With the widescale adoption of cloud services, identity has assumed an increasingly important role in security operations. Because identity often serves as the primary gateway to sensitive applications and data, it has become a core security function.
In response to this expanded role, a new discipline called Identity Orchestration has emerged to offer a more granular level of control over user accounts, applications, and data. These capabilities enable security operations teams to enforce consistent policies and identify potential threats.
For example, Identity Orchestration can elevate security operations, including the ability to terminate active sessions instantly at runtime, perform forensic investigations, and enforce policies consistently across multiple systems at runtime. By implementing it, organizations can improve their overall security posture and better protect themselves against evolving identity-based security threats. Especially in the cloud, where identities are the security perimeter.
Use case examples
The ability to control user accounts (both human and machine varieties) has become nothing less than mission-critical. Consider a situation where a security operations team receives an alert from a SIEM or SOAR platform that something suspicious has taken place involving a specific user account. Normally, when an event like this happens, the security team immediately disables the account so they can investigate and understand the full context of the alert.
However, this doesn’t sidestep the possibility that the user remains logged in and continues to have access to applications and data until the session gets destroyed or it times out. Obviously, it’s not an ideal scenario. If an attacker gains entry to a system and controls a compromised account, damage, and destruction can unfold in milliseconds. Identity Orchestration makes it possible to destroy active sessions immediately. It also makes it possible to inspect activities and behavior forensically. Using orchestration, it's fairly simple to understand exactly how a person or a group of people have access to a particular application—and how they have used it. This includes factors such as whether a human approved a specific process and how someone was able to log in.
Policy enforcement has also become an area in which Identity Orchestration shines. At many companies— particularly larger ones — numerous departments, groups, and teams operate autonomously and maintain authority over application ownership. Frequently, these silos establish their own policies, which may or may not play nicely with enterprise policies and protection methods.
However, Identity Orchestration makes it possible to regain visibility, oversight, and control. Security teams can also ensure that policies are applied to any new applications or when existing apps are modified. Also, because the technique can automate processes, it’s easier to reduce human errors and misconfigurations that follow. Ultimately, a security operations team knows that the organization is applying and enforcing policies consistently and effectively.
Policy matters
Identity Orchestration can prove transformative, especially as enterprises migrate a multitude of apps to different cloud platforms and identity providers (IDPs). That’s because it abstracts the application from IDPs and virtually all identity functions/services within user journeys, including authentication, authorization, identity proofing, MFA, and passwordless. This offers greater agility and flexibility when it comes to enforcing and making security policy changes across multiple IDPs and cloud platforms.
In addition, as organizations adopt multi-cloud frameworks — which typically support disparate policy languages — managing policy through orchestration eliminates the need to accumulate expertise in each security policy language and understand at a deep level how each system operates. Instead, policies are enforced across all cloud platforms, including applications, network devices, and data sources. If the security operations team requires an audit, it’s a straightforward task.
Make no mistake, armed with a more granular level of visibility and enforcement delivered by Identity Orchestration, security controls become far more manageable and effective. This lets security operations teams to implement best practices such as least privilege access and continuous access evaluation. As organizations move more of their operations into the cloud —and the incredible complexities they introduce—identity orchestration can unlock best practice zero-trust security.
Steve Lay, senior sales engineer Strata Identity
