Identity Defined Security Alliance: Making an Identity Centric Approach to Security a Reality

By Robert Block ·

In my recent blog post, I discussed the evolution of identity and access management (IAM) and how you should position your program for the next generation of IAM. Today, the Identity Defined Security Alliance (IDSA), led by Ping Identity and Optiv, announced a giant step forward in making the next generation of IAM, Identity Defined Security™, a reality. Before I jump into the details of what was announced, I wanted to describe why we think an identity-centric approach to security is critical to a successful security strategy.  

First ask yourself, is your current cyber security strategy really working? Perhaps you call it “IT security,” or “information security,” or use some other term for how you describe your organization’s security investments. Regardless of terminology, we find that organizations typically invest in one or more of the following areas in a defense-in-depth framework that includes risk management, security operations, and data protection:

  • Network Security 
  • Endpoint Security
  • Application Security
  • Cloud Security 
  • Identity and Access Management 
  • Privilege Account Management 
  • System Incident and Event Management
  • Governance, Risk and Compliance 
  • Data Loss Prevention
  • Data Access Governance

On the surface, these investments may seem effective, but a number of forces play a role in marginalizing their effectiveness. The majority of these solutions provide either a single-point defense mechanism, or require skilled security personnel who can detect, recognize and remediate a sophisticated attack. In addition, organizations and external threats evolve in the following ways:  

  1. Business Evolution 
    1. Massive amounts of unstructured data is moving outside of IT controls.
    2. Supply chains are increasingly more connected.
    3. Organizations are more open than ever before.
    4. IT requirements are being driven based on consumer oriented technologies and concepts.
    5. Infrastructure is becoming more disparate and decentralized between on-premise and cloud based services.
  2. Threat Evolution
    1. Malicious actors are becoming more sophisticated and organized. 
    2. Breaches are becoming more “when” not “if.”
    3. Hackers are leveraging advanced persistent threats (APTs).
    4. Insider threats are as real as outsider attacks.

This evolution makes it clear that a new security strategy is required to meet the changes in how we do business, as well as combat the threats that emerge every day. This new way of thinking is based on a few core tenets:

  1. All  aspects of cyber security must fundamentally work together if they are to achieve meaningful effectiveness.  
  2. Every business transaction (and for that matter attack surface or target) involves a credential and a service or piece of data. 
  3. Security investments operate fundamentally in one of three modes (each mode in and of itself not being dynamic enough).
    1. Snapshot in time
    2. Reactive
    3. Exclusionary 

If you buy-in to the concept that each transaction involves some element of a credential and service, combined with the notion that all aspects of cyber security should work together, then you should conclude that an Identity Defined Security approach to security is inevitable. This new way of thinking about security, threading identity through your end-to-end cyber security investments, provides a clear alternative to single point defense mechanisms. This concept  leads to a set of requirements that enables each individual security investment (SIEM, network security, PAM as examples) to work bi-directionally with both the identity governance and administration investments, as well as the access control investments. This bi-directional integration will allow an organization to make more effective decisions in near real-time, based on a number of environmental or situational influences rather than just the credential itself.  

The IDSA originally created in October of 2015 by Ping Identity was constructed to be the mechanism by which this philosphy begins to take shape. Optiv joined the IDSA in March 2016 as the founding solutions provider, and our role in this alliance is to take these initial designs, expand upon them and take Identity Defined Security from a concept to the market.  

Today, the IDSA introduced the IDSA Integration Framework. This framework describes the cyber security categories that the IDSA feels are valuable for Identity Defined Security integration, as well as the use cases and benefits that will be supported later this year. 

We’ve helped thousands of organizations plan, build and run successful cyber security programs and believe that Identity Defined Security is an instrumental pivot point in an organizations thinking around security. Through our singular focus on security we understand there are millions of vulnerabilities coupled with thousands of solution options. This combined complexity is what drives us into nearly every aspect of security, nearly every security problem, and at nearly every level of engagement. We are uniquely positioned to take the IDSA integration framework into the lab to develop use-case proof points and utlimately take these integrations to market.