Improving Identity Security and Management in a Cloud Environment
Government agencies can benefit from cloud-based security architectures.
As more federal agencies and businesses move to the cloud, managing their security needs in this new environment becomes critical. One way to do this is to implement zero-trust architectures as part of an identity cloud environment, said Sean Frazier, federal chief security officer at Okta Inc.
Zero-trust architecture, where it is assumed that the network is or will be compromised, is the latest phase of security development. This is important as the Defense Department modernizes its cloud-based systems under constant pressure from foreign cyber attacks.
“You really can’t have cloud infrastructure and have old, antiquated security models,” Frazier told SIGNAL Magazine Senior Editor Kimberly Underwood during a SIGNAL Executive Video Series interview.
Zero trust lets organizations build security into their network architecture from the beginning. He added that Okta’s identity-centric cloud security platform takes information in context from other data sources and applies it to the customer’s needs to meet access requests. “We become the gatekeeper,” Frazier said.
What Okta does is help organizations modernize their security platforms, which is key to ongoing DoD efforts to upgrade and modernize systems. An important component of this is managing information at Impact Level 4 (IL4), which is a cloud data assurance level for things such as controlled but unclassified data.
Frazier noted that organizations requiring higher security levels can start with something like IL2 for official unclassified data and move up to higher level security assurance requirements. “That’s where IL4 becomes important,” he said.
However, Frazier cautioned that it isn’t an easy transition for cloud services providers to get to IL4, but added that it’s worth the investment because the capability will help support organizations as they modernize. This is important because the military services are racing to modernize their network infrastructure and are dealing with issues such as legacy identification management tools and technologies such as common access cards and public key infrastructure.
These technologies are aging, which creates problems because “they don’t adapt well to the new cloud/mobile world we find ourselves in,” Frazier said.
This dichotomy leads to an environment with accelerated agile development for systems and projects, but he added that security hasn’t caught up with it. There is an opportunity for security “to be just as agile and part of the conversation and really just as modernized” as other aspects of network modernization, he said.