Three Strategies For A Secure Hybrid Enterprise

September 19th, 2017   |     |  smarter identity, security & compliance

Last year, Gartner made a bold call on cloud computing. The firm claimed that, within four years, enterprise “no-cloud” policies would become as obsolete as no-internet policies are today. Few business leaders have been able to shield their companies from cloud adoption – nor should they want to.

Cloud computing, from SaaS apps to IaaS, has unlocked new levels of corporate agility and innovation. The technology has even given rise to a new class of “born in the cloud” organizations, from security startups like my own to sharing economy behemoths, and made it possible for legacy brands to keep up and compete. The benefits of being an agile enterprise are numerous.

With the right blend of cloud systems, organizations can respond swiftly to both internal and external factors, be it a large batch of new hires or a sudden shift in customer needs. But, as I’ve experienced working with organizations on their security upgrades, taking advantage of this scalability starts with overcoming the challenge of connecting your cloud and legacy physical resources. Here are my top three suggestions for organizations to start protecting themselves.

Putting The Pieces Together

The market for public cloud services was expected to reach more than $200 billion in global revenue in 2016, and grow another 17 percent in 2017. As more organizations move to a cloud environment, maintaining physical investments such as Wi-Fi access points, storage servers, monitors and mobile devices becomes increasingly difficult.

Even companies born in the cloud eventually amass physical resources that need to be managed and secured. But most of the time, IT departments lack a clear way of protecting these assets – and traditional security methods don’t always cut it.

When safeguarding your physical and virtual resources, I’ve found that it helps to have an approach that encompasses people and processes as much as technology.

A Future-Proof LDAP Solution

On its own, LDAP (lightweight directory access protocol) technology — which lets users locate individuals, devices, files and other resources over public internet or corporate intranet networks — doesn’t always measure up to the needs of hybrid enterprises. Some cloud directories lack an LDAP interface altogether, making it that much harder (and more time-consuming) to embed critical apps into a corporate IT environment. To operate as a hybrid enterprise without the headache, IT leaders can look to integrate their cloud and legacy systems through a cloud-based LDAP solution. Virtual LDAP technology picks up where its traditional counterpart leaves off, acting as a single intermediary to unify all of an organization’s corporate directories – from VPNs to Azure – whether they’re on or off-premise.

A New Security Philosophy

Securing corporate IT environments is often framed as an exercise in “keeping the bad guys out.” However, 60% of today’s cybersecurity incidents are linked to insiders – employees or business partners who already have access to company systems. From office Wi-Fi and corporate email to collaboration apps like Slack and Salesforce, employees log into dozens of systems on a daily basis that touch sensitive company and customer information. As your organization’s array of virtual and physical assets grows, you need a clear policy that outlines who can access each program and to what extent. For instance, most employees won’t need administrative-level access to your payroll program unless they’re in HR or accounting. strong>C-Suite Representation

The more cloud systems your organization adopts (and the more devices they access them from), the more essential it becomes to manage employee identities across each. Identity management often falls onto the IT department’s plate, but organizations can benefit by going a step further and recruiting Chief Identity Officers. Appointing a C-level executive to govern identity management ensures that there’s equal emphasis on investing in the right technology to keep everyone secure, outlining robust processes for onboarding and offboarding users, and educating all employees about safe cloud access behavior.

A successful hybrid IT environment is cohesive, not a patchwork of disparate parts. With the right blend of technology, personnel and policies, IT departments can unite and secure all of their systems.

Want to learn more about how you can keep company data secure? Click here to get a free OneLogin demo. This article was originally published in Forbes.

About the Author

Alvaro Hoyos leads OneLogin’s risk management, security, and compliance efforts. He also works with prospects, customers and vendors to help them understand OneLogin’s security, confidentiality, availability, and privacy posture and how it works alongside, or in support of, customer’s own risk management model. Alvaro has over 15 years in the IT sector and prior to joining OneLogin, helped startups, SMBs, and Fortune 500 companies with their security and data privacy compliance efforts. His commentary and articles have been featured in several publications, including CIO, CSO, Network World, Infosecurity, eWeek, and Help Net Security. Alvaro is a member of the Forbes Technology Council and has a B.B.A in M.I.S. and a M.S. in M.I.S. from Florida International University.

View all posts by Alvaro Hoyos

Secure All Your Apps, Users, and Devices