Shulou(Shulou.com)06/02 Report--

Author | kirazhou

Introduction: more than 10000 kilometers away in San Francisco, the network security event RSAC2020 has come to an end. Xiao Li, who is in Hangzhou, is talking about the theme of this year's conference-- Human Element. In 2020, what kind of ripples will this stone cause in the pool of the domestic security market from the perspective of "people"? What security insights are hidden behind Human Element?

In Gartner's 2020 Planning Guide: identity and access Management report, we see that IT must promote the IAM (identity and access Management) program, while identity governance and management, hybrid / multi-cloud environments, as predictable trends, are already gaining momentum in the tuyere.

People, identity and the cloud, the wrestling between the three, inextricably linked and infinite possibilities, is the greatest harvest of this interview.

Human Element: understanding human vulnerability

We often talk about, "the essence of security lies in the confrontation between people."

From the perspective of offensive and defensive confrontation, human factors make offensive and defensive confrontation a dynamic and lasting process. The means, tools and strategies of attackers are changing, and the security capabilities of defenders are also improving. There is a continuous confrontation between the two, and the security water level has been changing dynamically.

In the whole process of offensive and defensive confrontation, people are both defenders and attackers, and the confrontation occurs not only in the confrontation between the enterprise and the outside, but also within the enterprise.

People are the absolute core of security. This is the message sent to us by this year's RSAC conference. While paying attention to human security skills and capacity-building, we should also clearly recognize that human vulnerability makes people a weak link in security. Therefore, it is also critical for enterprises to guard against threats from internal personnel while dealing with external attacks.

According to a 2017 Kaspersky survey, 46 per cent of IT safety accidents were caused by employees. Now, this ratio has risen to 70%-80%. For example, internal developers have left loopholes at the beginning of the design due to the failure of internal developers to comply with security standards or lack of their own security capabilities. or the enterprise security problems caused by non-standard operation or direct malicious behavior of current / former employees.

The whole security system is definitely not just against automated worms, this is just the tip of the iceberg.

In the face of the security impact of "people", Xiao Li believes that the root of the problem lies in the inadequacy of the enterprise's security baseline. At present, many enterprises pay more attention to threat detection and response, which is useful, but not enough. "what we are thinking about is not how to solve a problem, but how not to go wrong." Therefore, the setting of the security baseline in advance is more critical than the detection and response afterwards. Enterprise security baselines include:

Unified identity authentication and authorization security operation of all application systems: setting up red lines to establish application development security processes: determining developer training, internal security examinations and certification, etc.

If the enterprise's security baseline is the basis for security, then only by doing a good safety baseline and then testing the improvement of response ability can the enterprise security system be more stable. Among them, "identity" as an intuitive image in the Internet, identity management can be said to play an important role in effectively reducing the security threats caused by the behavior of internal personnel.

Identity: the alternation of new and old boundaries under the concept of zero trust

There is no need to elaborate on the importance of online identity, and how identity changed from one of the security factors to the "protagonist" of corporate security was an invisible node in 2010.

Xiao Li pointed out that in the past IT environment, especially during 2000-2010, border isolation was the main means of enterprise security protection. But after 2010, the overall environment of IT has changed dramatically:

Fundamental changes in IT architecture: with the popularity of mobile interconnection and lOT devices, the entire intranet and office network have been greatly impacted, and a large number of devices are connected, making it difficult to defend the original boundary; enterprise databases are migrated from IDC to the cloud: with the wave of cloud computing, more and more enterprises choose to go to the cloud or 50% of their business on the cloud, resulting in changes in the protection environment. The development of enterprise SaaS services: the development of enterprise SaaS services such as enterprise network disk and nails means that more and more enterprise workflows, data streams and identities are external, rather than fixed in the original isolated environment.

With the change of environmental factors, the traditional boundary will gradually disappear, and only relying on the traditional network isolation will be invalid. at this time, the unified identity management based on the concept of zero trust has rebuilt the "security boundary" for enterprises.

Based on the concept of zero trust, enterprises can build a unified identity authentication and authorization system to manage all accounts, authentication and permissions. For example, leaving employees is regarded as one of the important threats to the enterprise. In the practice of the construction of the whole enterprise security system, it is necessary to unify the authority of the account corresponding to the application system, so that all identities and account permissions of the employees who leave every day can be deleted in the internal system of the enterprise.

Including the Weimeng staff deletion incident, which has been hotly discussed in the security circle recently, it is also completely avoidable from the technical point of view of identity authentication and management. Xiao Li believes that:

On the one hand, when implementing IAM (identity and access Management), enterprises adhere to the principle of minimum authority and give employees the due authority through the authority classification of the account, while privileged accounts such as "deletion" should not be given to any employee. Second, even if the employee issued a batch of data deletion instructions, the enterprise can also through the internal abnormal behavior detection, identify that this kind of instruction will not occur in the normal production environment, so that the instruction will not be executed.

In addition to the technical implementation, the essence of identity authentication and management is still the security baseline. At the same time, Xiao Li pointed out that the position and influence of the security team in the enterprise determines whether the baseline can be determined and effectively implemented in the business. The most intuitive way to judge the influence of the security team in the enterprise and business is the organizational structure: whether the security team is an independent department or not, report directly to CTO or even CEO.

In the future, IAM should also move towards a zero-trust architecture, and derive identity governance solutions in multi-application scenarios based on the zero-trust concept, through "identity authentication" and cloud security products, and build a zero-trust system on the cloud.

IAM based on cloud native security

Mark McClain, CEO and co-founder of identity management provider SailPoint, once said: "the world of governance is about who has access to what, who should access what, and how to use those permissions correctly. But the reality is that most consumers are far from the first two, let alone the third." Fortunately, IAM tools / services are becoming more and more easy to use and accelerate their reach to cloud environments.

Xiao Li points out that the native security dividend of the cloud is visible. The "normalized" cloud has almost become an enterprise operating system, involving the IaaS layer, the PaaS layer and the SaaS layer. Various cloud service providers have invested heavily in security to polish cloud security products and technologies with large-scale manpower and material resources, so that enterprises begin to taste the security dividend brought by cloud native technology.

Ordinary enterprises do not have to repeatedly build wheels and carry the aircraft carriers of cloud service providers such as Aliyun to move forward in the wave of cloud computing and enjoy high safe water levels.

Secondly, the six native cloud security capabilities brought by cloud: omni-directional network security isolation and control, network-wide real-time intelligence-driven automatic response, unified cloud-based identity management authentication, default underlying hardware security and trusted environment, DevSecOps implementation of online security, that is, security, allowing enterprises to break away from the original complex security management model, from "fragmentation" to "unified mode".

As the enterprise cloud trend becomes more and more obvious. The cloud-based IT infrastructure and the Internet-based core technologies ultimately transform the enterprise architecture. In the process of "cloud", more and more enterprises begin to think about IAM (identity and access management) in hybrid and multi-cloud environment.

Hybrid cloud: on-site work + use of public cloud environment services

Cloudy: the use of multiple public cloud service providers.

With regard to the hybrid cloud, based on the unified management model after the enterprise is on the cloud, it can directly achieve unified identity access in a complex hybrid cloud environment, connect the identity of the enterprise on and off the cloud, and dynamically grant different permissions to different people based on the evaluation of the user environment on the cloud, so that anyone can correctly access internal resources at any time and place. On the other hand, a cloudy environment can take advantage of the workload of the active directory to achieve identity management.

The cloud environment gives unified identity management more feasibility, and further exploring hybrid and multi-cloud IAM implementation solutions will become a new direction of enterprise strategy.

Finally, the data security issues derived from identity management are also worthy of attention. In 2019, data security is definitely one of the hottest topics, whether it is the high incidence of hundreds of millions of data leaks, or the successive promulgation of data privacy regulations, have repeatedly stressed the importance of data security.

At the end of the interview, Xiao Li also talked about this year's RSAC innovation sandboxie champion Securiti.ai. Interestingly, two of the innovation sandboxie champions in the past three years are engaged in data security, which seems to put forward a very clear direction for the next development of network security enterprises.

First of all, the proposition of data security itself is very big, data mobility makes data security problems across various areas of security technology, and appears in all aspects of the enterprise; secondly, the market demand is large. Enterprises have an urgent need for how to ensure internal data security and customers' data privacy security. From this point of view, "maybe next year's champion will also do data security."

Therefore, in the next 5 to 10 years, if security companies can help users solve data security problems through core products and technological breakthroughs, such as relying on technology to figure out the chassis and where and where users' private data is available, it is bound to get a big piece of the pie in the market.

Xiao Li finally pointed out that demand is driving the development of technology. There is an urgent need for technological breakthroughs to break out in the field of data security.

"Alibaba Cloud Native focus on micro services, Serverless, containers, Service Mesh and other technology areas, focus on cloud native popular technology trends, cloud native large-scale landing practice, to be the official account of cloud native developers."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.