Reduce Your Attack Surface With Identity Everywhere

Reduce Your Attack Surface With Identity Everywhere

Containers are here to stay because they are much more efficient than virtual machines. Unfortunately, identity and access management have lagged behind containers until recently. Identity-as-a-Container (IdaaC) brings identity management into the container era.

Containers: Better Than Traditional Virtual Machines

Why are so many organizations adopting containerization to manage their systems? It comes down to efficiency, productivity, and security. Traditional virtual machine arrangements using Microsoft or VMWare take up significant resources. With virtual machines, demands on CPU, memory and other hardware resources can quickly skyrocket. Our research suggests that containers have 20x the density of traditional virtual machines. That means you could cut down your data center cost substantially.

Saving money is the most popular reason companies adopt containers. There is more to the story. Think about your technology as a vast wall that you must staff with defenders. Leave one part of the wall unmonitored, even for just a day, and hackers are likely to find a way to break in. With containers, you reduce your attack surface. That means your existing cybersecurity staff will not be overwhelmed with monitoring and responding to threats. Further, your security team will have fewer operating systems to test so they will have the capacity to carry out testing and assurance in greater depth.

Resource: For additional insight on attack surface, read How Do I Identify My Application Attack Surface? on SecurityWeek.com. The critical first step in understanding your attack surface is to create a comprehensive list of all your application. Missing that step is like buying a house without walking through each room with an inspector.

Simplified Application Maintenance With Containers

Question: how many applications does your organization have to monitor, maintain and support today?

Before you answer, think broadly. You might have a long list of legacy applications that run on UNIX. On the other hand, you might depend on cloud applications. Then you have niche applications built for the needs of a specific department. At a large company, there are probably hundreds of applications in regular use. If a minor application fails, it could take down critical applications.

Containers make application maintenance easier to manage. How? The answer lies in using container orchestration. By using a series of scripts, you can quickly set up multiple containers. When you first start experimenting with containers, it makes sense to set up each container one at a time. As you scale up, orchestration makes it easy to set up multiple containers. Even better, you can transfer this task to DevOps instead of IT. Taking away that point of friction adds up to faster delivery.

Tip: To build your application list, start with the most heavily used applications. Once you have that list, ask your managers and developers about the inputs and dependencies those applications rely on. Before long, you will have a good list of important applications.

Why Traditional Approaches To Identity Management Come Up Short

Your organization’s attack surface is continually changing. Decommission an old server, and there is one less area to be attacked. Start ten new containers? That is an additional attack surface. Suffering an attack is only part of the problem. If you are a public company or operate in a regulated industry like banking, internal audit will want to see you control identity and access management. Fail an internal audit on access controls, and your performance review may take a hit. Don’t wait for that happen — find a robust identity management solution before an auditor points out a problem.

Does the traditional on-premise approach to identity management still make sense when you use containers? Don’t get us wrong. Traditional IAM solutions are robust, and they can be customized to do almost anything. The major drawback? Keeping these older applications up to date is difficult. Hiring a dedicated team for access management is often required to make this approach work. If you are running security at the Pentagon, that investment may make sense. For everyone else? Let’s keep looking for a better solution.

If you follow technology, you can probably guess the next option we will consider: cloud identity management or identity-as-a-service. After all, the cloud is always better than traditional on-premise software, right? While that is true in many cases where economies of scale apply, it is not straightforward in identity management. By encouraging rapid expansion, this approach tends to encourage multi-tenant solutions. It is inefficient and creates new security risks. Don’t worry — there is a way to achieve cloud style security without the cloud’s problems.

Leveraging Identity as a Container

The best approach to comprehensive identity management? Use the identity as a container (IDaaC) approach. It is the best way to solve the issue of identity management because you combine elements of on-premise management with the flexibility of cloud approach. Identity Everywhere adds value to your organization in a few ways.

  • Leverage Docker Containers. Is your team already familiar with Docker? Great. Identity Everywhere is built on Docker, so there is no need to learn a new container technology.
  • Reach your continuous delivery goals. Identity Everywhere reduces downtime so your team can deliver upgrades more quickly.
  • Simple Patch Management. Miss one patch to an operating system and your entire infrastructure could suffer. It has happened before — missed patches contributed to the Equifax data breach in 2017. Using Identity Everywhere and containers, you will have fewer operating systems to manage and fewer patches
  • Multiple Access Governance Services in One Package. Do you need password management? It’s in Identity Everywhere. Likewise, you can add single sign-on and access governance.
  • Simple Pricing. Choose the service you want (e.g., access governance, password management) and the number of users, and you have an easy-to-understand price. Say goodbye to complicated pages with black box pricing.
  • Educational Institutions. Do you run identity management at a college, university or other educational institution? Avatier is proud to offer special pricing to help educators accomplish more with their limited budgets.

Still on the fence about using containers? Read our article 7 Productivity Benefits of Using Containers for an introduction.

Written by Nelson Cicchitto