The fast-changing world of cybersecurity can be complex, with plenty of news to sort through to find out what will affect IT systems in the months—and years—to come. In terms of cloud identity, zooming out to see the big picture reveals three particular trends that are poised to make a huge impact on security: the Internet of Things (IoT), Big Data, and the concept of identity itself. Let's take a look.
The Internet of Things and identity management
The IoT refers to gadgets that formerly functioned only offline but have now become equipped with Internet access to enable enhanced features. While it's clear the IoT includes many fascinating innovations (case in point: WiFi-enabled shoe inserts for better balance), it has also presented a cybersecurity risk in recent years.
The threat presented by the IoT was highlighted a few months ago. In October 2016, a distributed denial of service (DDoS) attack took over some 100,000 Internet of Things devices and repurposed them into machines dedicated to disrupting access to the domain name system, temporarily bringing down Netflix, Reddit, Twitter, CNN, and more. But such massive incidents haven't stopped the increasing investment in IoT. There's more of this to come, particularly with the rise of malware like the Mirai botnet. The increased number of IoT devices means we need stronger identity checks for access to many devices we didn’t need them for in the past.
So what does the IoT mean for cloud identity and access management? It turns out that IoT cybersecurity news isn't all threatening. In fact, IoT can be part of the solution. As we previously explained, IoT wearables such as the Apple Watch can function as a factor in Adaptive Multi-Factor Authentication. For instance, an Apple Watch can not only determine location (which can trigger certain policies), but also leverage something like Okta Verify to implement MFA. That said, including non-core-to-business devices is a conscious decision companies need to make. If they decide to include IoT devices, they need to properly segment and secure their network while ensuring employees have the right levels of access. It is critical that devices follow rigorous security practices—even in the cloud.
Big Data gets bigger, showcasing the need for security
Big data refers to the automated gathering of massive amounts of information and the analysis of it to improve outcomes. It is particularly effective with cloud-based systems, because the data hosted virtually there can be more conveniently stored, analyzed, and connected with other data. Relying on the cloud to store big data typically means lower costs and increased speed. Local systems often maintain their records in silos, where it's hard for analytics algorithms to access them. Cloud-based big data allows for more efficient work with larger data sets—that means more options for analysis, often at lower computational costs.
However, all that stored information makes up potential goldmines for hackers. These malicious actors, typically hunting down personal identifying information for the sake of conducting identity theft, might breach higher education records, health databases, or other wells of data to steal and sell the info therein. With the shift to the cloud, we need to make sure that security is at least as rigorous as it would be elsewhere—especially given the increased volume of data.
That's why smart companies partner with cloud identity providers who have a proven track record of success, providing secure interfaces between personnel and apps, along with real-time reporting and auditing for compliance regulations (including HIPAA, HITECH, SOX and PCI). Although legacy systems may have once been the best option, they haven’t been able to adapt to changing business needs. The trick is to move to the cloud and in a safe, secure way.
Identity's importance becomes a concern everywhere
Identity can be a difficult-to-define concept. To what extent are we who we are because of nature, and to what extent because of nurture? Do our actions define us? The question takes on a technical aspect in cloud identity: What factors constitute proof of who we are? Do the devices we possess count as evidence? Does our location define us, or our idiosyncratic ways of moving a cursor around a screen? As more companies move to the cloud, they need answers. Do the right people have the right access to the right resources? That need will become ever more pressing as time passes.
In the near future, dynamic, multi-factor authentication of identity is going to become an integral part of daily life, not just something businesses think they should tack on someday to meet checklist requirements. Strong authentication isn’t just about memorizing a password—in addition to something you know, it should also include something you have, and something you are. For example, establishing user identity will be a consideration for driverless cars, for new ways of remotely accessing company systems (say, via an Apple Watch), and even for location-based equipment that helps gather employees in emergencies. While these factors are variable depending your needs, MFA is a key part of this stronger security posture. Just as retailers are moving toward recording shoppers' identities whenever possible, just as home security systems use facial recognition or voiceprint technologies, so too employers will be doing the same: determining that someone is who he or she says, and providing the right access to information or tools accordingly.
Turn to the established experts
The topic of cloud identity is one facing constant innovation. Okta has kept thousands of customers on the forefront of the latest cloud identity tools and trends. Contact us to find out how we can become a trusted partner to help protect your company.