Good morning, everyone. My name is Unal and yeah, greetings to everybody. Who's joining us virtually for this session as well.
And today, this is a very interesting topic. As we talked, we are gonna see how RD access management has in the past few years merged as an instrumental force for you to adopt cloud security and cloud security. When I say it's not just a specific single cloud adoption, but it's across multiple clouds and we'll talk about exactly how RS management will help you to navigate across some of those multi-cloud specific security challenges. Yeah. So in the session, next 30 minutes, we are gonna, I'm gonna take you through what are the P around multi-cloud adoption?
What are the, the key security challenges which most organizations are facing when it comes to adopting, you know, multiple cloud platforms, how already access management has been able to address most of these challenges and how it'll continue to shape itself to make sure that any new risks, any new challenges which are going to be introduced as part of multi-cloud adoption are, are effectively addressed the considerations for identity and IM and security leaders. And finally, I'll talk about the recommendations and some of the action plans that you should take away with you from the session.
Alright, so talking about multi-cloud adoption, how well the organizations are coping up with it and what patterns and challenges have merged over the time to secure a multi-cloud adoption. All right. So these are some of the numbers and statistics from industry surveys that we have come across. So 85% of organizations are actively evaluating a multi-cloud strategy.
So they're looking at, of course, you know, how they can go around in the market and look for different types of cloud service providers and start using the infrastructure and services to migrate to, you know, those platforms, 55% of the organizations are actually as of present executing on a multi-cloud strategy. So they are exactly no. Or dealing with those challenges when they come to onboard or start migrating some of their workloads to the different cloud service providers and yes, 43% of them.
And I'm, I'm sure this number is, is gonna grow. They find a access management in the lead, in the lead position to actually secure your cloud migration journeys.
Now, these are some of the specific challenges we'll talk about for each of these challenges in more details, but yes, more and more organizations are adopting a multicloud journey. The common security considerations become diluted, distributed, and therefore difficult to manage across multiple cloud platforms. The reasons are very obvious. Most of these cloud providers have got disparate or very varied cloud security technologies and also maturity standards.
And therefore, I mean, not just the standards, but also the terminologies that these different cloud service providers use is can be sometimes confusing for a number of different people who don't have a very technical background and don't understand the integrities of some of those is specific technological terms.
So, you know, it's, it's important that we understand how different these cloud service providers are when it comes to even managing and even term, there is specific cloud functionalities identity is the sole security dimension that ties users and devices across this platforms to create a secure multi-cloud foundation and migrate your workloads to the cloud.
So think about, what's gonna be common when you move your workloads into these different cloud service providers, right? Additive remains that one single fabric that ties across these different cloud platforms.
And exactly if you can secure entities, I mean, we talk about parameter less world today. You know, your users and devices are working from anywhere from anywhere across the world, still is the security dimension that ties you across these different cloud security platforms.
And if you are able to secure that efficiently and effectively, you can make sure that you have a consolidated centralized way to administer your users, your devices, your entities, and therefore the access that you're gonna grant to your, you know, to your users to access different resources and then security and access governance capabilities are inconsistent across the cloud service providers requiring audit based security architectures to sustain and glide guide your cloud migration journeys. We'll talk about that as well.
Now, when you look into cloud adoption and not just cloud adoption, but multi-cloud adoption, these have come across as some of the key challenges based on the different surveys again. And if you see secured in the cloud remains the foremost concern of most organizations trying to go multi-cloud right. And of course there is remaining cost management, lack of expertise, resources, very technology, maturity, compliance, migration governance.
In fact, we are gonna talk about some of the other compliance and governance factors as well. When you talk about how TT and access management is able to address some of these, you know, top challenges in the, in the cloud.
All right. So what are the specific security concerns when it comes to multi-cloud adoption? So secure cloud migration, when you start to go on cloud, how you want to make sure that that particular cloud service provider is good enough for you to land your workloads, your applications, right. Zero trust.
I mean, we, I think have a track a whole entire yesterday to talk about zero trust, but I'm sure that, you know, zero trust still remains one of the key enablement factors when it comes to, to multi-cloud previously. Definitely we are gonna talk about previously as a very important aspect of moving to moving to multi-cloud cloud based privileges and entitlements management. This is a growing concern.
We are seeing different technologies coming in the market to make sure that you, they can help you address some of these challenges, but increasingly cloud service providers are also trying to deal with that and build some of the specific capabilities within to make sure that you are able to manage these cloud privileges and entitlements across the different CSPs open standards.
We want to make sure we are more flexible and agile in this world. And IM is the key for that, right? So we'll talk about some of those standards as well.
Automation, I think in the previous talk, we understood the importance of automation, but how can IM actually help you to accelerate some of your automation objectives, which is very important because when you talk about security, you don't want to talk about how you can automate security in a more effective way, and how IM can actually push you through some of those acceleration objectives, compliance, and also cloud access governance. We have different compliances to, to, to actually adhere to, and finally access governance.
We have been talking about that all the different access governance capabilities, but now this has to go across the clouds, right? It doesn't has to stay in your on-premises world. It has to go beyond that to make sure that you can do proper access governance across the applications, which are in the cloud and that to in the different clouds services providers, and you need a centralized managed way to do your access governance.
So therefore the cloud access governance. So I think these are some of the very specific key security concerns.
When you try to move to a multi-cloud adoption now is I'm your Swiss knife. I'm not going to say that I'm is going to be a Swiss knife to make sure that, you know, when you go to multi-cloud, it'll help you in everything. I let you be the judge after some of my slides, which I'm gonna present. And then we'll check back again, right. That do you think IM is gonna be able to make sure that you adhere to and help you navigate to some of those security challenges? Right.
So, yeah, let's, let's dive into some of the technical aspects of it. Now, when I talked about securing the cloud migrations, right? It's an important aspect of it, right. And how different cloud service providers are addressing it's, it's, it's very different.
And as I said, you know, we read, this is a very specific example of Azure and how we help customers lend onto Azure with creating a secure lending zone.
So again, it's a term, but yes, essentially it's a predefined concept. Or I would say pre-provision environment for you to host your workloads.
It is, it comes with some built-in features that you can start using and create a P provision environment for you so that you can simply lift and shift your workloads into the cloud. Now, when you try to, I mean, it's, I think it's it's, if you look at the definition lending zone is to ensure that when a workload lends on a CSP that require plumbing is all in place, providing greater agility and compliance.
It's, it's obvious that, you know, when you move, let's say in a new house, you wanna make sure that, you know, it has got the, it has got the right plumbing in place.
It has got the electricity going. It has got the right sewage connection. It has got the, you know, the sockets working, right? So it's exactly that when you try to move to the cloud, you understand that you have the right infrastructure in place.
You have the network connectivity figured out, you have the segmentation figured out you have the basic built-in functions already figured out in place so that you can simply move your workloads into the cloud. Now, when you do that, you would see that audited access management still remains a very key aspect for you to secure some of those plumbing aspects of it. So when you load your workload, when you move your workload into the cloud, how audit access management can help you to figure out what are different roles that the users will have. Those would be developers.
Those would be cloud administrators.
Those would be other, other application, you know, developers as well, who want to have access into some of the cloud lending zones and with art access management, essentially, it would be a role based access control that you want to use to make sure that all these different roles have the right privileges and right access into the landing zones. And essentially you are going to have the different kind of art access management policies to make sure that you can navigate these different roles for your secure lending zone concept.
Not only that you will probably look into how, when you move the applications, the applications will have their own IM and security roles as well. So Anex management is gonna help you even to move some of the security policies for these applications into the lending zone. So if you see you have got Anex management there, you have IDEXX management and the policies right here in the applications.
And definitely you are going to have some of the networking and shared services, which are also going to be guided by your IM policies.
So I'm still remains a very key component across your secure lending zones for you to make sure that you are able to, again, secure your migration concept for landing zone or creating a landing zone. This has been a very instrumental, I would say very important aspect. When you start to move your workloads into the cloud and create, you know, a secure landing zone or, or any other term that which other cloud providers might be using.
Well, zero trust. As I said, we have been talking about in the last, last day's track entirely, but yes, at Microsoft, we talk about some of these specific zero trust architecture principles very far, explicitly, no matter how many, you know, what you are, where you're coming from, we want to take all those different signals to make sure we are able to specifically understand what's the risk that you are, you are carrying what's the specific device risk from the device that you are using.
What are the various data points, including identity, location, device health, any of these different classifications and data anomalies that you can correlate, and to make sure that you, you can ascertain who the user is, who he's trying to claim, right? And then we have also got the least privilege. We want to make sure that you have the people have the right just in time and just enough access to access the resources based on all the different risk based adaptive policies, data protection, which help you to protect data and productivity.
And also that you remain in a heightened readiness state. And for that, how we can restrict your, I would say your breach surface or attack surface, and also, you know, limit the later movement of users across the different, you know, different segmentations via network devices and application awareness. So I think for, for zero trust, it's important that we understand Anex access management can help you achieve all these three principles of zero trust. So an management can help you to get all these different, I would say risk signals when it comes to authentication and authorization.
So it can help you to verify the users and devices explicitly. We all know about tool, access management, how it can help you to ascertain the principle of lease privilege when it comes to cloud migration. So IM can help you to even, I would say, enforce the least privilege for your different cloud service providers.
And of course, when you talk about a zoom breach, how I management can get you to a stage, or I would say can help you to correlate some of the different segmentations across the network and limit the users, literal movement across different segmentations in the, in the, you know, multi-cloud environment. So, yeah, I would, what I'm trying to convey from, from, from this is that I am, is actually going to help you drive your zero trust architecture as well.
All right. So this is the Microsoft zero trust architecture. It's probably very well known concept.
And you would see as how Microsoft within Azure 80 is helping you, for example, with entities to provide and devices, to gather all the required information and signals from multifactor authentication. It helps you to gather all the different user in session, risk device, state risk, including device inventory, to gather all those signals fed that into a very, very intelligent policy engine, which takes the threat in intelligence signals, depending on, I think somewhere about hundred terabytes of data that it crunches to derive those threat signals.
For example, what are the passwords, which are leak on the internet? What are the different, you know, new attack signatures, which have surfaced in the market, what are the different IP addresses, which have recently turned malicious, all that information that can, can use to flag your realtime, realtime policy evaluation and risk. And from there, it can do a runtime access control management for the access into the network and infrastructure applications, and also to the data.
So, yeah, I mean, what I'm just trying to say is anx management still remains very relevant when it comes to applying and enforce your zero trust architecture principles
Previously. Now. So can I management help you manage previously to an extent yes. Whenever it comes to most important and immediate needs, when it offer your privacy management, I am can help you really ascertain and also build some of these specific previously management functions talk about collection of data. So identify the data.
IM can exactly tell you what data you want to collect from your users, be it username, email addresses, region, phone numbers, right, what data that you want to make as PI data, what data you want to not keep within your I repositories, or even to, you know, want to, I would say, give to your cloud service providers as part of a cloud migration. You want to keep that within the applications and have the applications squared, the backend databases to make sure that data is still remains. On-prem whatever kind of mechanism you want around keeping your data and encrypted private on-prem.
I can help you actually manage D data as you want to. And based on your, again, your previous, you know, concerns, I would say consent management, acknowledgement and recording of user consent. Yes. Most IM tools now have, have been building these native capabilities to give you the consent management functions. So you would see, for example, all the CRM services, CRM tools, they provide you the capabilities for at least consent management, visual users, you know, can consent to specific transaction, or whenever they're trying to access a particular application resource.
And I think those have gone to an extent where you can upload the recent, you know, discrimin policies, consent management practices for the users' te acknowledge. And that can even keep record of when the user has consented to what has consented to and all of that, including yeah. Certification and withdrawal of the consents as well, a direction of privacy breach, including triggering breach notification and remediation processes like access vocation records, Deion, et cetera.
So whenever there's a privacy breach, you know what to do, which users you need to take out of the applications, access, which users you need to restrict access for all of that is possible using your IM and finally adherence re certification to data previously. And so guidelines, as I mentioned, you know, if you think that you want to, to specifically restrict some of the data and the users' information to let's say in a particular region, we talk about GDPR a lot. We have seen the customers who want to restrict the user information into, let's say, into particular region.
So how you want to adapt some of these specific cloud service providers and make sure that particular data remains in that region only. So let's say while trying to create a specific service in a particular CSP, you want to make sure that, that, you know, the user's information remains in that particular region. That's possible, depending on what kind of data centers, what kind of services that you are gonna select as part of your CSP adoption. So this exactly where we talk about adherence to data previously, and so guidelines using your, a access management.
This is again, something which we talk about trying to manage privileges and entitlements in a typical hybrid access management scenario. Now, I talked about all these different roles that need to be managed when you move into a multi-cloud, you know, adoption pattern or journey, right? You have got resource owners, product owners, application owners, administrators, and users, all these different roles.
Now you have an on-prem in a typical world, you'll have an on-prem IG solution where you are using crunching all these different roles and the role entitlements to do the, I would say role mining, role definition, role creation, role maintenance, optimization, entitlements management, basically, right? And then, you know, you have a policy engine, which actually helps you to, to use those roles across the different applications. The owners can request, you know, request those roles, create roles.
The users can request those roles, those go for approval and all that right now, when it comes to the cloud service cloud service providers, how you are gonna use the same model that you have been using for your applications, on-prem for the applications that you have this clouds, right? So different cloud providers have got different mechanisms, right?
And it's, it's very difficult for you to have a very consistent approach across all these cloud service providers. In this example, I'm just trying to say, for example, CSPA is using a native policy agent where you can push the intelligence to via app proxy, right?
Some other CloudFlare providers has the APIs where you can send the authorization claims directly, and the applications where they have a built-in PP can consume those elements from and enforce those authorization decisions. There might be CloudFlare providers who provide no capability. There's a broken policy management.
Basically you have to push the entitlement records using flight files for these applications. And they have to do that. You have to do that on a regular basis using whatever, you know, automation mechanism via script or whatever. And finally, you might have a private cloud presence where you want to have your own database with applications fetch these permissions from your internal database and use this authorization to, to, I mean, element to make the authorization decisions.
Now, this has been the typical hybrid access management scenario with Anex management, to an extent you are able to address most of these concerns because not only your IG providers are trying to move the capabilities to the cloud, they are trying to push you through some of the, some of the concerns around managing these entitlements in the cloud environment, in a more cohesive manner.
We are seeing new vendors coming to this space.
For example, Microsoft has recently quite cloud knocks, but we have other vendors in the market as well, where we are trying to do the cloud infrastructure, entitlements management. And as part of those new capabilities, we are trying to address that we not only manage entitlements, which are meant for applications in Azure, but also for other cloud providers as well. And I'm sure this is something which is going to be important.
I don't think this is a very ideal situation right now in the market, but hopefully as the capabilities emerge, different providers provide newer capabilities to make sure that, I mean, IG providers are gonna, I would say, extend the capabilities to meet some of these functions for CSPs. CSPs intern are building their own capabilities to make sure that they're able to consume these elements from wherever, whether in the cloud or from on-prem and give the authorization and privileges to your applications in the cloud and across the cloud.
I probably have to run a little bit, cuz we are short on time, open standards, right? So I am, when we talk about these standards, the first thing or the first thing that comes to your mind is a management, right? You talk about Federation standards, oth open ID sample IM provides that.
I mean, which IM tool probably today doesn't support these basic Federation standards. We all do that right? When it comes to provisioning scheme is open standard. We want to make sure that, you know, I tools are able to support these, these, these, you know, standards to make sure you're able to, to provision users, devision users, to applications which are built in, in your, in, in, in provide ready, ready connectors for these applications, Fido w three C web and even decentralized ID foundation, right? We have got verifiable credentials and decentralized entities.
Anex management to an extent is able to push you and make sure that some of these concerns for your I and for your security cloud adoption are addressed to an extent, not to an extent, to a great extent, right?
Security automation. Yes I am. Can help you there as well. And you are probably, you can exactly understood understand from this, this slide here, how I can actually accelerate you to move into the multi-cloud adoption pattern, right? So it can help you to onboard applications really quick.
You don't have to really, you know, do a lot of stuff around when you move your applications into the cloud. Most of the CSPs are actually providing you with the application galleries where you can simply go adopt these applications, start working on. They'll also provide you ready templates for you to move your applications into the cloud via different onboarding fact, you know, facilitators, including native application connectors for most on-prem and SaaS applications, low code and no code automation. I think we talk about low code, no code a lot. Yeah.
These are the platforms which give, you know, the different kind of developers, not developers, but citizen developers, the capability to start working on developing applications real quick and fast.
And I think art management can actually facilitate that is actually facilitating that already, right?
Because you know, you need to provide these basic functions for authentication, authorization, auditing reporting, and, and when it comes to the lack of developers in organization, or even the interested citizen developers, they are gonna use these specific functions to build their, build the security cable at those small life cycle stages of your low code, low code application development. So I can actually facilitate that at a, to a great extent as well. And then of course, accelerated DevOps.
So we have got DevOps, continuous integration and deployment pipelines through the mechanism of, you know, secret and credential management IM can actually help you even accelerate the DevOps processes too, into a very, very extent secure those processes. I'm not about RPA RRP, probably process automation has, has seen a lot of help from IDEX management already. Yeah.
So I think we are almost time, but yeah, I want to give you this opportunity to tell me, you know, whether the six knife check and to what extent you think that IM can still help you to navigate across, you know, navigate you through your cloud option journey. So you are your best judges here, and I'm sure that you would realize now that Alexei management to an extent is really important when it comes to moving your cloud option pattern forward in a more secure way.
No, I think from that check, just going to be retailing, some of the, some of the conclusions that we have made for you to do a quick validation check here, secure cloud migration landing zones, yes. Zero trust enablement IM supports most of those principles for you to enable the zero trust previously management. It gives you the basic building capabilities to meet those immediate basic previously management capabilities, cloud privileges and entitlements management IM is addressing that to a great extent, IGA CSPs, yes, open standard support.
We support developers through all those standards. It can help you to move that forward. Even accelerate, help you to support some of those open standards to be more flexible and agile automation. Yes. So IM can help you to accelerate automation for your local NOCO development for your RP initiatives, for your, you know, DevOps principles as well. Compliance adherence.
We have talked about privacy management and GDPR, not just GDPR, but also Sox PC IDSS, all of that can also be part of your, how management can help you meet some of those compliance guidelines and finally achieve cloud access governance. We have been talking about basic, you know, access approval methods, certification re-certifications and different access governance capabilities in terms of dashboarding and reporting capabil cloud access governance can also help you to achieve that across cloud.
So yeah, with that, I think it's time that I'll probably try to wrap this up. There are some very quick recommendations that you want to take away. And I think when last minute to wrap this up, I'll, you know, prepare for cloud adoption framework. We talk about the calves with a focus on ID, access management, to improve the security and management efficiency of your workloads, create the lending zone with consistent IM policies and objectives, preferably using repeatable blueprints and templates across your cloud platforms.
When I talked about the landing zone concept, it might be different from different cloud service providers, but yes, you have got red templates and blueprints that can actually push your security policies using these blueprints into the cloud. So you have a consistent way of managing those security policies and IM across the cloud, across the CSPs plan for and adopt RD based zero trust architecture before starting cloud migrations. We know zero trust is a state it's, it's more of a deployment approach. It's not a technology, right? That you can simply go and buy from the market.
But yes, when you try to move your CS, your, when you try to go into your multi-cloud adoption pattern journey, make sure that you have a zero trust architecture principles laid out clearly. And those are built into your IM framework so that you can move that into the cloud address.
Your previous in compliance management requirements through IM capabilities I providers are now having those native built in capabilities that you can use bridge privileges and entitlements management discussions early in the CSP selection and planning, and finally extend your IM to achieve required products as governance across your CSPs to mitigate the risks and drive continuous compliance. While with that, I'd like to thank you for the session and I hope you enjoyed
Perfect.
