The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management (IAM). After all, user identity is one of the only barriers standing between sensitive corporate data and any unauthorized access.
The tools used to define IAM make up its identity fabric. The stronger the fabric, the more resistant identities are to pressure from threat actors. However, those pressures are only increasing. Decentralized IT, evolving threats, and zero-trust tools are pushing many IAM tools to their limits.
To maintain their effectiveness, IAM are shifting to operating as an agile, interconnected identity fabric rather than just siloed IAM tools. The demands of today's IT operating environment are forcing IAM to support decentralized IT environments while still providing centralized management and governance for its users.
Interestingly, many of the identity fabric principles they define are currently found in leading SSPM tools. It's important to note that identity fabric isn't composed of a single tool. Rather, a number of different tools, including directories, authentication, and threat detection, come together to form an enforceable IAM perimeter.
The scope of identity fabric includes any human, machine, or application that is granted access to your applications and data. Looking at this through an SSPM lens, your platform should be able to track all access to your SaaS applications and alert you whenever dangerous or suspicious entities or malicious applications access your SaaS stack.
This extends beyond humans and covers the devices they use to access their data. As we look ahead into the near future, it also includes connected devices which may require access to perform their tasks.
Traditional IAM solutions were siloed. Over time, organizations recognized the need to centralize IAM to enable governance and policy management that applied to the entire network.
Today's work environment demands both centralized control and decentralized enforcement so that SaaS applications adhere to the same identity policies that are required to access other corporate assets.
SSPM plays a key role in identity fabric, centralizing identity governance in a single user inventory that is applied to all SaaS apps using data from within each SaaS that goes beyond traditional IAM solutions.
Identity security must be adaptive, ongoing, risk-aware, resilient, and use-case appropriate. SSPM platforms contribute to an organization's overall identity fabric by reviewing compliance against industry standards and ensuring that all identity-centric security checks are configured correctly.
SaaS environments are incredibly dynamic, and require identity tools with the flexibility and agility to keep up with demands. SSPMs are remarkably adept at staying on top of SaaS identity-based changes, supporting new users and new applications.
SSPM plays a critical role in identity-based threat detection. While individual SaaS apps lack sign-in context, SSPM captures user login information from all applications. It provides a tremendous level of context to better understand user behaviors that may threaten SaaS security.
SSPMs can also track user behavior based on user identification, looking for behavioral patterns. When it detects suspicious anomalies in behavior, such as downloading large volumes of data, it also triggers an alert to the SOC team.
Third-party applications are often granted privileges that could compromise data privacy. SSPMs use identity-based tools to recognize these applications and alert security teams when they are engaging in high-risk behavior.
SSPM: Contributing to the Identity Fabric
The core strength of an SSPM, like Adaptive Shield's, lies in the visibility it provides to security teams and application owners. Its ability to identify misconfigurations, shadow IT applications, and devices make it an integral part of any SaaS-centric security strategy.
However, its ability to identify and track users makes it an important thread in identity fabric. Its broad scope across multiple applications, centralized location, and ability to flag suspicious behaviors and associate them with an identity cannot be understated. Organizations looking to stitch together a robust, resilient identity fabric would be well served to explore the identity governance benefits inherent in SSPM.
This is an excerpt from an article that was published in The Hacker News on Jan 23, 2023.