In this episode of the Protect OT Podcast, our host Aaron engages in a thought-provoking conversation with Eric Olden, co-founder and CEO of Strata. Strata is a pioneering firm committed to securing identities across all applications, cloud services, and identity providers. Eric brings to the table a wealth of experience, and prior to starting Strata, served as SVP and GM of Cloud Security and Identity Management at Oracle.
The discussion spotlights the intricate challenges of safeguarding identities in an increasingly fragmented, multi-cloud, multi-vendor landscape. At its core, Eric underscores that this is about empowering users with secure access to applications and their data, irrespective of their geographical location. To achieve this, we must address the venues housing these applications and data, and proficiently manage the interactions between them. He emphasizes the hurdles brought about by differing identity providers, users, and identity classifications - from workforce members to clients and partners.
Eric identifies the primary obstacle as the management of distributed data, framing it as a distribution dilemma. This calls for a paradigm shift from an "OR" mentality to an "AND" perspective.
The secondary focus lies with applications, the carriers of data. While data is paramount from a security perspective, it's essential to also secure the vessels that transport this data - the applications. With applications dispersed across various infrastructures, they present challenges in terms of modernization and cloud integration. Administering the identities linked with these applications can be streamlined by an abstraction layer, or "identity orchestration", which enables decoupling and application migration across platforms like Azure, Amazon, or Google, without necessitating rewrites.
Data sovereignty emerges as a pressing concern in a multi-cloud setting. Global corporations frequently grapple with compliance issues related to diverse countries' stipulations, which dictate the location of identity data storage. Identity orchestration assists here by tackling the scattering of identity data locations.
This strategy also promotes the gradual migration of applications to cloud platforms. It enables a thorough inventory of applications, allowing priority assignment to the most vital ones.
In their discourse, Eric and Aaron evaluate the advantages and drawbacks of dispersing applications across multi-clouds while administering identity. On the upside, this method offers enhanced agility, choice, and the capability to make rapid alterations, whether motivated by economic or operational factors. It removes dependence on a single vendor's methodology. Yet, there's a potential downside: the more you leverage the cloud, the more reliant you become on that vendor's services. Nonetheless, multi-cloud strategies can more effectively cater to customer preferences.
Identity orchestration also proves advantageous in augmenting the continuity and security of your ecosystem, particularly against threats such as malware and ransomware. Often, security's Achilles' heel is the human element, specifically passwords. Identity orchestration can supplant passwords with more secure authentication methods, like phishing-resistant-multi-factor-authentication (PMFA), similar to face unlock features on phones. The abstraction layer provided by identity orchestration facilitates identity integration into applications without requiring rewrites. A bonus is its application for identification continuity, or a failover option for your identity provider.
To explore these ideas in greater depth, be sure to tune in to the full episode!