This is a guest post by OneLogin customer Mike Kail, Vice President of IT Operations at Netflix. Mike has more than 20 years of IT Operations experience with a focus on highly scalable architectures. You can read more posts from Mike on his blog Waxing Laconic.
I am writing this blog post from Corporate|Home|Coffeehouse, the simple point being that location alone shouldn’t either provide more security, or, worse yet, a false sense of it. The practice of a singular Firewall gateway “protecting” the Corporate Network and/or requiring users to connect to a VPN in order to access assets and data is rapidly going by the wayside. In this Consumerization of the Enterprise world, every employee is, or should be able to be, “mobile”. So, if a Network Security Architect isn’t able to contain users and data with an appliance, what should be the new strategy?
If one thinks about the commonality across SaaS, Public Cloud, and Private Cloud assets, that would beIdentity. Identity and Access Management (IAM) used to be simply relying upon Active Directory and/or LDAP authentication, but in this Enterprise IT 2.0 world, Identity now expands outside of the legacy perimeter and into the Cloud Identity Providers such as OneLogin.
Cloud IdPs, along with standards such as SAML_2.0, provide IT departments with a centrally managed Identity and Access Management location and the ability to seamlessly connect users with access to hundreds of SaaS applications, Public Cloud assets, as well as services that are still in a Company’s Data Center. Until we reach a point where basic password authentication is replaced, this strategy at least guarantees that users only need to maintain one strong password and IT departments can also require two-factor authentication to the Cloud IdP portal (much like I just implemented at Netflix).
Behind the scenes, InfoSec teams can work on implementing automatic audit log checking and anomaly detection solutions to ensure that data is being accessed by both the correct user/device, as well validating Geolocation.
In an upcoming blog post, I’ll describe what we’re doing at Netflix to move Identity and Access Management to OneLogin as the “source of truth” and the defense in depth efforts including moving to a Zero Trust Network Architecture.