Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
Securing access to any resource, anywhere
Published May 29 2024 09:00 AM 12.4K Views
Microsoft

Zero Trust has become the industry standard for safeguarding your entire digital estate. Central to Zero Trust is securing identity and access, which is essential for protecting resources, enforcing security policies, and ensuring compliance in today’s dynamic digital landscape.

 

With Microsoft Entra, we help our customers create a trust fabric that securely connects any trustworthy identity with anything, anywhere. Driven by the adoption of multicloud strategies in the era of AI, customers are encountering more challenges in securing access, not just across multiple public and private clouds, but also for business apps and on-premises resources. Unlike securing access for humans or within a single environment, where customers have established methods to address challenges, securing access anywhere is more complicated due to the dynamic nature of today’s digital estate and tools to address emerging challenges need further development. To support our customers, we unveiled our vision for securing access in any cloud at this year’s RSA conference. Today, we're excited to dive deeper into our future investment aimed at securing access to cloud resources from any identity across diverse cloud environments.  

 

Managing multicloud complexity in a rapidly evolving digital environment

 

Organizations are grappling with substantial challenges in navigating cloud access complexities, often citing issues like fragmented role-based access control (RBAC) systems, and compliance violations. These challenges are compounded by the growing use of cloud services from various cloud service providers.  There have been links to several notable breaches attributed to over-permissioned identities. Our customer engagements reveal that organizations are currently using 7 to 8 products, including privileged access management (PAM) and identity governance and administration (IGA) solutions to tackle multicloud access challenges. Despite their efforts, such as toggling across multiple solutions and increasing their workforce, many organizations still struggle to achieve full visibility into their cloud access.

 

Our 2024 State of Multicloud Security Risk Report underscores these ongoing challenges arising from over-permissioned human and workload identities. Analysis of past year usage data from Microsoft Entra Permissions Management confirms that the complexities in multicloud environments primarily stem from rapid identity growth and over-provisioned permissions (learn more), including:   

 

  • Over 51,000 permissions that can be granted to identities – 50% of which are identified as high-risk permissions.
  • Only 2% of those 51,000 permissions were used.
  • Of the 209M identities discovered, more than 50% are identified as super identities that have all permissions to access all resources.   

 

Figure 1: 2024 State of Multicloud Security Risk key findingsFigure 1: 2024 State of Multicloud Security Risk key findings

 

 

Introducing our vision for cloud access management: Building a converged platform

 

Today, I’m excited to expand on our vision for cloud access management.

 

As businesses expand, organizations inevitably face challenges of overprovisioning at various levels. Initially, this manifests as granting more access to accommodate growing teams and workloads and can lead to overlapping access privileges. To address these issues, organizations must proactively identify vulnerabilities in identities and permissions and respond swiftly and, eventually, automatically. There’s a pressing need for a new solution that empowers all identities to access resources in any cloud securely while adhering to least-privileged permissions.

 

To address this critical need, we’re developing a converged platform that encompasses a comprehensive set of capabilities. This upcoming platform is designed to streamline the journey from risk discovery to remediation for secure access to any cloud resource whenever deviations occur, offering:  

 

  • Visibility: Gain insights into all identities and permissions assigned and used and detect risky permissions.
  • Risk remediation: Remediate risky permissions with recommendations.
  • Granular controls: Grant the right privileges for role-specific durations.
  • Automated governance: Implement continuous compliance through automated policies. 

 

Figure 2: How to secure access from any identity across multiple cloudsFigure 2: How to secure access from any identity across multiple clouds

 

Our journey to secure access to resources in any cloud is advancing by building upon our industry-leading Microsoft Entra products:  

 

  • Permissions Management (CIEM) for delivering visibility into identities, permissions, and usage.
  • Privileged Identity Management (PAM) for enforcing least-privileged controls for both human and workload identities.
  • ID Governance (IGA) for automating identity lifecycle and access workflows regardless of origin or usage.
  • Workload ID (IAM for workloads) for offering customized authorization policies for workload identities. 

 

Figure 3: Convergence of four critical areasFigure 3: Convergence of four critical areas

 

Additionally, as part of our continuous Copilot journey, we're leveraging AI/ML to enhance all the technologies within the cloud access management platform. This enables organizations to uncover risks that are otherwise challenging to detect manually, identify the most significant risks, propose impactful remediations, and recommend usage-based custom roles and policies for any identity as the platform adoption grows. It will help simplify cloud access management and provide more effective ways to secure cloud environments for organizations.

 

 

Our commitment

 

At Microsoft, we’re committed to bringing this vision to life for our customers through the advancement and innovation of our newly converged platform, designed to secure access to resources in any cloud. Additionally, this vision extends to securing access to resources anywhere, including on-premises and business apps. Our goal is to help our customers enhance their security for any access to any resource in the era of AI and robust workload identities. 

 

We look forward to collaborating with the community to realize this vision, empowering every organization to implement least-privileged access and permissions across all identities in multicloud and hybrid environments. We’ll keep you posted on our progress towards this vision. Until our next update, we invite you to explore our products that form the foundation of our cloud access management vision. Learn more about Microsoft Entra ID Governance and Permissions Management.

 

Thank you,

Joseph Dadzie

Partner Director of Product Management

LinkedIn   

Twitter   

 

 

Read more on this topic

 

Learn more about Microsoft Entra  

Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds. 

 

1 Comment
Co-Authors
Version history
Last update:
‎May 23 2024 11:38 AM
Updated by: