Why network perimeters need to be redefined in the age of cloud computing

June 15th, 2016

By Byron Acohido

OLYMPUS DIGITAL CAMERAThe rising business use of cloud services and mobile devices has opened a Pandora’s box of security exposures.

Software as a Service (SaaS) tools like Salesforce.com, Gmail, Office 365 and Dropbox, as well as social media sites like Facebook, LinkedIn and Twitter, are all being heavily leveraged by companies large and small to boost productivity and collaboration.

This trend also has opened up a whole new matrix of access points for malicious attackers to get deep inside company networks.

Wall Street recognizes that all organizations will have to acknowledge and make decisions on how to mitigate new business risks introduced by cloud services. And big bets are being placed on new technologies to help companies get a handle on these fresh exposures.

LastWatchdog recently sat down with David Baker, chief security officer at Okta, a cloud identity management vendor that’s one of dozens of security vendors developing cloud security systems. A $75 million round of private investment last fall pushed Okta’s market valuation to over a billion dollars, vaulting it into so-called “unicorn” status.

Okta’s backers includes a who’s who of venture-capital firms that are placing big bets on cybersecurity plays: Andreessen Horowitz, Greylock Partners, Sequoia Capital, Khosla Ventures, Altimeter and Glynn Capital among others.

Baker described this particular big bet on cybersecurity tech. (Text edited for clarity and length.)

LastWatchdog: Congratulations on achieving unicorn status.

Baker: Thank you. We have a lot of work to do as a company to continue growing. The problem that we solve is really about enabling companies— enterprises, as well as small, medium and big companies—to adopt the cloud.

LastWatchdog: How would you frame the big challenge?

Baker

Baker

 

Baker: The problem for companies now is that the things I need to access in the cloud bring a whole host of security concerns. I have users working within my four walls, and they have to authenticate into these applications where I have critical business data. It could be information about my company’s source code, or email, or all of the files we share. So what’s needed is a secure way of authenticating users into all of those systems.

It also is a challenge to provision that identity into the downstream applications, and, just as importantly to de-provision users. So when a user eventually is transferred to a different group, or is terminated, their access has to be disabled. So it’s about managing that identity and also managing the access of that identity to these cloud services.

LastWatchdog: Lots of employees set up their own Gmail or Dropbox account to be more productive; so they shouldn’t be doing that?

Baker: Correct. The security piece is knowing what set of tools you want your employees using, and then making sure you have an authentication mechanism in place to enable them to go securely into those cloud-based applications.

LastWatchdog: The company sets the rules, and their employees should use only the company-sanctioned versions?

Baker: Correct. Users get exactly the version of Dropbox the company wants them to use, not their own personal account. Okta creates a secure connection to that version. The IT administrator can give the employees access to hundreds of apps. Right now we have connectors to well over 4,000 different applications across the internet.

LastWatchdog: Seems like we’re extending the traditional network perimeter. It’s not just the on-premises servers and clients companies have to be concerned with, it’s everything out in the internet cloud that employees might try to use.

Baker: I’ll do you even one better, the perimeter really exists with respect to identity. When I’m sitting at home or in the coffee shop, and using my cellphone to get access into an application, I am now the perimeter. So that’s why we like to say, really, identity is the new perimeter.