the application is configured correctly and securely is critical and is something that your security team should do.Speaking of secure configurations, most of the primary public cloud providers of IaaS and PaaS services have sufficient certifica-tions to show secure practices. However, these certifications show that the IaaS and PaaS services themselves are secured. It is very possible to use these services in an unsecured way. It is very im-portant to use the features provided to create secure applications in secure network segments just as you would if you hosted these applications yourself. Your end users will be working directly on the internet. Keep-ing them safe when web surfing is a critical function that cannot be overlooked. In the old paradigm we used on-premise proxy servers to protect the users. In this new paradigm, a cloud based proxy type service should be used. These can also help enforce HR and business policies for acceptable web content.The security controls in this paradigm are very similar to those we have been using for years. The difference is, we are using the cloud to secure the cloud. And since the business is moving quickly to the cloud, it only makes sense that security should do the same. Joseph DiBiase, Director Global Information SecurityHaving a central, cloud based identity management tool integrated with a SAML based Single Sign-On tool will help secure the `New Perimeter'
< Page 8 | Page 10 >