A new adage is emerging in the cloud security world that context is the new perimeter.

If you believe this, and there is every reason to believe it, then it begs the question – Where is this context? 

Why has the shift to the cloud made context so much more important?

To answer this question, it is worth stepping back to look at the broader changes behind the shift to the cloud.

The Business is driving cloud adoption

As digital transformation has accelerated across industries, businesses have adopted cloud at a rapid pace. 

  • SaaS Explosion – Whether it is Hubspot for marketing or Github for engineering, business users have adopted such services without IT projects to drive them. Unsanctioned apps, anyone?
  • Cloud Workloads – Platforms such as AWS, Azure & GCP have brought an agility to business while IT and Security play catch up.
  • API Economy – Connecting applications such as Salesforce and MailChimp together has become a matter of a few clicks. Increasingly, these are clicked by business users.

In the emerging technological landscape, cloud adoption is being led by the business user. 

The Business is doing cloud configuration

Increasingly, configuration and management is also being done by the business user. Configuration includes such things as

  • Accounts – who has access
  • Access settings – what can be accessed
  • API integrations – machine identities.

This federated acquisition and configuration creates an interesting challenge for security teams. Security teams lack context.

The Business has context

IT and Security teams are almost always fully engaged in managing global services such as Office 365, SPAM filtering, end-point configuration, etc. However, when it comes to business applications, this is almost never the case.

It is the inbound marketing lead who knows why a specific user who is absent from the corporate directory, has access to tools such as Hubspot and Mailchimp. It is the engineering project lead who knows why a certain IAM role in AWS is configured with a cross-account policy to read data. It is the customer success engineer who knows that an API integration into Zendesk is necessary for customer data exports to be analyzed for customer satisfaction.

When it comes to the cloud, business teams have context. 

Securing the new perimeter

A foundational principle of Zilla Security is that in a cloud first world, individuals outside of security teams play a significant role in security and compliance. Business users are not trained in security but care just as much about protecting the applications and data they use on a day-to-day basis.

Securing this new perimeter requires regular collaboration between IT & security teams and the business users they serve. Processes such as periodic access reviews and security reviews engage the business and provide a strong foundation for this collaboration. Automation can make these processes simple so that only critical changes take valuable time from the business user.

Context is the new perimeter and securing this perimeter is everyone’s responsibility. Tools like Zilla can help.

Author

  • Identity security leader Deepak Taneja smiles at the camera, in a blue and white checkered button-down shirt.

    Zilla Security Co-Founder, CEO & President Deepak Taneja is an entrepreneur and security expert with extensive experience founding and leading enterprise software companies. Deepak has been at the forefront of innovation in identity management for over 25 years.

    His vision for Zilla is to secure the enterprise by automating the management of permissions to all applications and data. Prior to Zilla Security, he founded and led Aveksa, a pioneer in identity governance, and was CTO at RSA Security after Aveksa was acquired by RSA.

    Previously, as CTO for Netegrity, he led the evolution of SiteMinder into an industry-leading web access management platform. An avid supporter of technology entrepreneurship, Deepak has served as a board member and advisor to several successful startups. Deepak holds a B. Tech in Electrical Engineering from the Indian Institute of Technology, Kanpur, and an M.S. in Electrical Engineering from the University of Florida.

    Connect with Deepak via LinkedIn.

    View all posts