Voices of experience – What’s the role of a cloud-first approach to identity security?

Managing cyber security for an organization is an ongoing process that evolves as an organization’s infrastructure, applications, technology, and user base evolves. 

For many organizations, cloud is an important part of that evolution. Some organizations have gone fully to the cloud with applications and data; others are still wholly on-premises, while many others are somewhere in between.  

Given those differences, what should organizations do regarding identity security? Specifically, what’s the role of a cloud-first approach to identity security? 

A good identity security solution enables access to data and resources while also securing the business. And since business resources can range from on-premises to cloud to hybrid-cloud and multi-cloud, a good identity security solution must also to work everywhere.  

For the latest insights into the role of a cloud-first approach to identity security, we checked in with a range of IT leaders from different industries at Navigate 2022 in London. They shared some of their reasons for considering a cloud-first approach to identity security and some suggestions on the best ways to implement a cloud-first solution.  

Simplified management. Sometimes it’s easier to let someone else manage all the infrastructure, so you can stay focused on your business processes. “We selected a cloud-first approach to identity security because we just didn’t want the on-premises management of it,” said the head of technology risk for a retailer. “We didn’t want hardware that we would have to manage ourselves or the patching cycles or planning for recoverability. Giving that to somebody else and letting them manage it for us was a real win, and it aligns with our strategy of cloud first.”   

Greater agility. An important reason that many organizations consider moving components of their IT stack to the cloud is for increased agility, and it’s the same sometimes for a cloud-first approach to identity security. “At our company, we decided three-and-a-half years ago to have a global cloud-first approach,” noted the chief technology officer at a manufacturing company. “We are going to get rid of our data centers, and it means that all our solutions [including identity security] need to be able to run on the cloud. It will enable us to be more agile, faster, quicker, and better support the business.”  

Adopt, don’t adapt. For one telecommunications organization, the decision to go with a cloud-first approach to identity security was focused on its desire to streamline its processes and move away from customized solutions. “It’s nice to adopt something and not to adapt since adapting solutions is the wrong way of thinking. We want to leverage best practices in identity management, so adopting a cloud approach is good for us.”   

Focusing on the things that matter. In many cases, it’s easy for organizations to spend their time focused on day-to-day tasks instead of taking a more strategic view. “We get a lot of feedback on our current setup with on-premises solutions that the developers spend all their time on patching and fixing windows or Linux issues instead of developing good identity and access management solutions,” said an engineering manager for a bank. “So, we look forward to when we can move across to a cloud-based solution and make sure that all our manpower goes into developing the solution and not fixing the old infrastructure.”  

Moving to cloud. For other organizations, a move to cloud services themselves is what instigated a corresponding move to a cloud-first approach to identity management, as noted by a user lifecycle supervisor for a construction company. “Identity security has to adapt to IT trends, and one of the trends is cloud-first, so identity security has to support that as well.” 

For almost every organization, cloud computing will play a significant role in their future (if not the present) IT environment. That’s why companies need to consider cloud-first identity security options when evaluating cybersecurity strategies.