Identity is the New Black

June 9th, 2013   /     /   Smarter Identity

This is a guest post by OneLogin customer Mike Kail, Vice President of IT Operations at Netflix. Mike has more than 20 years of IT Operations experience with a focus on highly scalable architectures. You can read more posts from Mike on his blog Waxing Laconic.

I am writing this blog post from Corporate|Home|Coffeehouse, the simple point being that location alone shouldn’t either provide more security, or, worse yet, a false sense of it. The practice of a singular Firewall gateway “protecting” the Corporate Network and/or requiring users to connect to a VPN in order to access assets and data is rapidly going by the wayside. In this Consumerization of the Enterprise world, every employee is, or should be able to be, “mobile”. So, if a Network Security Architect isn’t able to contain users and data with an appliance, what should be the new strategy?

If one thinks about the commonality across SaaS, Public Cloud, and Private Cloud assets, that would beIdentity. Identity and Access Management (IAM) used to be simply relying upon Active Directory and/or LDAP authentication, but in this Enterprise IT 2.0 world, Identity now expands outside of the legacy perimeter and into the Cloud Identity Providers such as OneLogin.

Cloud IdPs, along with standards such as SAML_2.0, provide IT departments with a centrally managed Identity and Access Management location and the ability to seamlessly connect users with access to hundreds of SaaS applications, Public Cloud assets, as well as services that are still in a Company’s Data Center. Until we reach a point where basic password authentication is replaced, this strategy at least guarantees that users only need to maintain one strong password and IT departments can also require two-factor authentication to the Cloud IdP portal (much like I just implemented at Netflix).

Behind the scenes, InfoSec teams can work on implementing automatic audit log checking and anomaly detection solutions to ensure that data is being accessed by both the correct user/device, as well validating Geolocation.

In an upcoming blog post, I’ll describe what we’re doing at Netflix to move Identity and Access Management to OneLogin as the “source of truth” and the defense in depth efforts including moving to a Zero Trust Network Architecture.

About the Author

Mike D. Kail has been Chief Information Officer and Senior Vice President of Infrastructure at Yahoo! Inc. since August 2014. Mr. Kail serves as Vice President of IT Operations at Netflix. He has more than 23 years of IT Operations experience with a focus on highly scalable architectures. He serves as an Advisor at Maginatics, Inc. Prior to Netflix, he served as Vice President of IT operations at Attensity, where he was responsible for the Americas data center operations team, including managing various Big Data systems including their Hadoop cluster, HBase and MongoDB components. He served as Advisor of Netskope, Inc. since October 2013. He serves as Customer Advisory Board Member of OneLogin, Inc. He serves as Member of Customer Advisory Board of Context Relevant, Inc. He serves as Member of Executive Advisory Board at BlueData Software, Inc. He serves as a Member of Advisory Board at SnapLogic, Inc. Mr. Kail holds a B.S. in Computer Science from Iowa State University.

View all posts by Mike Kail