Identity Management Converging with Zero Trust E049 2024 12 16A Bit of Security for December 16, 2024
Today we’re talking about identity management, specifically how it is evolving, and how that evolution will lead it to converge with certain zero trust principles.
We’re getting into winter here in Connecticut. It’s cold. I used to think nothing of heating up the whole house to stay warm indoors. Now, I leave the thermostat down a bit to save energy and cut costs, and I wear a light sweater indoors. This serves as an analogy for one dimension of growth for identity management – collapsing the perimeter to the point that we are applying identity management to the individual. The perimeter doesn’t disappear, it becomes the boundary for the subject of the identity management systems and processes. Processes like separation of duties apply naturally to individuals. Using groups, and with Role-Based Authentication, opens the door to errors.
The second dimension of IAM evolution focuses on non-human identities: processes and components that must be isolated from certain environments. What are non-human identities?
1. Some IT processes require a service account. In DB2, every view requires an owning userid. Typically this was the database administrator who set up the view; but over time that person may move elsewhere but the userid must remain, or the view will be lost. 2.
2. Consider an encryption algorithm that tries to modify a database: this could be a symptom of a ransomware attack. Most bad actors don’t bring along their own encryption code, they prefer to live off the land – and use whatever they can find on the victim’s machine to scramble sensitive data.
3. In cyberphysical systems, some components interact differently depending on the environment. That is, they adjust to the changing environment.
By analogy, in my apartment there are some things that are completely static: the table is a table and nothing else. But there are some things that have sensors – my thermostat, for instance, or my cellphone. Note that in this instance I’ll predicate that a timer is a sensor – so my alarm clock has a sensor, and an actuator, too. To control the interactions among entities in my apartment, I need to establish and maintain a constant sense of trust for all the stuff – people and things that have sensors, processors, and actuators – I need an identity management capability that can correctly and appropriately assign and manage identities for all those things. And when something unidentified moves in the apartment or on the network, I need a system that alerts me to the unauthorized action and takes the appropriate countermeasure – turn off the faucet, shut off the alarm, swat the bug, or suspend the misbehaving process.
Then comes the process of first failure diagnosis: how did the faucet turn on? How did that bug get inside? And what do I do to make sure that doesn’t happen again?
Identity Management is Converging with Zero Trust
A Bit of Security for December 16, 2024
Identity Management is converging with Zero Trust. Listen to this -
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #idm #zerotrust #zt #identitymanagement #iam #BitofSec
Музыка
Фильмы
ТВ Шоу
Категории видео
