Headline
Why Your Identity Is the Key to Modernizing Cybersecurity
Ultimately, the goal of creating a trusted environment around all digital assets and devices is about modernizing the way you do business.
Alex Simons, Corporate VP, Product Management, Microsoft Identity and Network Access
October 14, 2024
5 Min Read
Source: Brian Jackson via Alamy Stock Photo
COMMENTARY
In today’s digital world, threats are around every corner. The technology behind attacks is increasingly sophisticated. Actors include criminal organizations seeking big payouts and nation-states conducting espionage and looking for opportunities to create chaos.
At the same time, the world continues to transform rapidly around us. With artificial intelligence (AI), we’re about to go through the biggest business transformation since the widespread adoption of the Internet, and the bad guys are also exploring how they can use AI for harm.
In a mobile, cloud-first, AI-driven world, companies must be ready to use world-class technology and processes to protect themselves, their data, and their people, wherever they go.
Today, those technologies are coalescing around a modern vision for what is, at its heart, one of our most ancient security solutions: our own unique identity. Let’s take a look at how a modern version of this ancient solution can help protect our digital lives.
**Your Castle Walls Have Fallen. What Now? **
Fifteen years ago, the world’s security best practice was a “moat-and-castle” model. Organizations kept their most important resources inside their office networks and wrapped a firewall around them.
As long as their people and resources were inside the wall, everybody could connect to everything as the entire estate was trusted and contained. Your biggest concerns were insider threats or invaders trying to storm your firewall.
Today, many employees are embracing hybrid and mobile workstyles. We’re also adding cloud-scale AI that, by design, is not inside the firewall, while highly mobile workers use VPNs to access applications while outside the network. All this makes the old moat-and-castle security paradigm terribly outdated.
Additionally, in many ways, companies are becoming cloud services — as their partners, suppliers and customers increasingly interact with them through digital experiences for product discovery, ordering, payment, invoicing, customer service, and customer loyalty programs.
Since Data and People Are Always in Transit, Security Should Flow Wherever They Go
In a world where every organization is a cloud service that needs to securely interact with everybody and everything, companies must ensure that all of their connections are secure and that only the right people, software, devices, and networks are allowed access.
This is known as a zero-trust model. In a zero-trust environment, every time a user, a device, or a workload wants to access your digital assets and services, they have to prove that they, their software, and the network they’re using are all trustworthy. This is why identity plays such an important role in this new security model. By default, all access to everything is closed off until you have a strong proof of the identity and authenticity of the person and of their device.
Designing, deploying, and running this kind of identity powered zero-trust enterprise environment can be challenging. It requires having a coordinated strategy across multiple teams to design, deploy, and run a security solution that brings together user and workload accounts, device management, device protection, network state, and an inventory of digital resources and permissions, and enables the enforcement of adaptive, granular access policies across the enterprises entire digital estate.
**Identity: Even More Important in the Era of AI **
If your organization doesn’t have this kind of identity-centric zero-trust model in place today, moving to an AI future is going to be risky and challenging. When you deploy a large language model (LLM) assistant, it becomes incredibly easy for employees to find content from across all your documents and files, even the ones you didn’t know they had rights to access.
And that also means an intruder could use the AI assistant to run queries for assets that they never should be able to find. Where organizations used to have the benefit of obscure file hierarchies to waste an attacker’s time, today’s super-smart AI engines make it incredibly easy to quickly find information anywhere it’s stored.
The solution is something called “workload identities.” A workload identity is the identity your software systems use to get things done. Having your co-pilot or your LLM use a workload identity with well-managed permissions means that it can only get to the specific documents and files you allow it to access, which enables you to govern and secure the LLM’s access just like you would for any user.
Modern Security Benefits Everyone
Ultimately, creating a trusted environment can modernize the way you do business. Now, employees can work from anywhere. The company can hire talent it wouldn’t have access to before. The company can work directly with customers and suppliers digitally. And you can do all that in a world of cloud, AI, and mobile resources that can easily scale up and down.
Employees, partners, and customers all get a seamless experience on the devices they choose, wherever they want to work. And chief information security officers (CISOs) can be confident that it’s happening with security omnipresent.
And it’s all made possible by focusing on the oldest access solution of all — your own unique identity.
About the Author
Corporate VP, Product Management, Microsoft Identity and Network Access
Alex Simons is corporate vice president, product management, Microsoft Identity and Network Access Division. He is responsible for driving the vision and strategy, product roadmap, and feature design of the Microsoft Entra Suite. He prides himself on being deeply connected to customers and has direct relationships with many of Microsoft’s largest enterprise customers. In addition to managing his own team, Alex is responsible for partnering with teams across Office, Windows, Azure, Visual Studio, Dynamics, Xbox, and LinkedIn to deliver world-class identity experiences and security and compliance controls.