Defending Hybrid Identity Environments Against Cyberattacks

By Edward Amoroso February 28, 2022 | Active Directory

As the world continues to embrace digital transformation and distributed work, businesses will continue to deploy SaaS apps—while continuing to use on-premises tools. Hybrid ecosystems are becoming increasingly common as a result. Unfortunately, current identity and access management (IAM) practices simply aren’t up to the task of managing them.

The average business operates at least 20 products that manage and maintain identity. Access control for these products can be a mess, with credentials typically spread across the entire organization. It’s a veritable treasure trove for malicious hackers.

What can be done, then? At the recent Hybrid Identity Protection Conference, I moderated an industry panel discussion that started with precisely that question. We discussed the problems with current identity management practices and how businesses can update their practices to be more efficient, effective, and secure.

In this post, you’ll find key takeaways from the discussion, which included Ricky Allen, Critical Start CISO; Brian Desmond, Principal at Ravenswood Technology Group; Brandon Nolan, Global Digital Identity & Recovery lead at Avanade; and me, Founder and CEO of TAG Cyber.

1. Identities and endpoints can no longer be managed separately

The first step businesses must take is to reconceptualize how they approach IAM.

“You need to look at both endpoint and identity security at the same time,” said Desmond. “There’s no longer a difference between them. The days of devices and identity management being run by different departments are over—it simply doesn’t fly anymore, especially when you consider the established guidance around a zero-trust model.”

IAM is not something a product can simply provide. Instead, businesses must start with either identity or endpoint management, and then blend that element with its counterpart. As part of this process, it’s crucial to establish ownership of assets such as secrets and key vaults, define privileged vs. nonprivileged identities, and determine concrete access levels.

In a Microsoft environment, businesses can best achieve this balance by switching to Azure Active Directory (Azure AD) because it enables critical functionality, such as multifactor authentication (MFA).

2. Consolidation is the first step in solving the hybrid security challenge

Complexity is the most significant roadblock to effective hybrid security. As many businesses have discovered, an integrated approach is key to addressing this obstacle. Organizations can work with an identity services vendor to decommission existing endpoint solutions gradually and consolidate their functionality in a single platform. Said identity provider can then connect to Azure, enhancing efficiency while simultaneously reducing sprawl.

“Threat actors love your complexity,” said Nolan. “As a result, we’re seeing a lot of organizations explore how to get away from that complexity. We’re starting to see a lot more movement toward the platform play instead of endpoint solutions.”

3. Real-time visibility is necessary

A business without a clear picture of its assets is a prime target for exploitation. Unfortunately, cloud-focused business environments move too quickly for traditional auditing techniques. Snapshots are similarly unsuitable, offering a static picture of a dynamic environment.

“Inventory is a moving target,” Desmond said. “By the time you finish an audit, the information you have is already out of date.”

Businesses can address this issue by adopting automated detection tools. Tools based on artificial intelligence and machine learning can actively monitor infrastructure and categorize alerts for human security teams to address. In this way, a business can engage in real-time management, threat detection, and remediation.

“Visibility tends to be highly complex,” said Nolan. “In our case, we parse an ecosystem into an identity, endpoint, network, and automation layer, respectively. The idea is that visibility is about more than assets or inventory: It’s as much about authentication telemetry and federation services.”

4. Legacy culture is a significant stopping point

For businesses to embrace hybrid IAM, they must first shed their old habits, ideas, and beliefs about authentication and access control. Legacy systems are a symptom of this old way of thinking. They are simultaneously the greatest security threat facing many businesses and the anchor holding those businesses down during digital transformation.

“I think the whole topic of this conversation here is establishing the biggest risk,” said Allen. “And I find that it’s legacy equipment. We’ve always taken a reverse, backwards-compatible approach, even as we move forward faster and faster. We don’t bring the lowest common denominator with us. We basically have to downgrade all our authentication as a result.”

Moving away from this paradigm and shedding habits built up over more than 20 years is no simple task. It requires significant collaboration between IT and other business segments. It also demands that businesses accept the ethos of less is more—the fewer distinct systems an organization relies on, the better.

What the future holds

Microsoft has long played a prominent role in enterprise security. Where hybrid IAM is concerned, however, Azure AD has the potential to play an even more pivotal role. For any business that works within the Microsoft stack, E5 licenses are particularly important, providing better access control, visibility, and threat detection.

“I think that ultimately, the focus should be on what Microsoft is doing in the security environment,” concluded Allen. “The company’s approach to its products has changed, converging into a single product SKU that now manages email to endpoint to identity across the board. It’s definitely worth consideration and worth looking into E5 licensing.”

Meanwhile, new technologies such as blockchain could redefine how we manage encryption. By storing a key vault in a distributed ledger, one can not only secure that vault but also ensure that it retains its integrity. That said, this technology is still highly theoretical, and we’re unlikely to see much before 2023.

For hybrid security, partnerships are the path forward

Securing a hybrid environment is a complex, resource-intensive task, one that requires a business to rethink not only its infrastructure but its entire culture. The ongoing talent shortage represents perhaps the greatest impediment to transformation. Ultimately, hybrid identity means that it will not merely be advisable to partner with other organizations, it will become necessary.

“It’s my experience that an organization simply cannot do this alone,” added Nolan. “There simply aren’t enough skilled hybrid security resources to do the work. It’s going to take a village—the right partnership between vendor, service provider, and business.”

More resources

About the author
Edward Amoroso
Edward Amoroso CEO & Founder, TAG Cyber LLC
Dr. Ed Amoroso is currently Chief Executive Officer of TAG Cyber LLC, a global cyber security advisory, training, consulting, and media services company supporting hundreds of companies across the world. Ed recently retired from AT&T after thirty-one years of service, beginning in Unix security R&D at Bell Labs and culminating as Senior Vice President and Chief Security Officer of AT&T from 2004 to 2016. Linkedin
Unlock cyber resilience. Get a demo