Security Without Walls and Doors

In the cloud, identity has become the new perimeter.

By Tom Haunert

July/August 2018

At some point, the keycard readers on your data center doors may have been part of your company’s “perimeter” data security. In today’s cloud or multicloud enterprise, where’s the new perimeter? And more importantly, how will you defend it?

Oracle Magazine sat down with Eric Olden, senior vice president and general manager at Oracle, to talk about today’s enterprise identity management challenges, the cloud’s effect on that conversation, what’s needed when delivering an enterprise identity management service, and more.

Oracle Magazine: Identity management is about security, of course, but it’s also about enabling access across platforms and applications. What are today’s big enterprise identity management challenges and opportunities?

Olden: Enterprise identity management is responding to four big drivers today.

The first is the need to deliver a seamless experience for users, whether these are customers or employees or partners. The goal is to give an experience that’s really simple and easy, but at the same time under secure control. Enterprise identity management needs to manage the risk and provide the control

The second enterprise identity management driver is handling the change that has been coming with the evolution of the cloud, and there are a lot of organizations today that are at very different points in their cloud journey. Some are very aggressively moving everything to the cloud and describe themselves as “cloud first,” and others are, for many reasons, taking their time moving to the cloud. And you’ve got everything in between. Organizations are looking to identity management to enable, in an agile way, moving to the cloud on their terms and timelines.

What Is It?

Oracle Identity Cloud Service manages user identities for both cloud and on-premises applications and integrations using open standards, including OpenID Connect, SAML, OAuth, and SCIM.

TRY Oracle Identity Cloud Service.

The third driver is the simultaneous rise of mobile. The importance of delivering experiences that are secure and personalized becomes even more important on mobile devices, where the form factor is just smaller. You don’t want to ask users for long passwords if they’ve got to type them in with their thumbs. Where identity can really make things easier and faster with mobile is the use of strong authentication such as the fingerprint reader a mobile phone provides. Enterprises no longer need to issue and manage authenticator tokens and key fobs because they can use what their users already have, making it more convenient for the user and more efficient for the company.

The fourth thing that’s driving enterprise identity is the type of threats that people are dealing with in the cloud. Cloud threats are much faster and bigger, and they’re happening at a different scale than before the cloud. And the bad guys are not just looking to take the data the way they have in the past. They’re also trying to use your compute resources to do things like mining cryptocurrency, which I would have never imagined 10 years ago, but it’s a real problem today.

Oracle Magazine: How is cloud changing the identity management conversation?

Olden: The cloud is affecting identity management in two significant ways. The first thing is that with the cloud, you can move your apps as well as your data outside of the traditional firewall within your data center, because you’re now dealing with stuff that’s physically “out there” in the cloud. In the past, we used to build fortresses around our data—network defenses led to higher walls and deeper moats around the castle. But with the cloud, we are intentionally moving our data and apps outside this castle and beyond the protection of the network defenses.

And your users are out in the cloud as well. It’s very common with SaaS applications to have people accessing them from their mobile phones from anywhere in the world, including a Starbucks or an internet access point in an airport. This user location change has driven a new level of requirement around how we defend the perimeter if we don’t have the classic perimeter defenses of firewalls and network defenses. The approach of using a classic VPN [virtual private network] to gate access to apps and data that are outside the network is no longer enough when everything is all over the internet.

As more intelligent or autonomous cloud services roll out, identity must evolve and become more intelligent as well.”

And that, in turn, is driving the idea that identity has become the new perimeter. If you think about identities as the objects in relationships that you need to secure through data and applications, and you think about managing that relationship, that’s the new and more central role that identity management plays in the cloud environment.

And the second cloud effect is that, in 2018, we have a whole lot of new technologies. We’re in the next generation of the cloud, what Oracle calls the “autonomous cloud,” and this includes technology that’s self-driving, self-tuning, and self-securing and letting the machine do more of the work with intelligent software.

As more intelligent or autonomous cloud services roll out, identity must evolve and become more intelligent as well. The convergence of identity becoming the new perimeter and identity and autonomous cloud technology becoming more intelligent is creating a new conversation in identity management today.

Oracle Magazine: How does a separate, standalone identity management cloud service enable identity and security across on-premises and cloud platforms and a variety of applications?

Olden: By approaching identity as infrastructure, organizations can get the benefits of reusability, scale, and security that come from a consistent policy in a way that things are integrated and secured. So when businesses talk about moving to the cloud and using an identity infrastructure, if they use a modern one, it’s going to enable them to extend their identity infrastructure to bridge their on-premises investments: their applications, their databases, their directories, and their active directory.

So all of the technology that businesses have on premises and in a modern cloud infrastructure can connect with all of the new applications and environments in the cloud, whether it’s SaaS, IaaS, or other technologies that businesses want to bridge with an identity infrastructure. That identity infrastructure allows them to build new applications—including native mobile apps—and new experiences seamlessly across the on-premises and cloud worlds. It creates a framework to plug into and to roll out secure applications and new services very quickly.

Oracle Magazine: What is Oracle’s current identity management cloud service solution, and how does it address current and future identity management challenges?

Olden: Oracle Identity Cloud Service is a complete identity management platform, built natively for the cloud world. Businesses use the service to manage secure user access to their applications, but it’s also used across the entire Oracle platform. Most Oracle SaaS applications, PaaS services, and IaaS services are evolving to consume identity from Oracle Identity Cloud Service.

The service includes single sign-on, so instead of having 10 passwords for 10 apps, you have one password, and it’s securely integrated into 10 applications. And the service provides different ways to authenticate users, whether it’s with passwords or multifactor authentications for more-secure scenarios.

By approaching identity as infrastructure, organizations can get the benefits of reusability, scale, and security.”

Oracle Identity Cloud Service authentication also includes federated identity. This is the idea of connecting identities between one organization and an external organization using standards such as SAML and OAuth. The service also provides access control policies so you can set the conditions and the rules for which users and groups have access to different applications. It allows you to have a complete directory in the cloud, where you can store and manage all of your identities.

When you sign up for an Oracle Cloud account, you get an Oracle Identity Cloud Service environment as part of the Oracle Cloud setup. This is a reflection of how easy it is to deploy identity in the cloud with this service. It’s embedded in the cloud services you get from Oracle, and users can access the service both embedded in SaaS apps such as HCM [human capital management] and within PaaS services, including database as a service. And organizations can use Oracle Identity Cloud Service to manage their own users accessing IaaS, such as storage and compute. It is also integrated and works in all of the three main technology areas: the on-premises, hybrid, and multicloud worlds.

Next Steps

LEARN more about Oracle Identity Cloud Service.

TRY Oracle Identity Cloud Service.

Photography by Bob Adler, The Verbatim Agency