Cloud-Enabled Identity Management: Security Challenges

By Brian Lillie (Part 2 of a 3-part blog series)

In the age of increased mobility and bring-your-own-device (BYOD), many enterprises are struggling with how to maintain the high levels of data security they are accustomed to.

In Part 2 of this three-part blog series, Equinix CIO Brian Lillie discusses the security challenges that have arisen as a result of evolving technologies and a changing workforce.

***

So now we have to think about how to protect this environment. How did we protect it in the old days? We put firewalls around the enterprise and basically nobody could get in. It was a fortress.

But then we started to cut holes in the wall. First you have a door, and the door was maybe your main gateway and it was more than password protected. You’d give your first born to get through the door.

And then there was VPN, so now you could create a tunnel that’s a little bit wider than the door.

And then, because we’re sharing data, maybe between firms or between applications where one application is outside and one is inside, you start to poke more holes in your firewall. You open ports here, open ports there, and pretty soon you have Swiss cheese.

And now, with cloud, the hole is big enough to drive a Mack truck through.

So the idea of the fortress enterprise is really changing. There’s still a place for firewalls, no question, but we’re now trying to take more precautions in terms of protecting the data. Protect the data first and foremost. Protect the data when it’s at rest inside the enterprise, and protect the data when it’s in transit. So encryption and encrypted tunnels are important.

Another piece to keep in mind is where breaches actually happen most-with your people, so security awareness is very important, informing people on good security practices. You may know the cartoon where in one corner of a boxing ring you have all this technology, but in the other corner we have Dave, and Dave’s just an employee who actually can defeat that pile of technology. So the real perimeter now is identity. There are so many things going on in the identity space, and you’re starting to see it as a consumer.

You’re starting to see a new log-in using Open ID Connect, which is a consortium focused on how we get a user’s identity once and be able to use it everywhere. There’s a downside to that, of course, because if it gets compromised, then you’re compromised everywhere, but it also makes it easier.

So the challenge is this, with the fortress enterprise of the past, you couldn’t ever get anything done. It was a productivity drag. Now we’ve gone the other way where there are so many holes, it’s more open than it’s ever been. We probably have higher productivity than we’ve ever had, but it’s a trade-off between security and productivity.

Now let’s think about how all of this applies to Equinix. We have lots of applications-not compared to very large enterprises, which may have thousands-but we have plenty, and each one required its own username and password, and so it became too many to track. People started writing them down, which defeats the purpose. In fact, we found one laptop that had sticky-notes of all the user’s passwords on it, including their banking.

Then we had an issue with the find-ability of apps. If you set up a bookmark but then IT does maintenance and puts the app on new servers, the bookmark breaks. Where is that app? Even if you have a really robust search, it can be hard to find the URLs when the apps change. And then finally we didn’t have mobile-friendly access to on-premise applications.

So these were the three key issues for us: too many passwords, the find-ability of the apps, and mobile access to on-premise. These were the three challenges we wanted to solve.

***

In Part 3, Lillie will discuss how Equinix’s approach to solving these challenges with cloud-enabled identity management will enable the company to better serve its employees and customers.