Blog

Identity Governance Meets Cloud Security in Identity Security

September 1, 2022
by Deepak Taneja
Identity Security

I’m excited to announce that Zilla Security has closed a $13.5M Series A venture round with Tola Capital, FirstMark Capital, and Pillar VC

Zilla’s mission is to automate identity security for organizations of all sizes and help businesses grow their cloud footprint with control and confidence. Our success over the last year makes us the fastest growing identity security platform in the market. But what, exactly, is identity security?

The times they are a-changin’.

Identity Security Rubix

A lot has changed over the years. For a long time, security was mostly about keeping the bad guys out of our networks. In fact, back in the 80s, the network became the computer, and over the next couple of decades, network security evolved to become the foundation of an enterprise security practice. 

Today, the cloud is the computer, and increasingly identity security is synonymous with security!

Does the corporate network even matter much anymore? Not really, except for on-premises data centers still waiting for the lift-and-shift to the cloud.

Identity is not the new perimeter – it’s the ONLY perimeter!

In the cloud-first, zero-trust world where we live, the security vectors that matter the most are identity and access. The critical elements organizations must address are –  What makes an identity trustworthy? And, what access should be granted to a trusted identity? Unfortunately, in reality these two elements represent two very different, yet related challenges.

The first challenge organizations face is maintaining identity profiles, establishing trust in identities through authentication, and enabling standards-based authentication flows to support SSO.  Fundamentally, this is a business enablement and IT operational efficiency challenge. It’s the exact problem identity and SSO providers solve.

The second challenge is ensuring that cloud applications, databases, and infrastructure are configured so that the right identities get the right access and nothing more.  And, accomplishing this despite constant changes in cloud infrastructure, business requirements, and identity, application and data resource life cycles. This is the precise problem that identity security solves.

Identity Security, what’s it all about?

Identity security is all about enabling, securing, and managing the access that all trusted identities – humans, machines, and APIs – have to enterprise resources. In fact, identity security solutions complement Identity and SSO providers by delivering four key components:

  • Least privilege security and policy-based remediation of identity related vulnerabilities
  • Regulatory compliance through access reviews, SOD, and other access controls
  •  Identity entitlement lifecycle management, so that access, at a fine-grained entitlement level, is onboarded, maintained and off-boarded appropriately
  • Governance that ensures adherence to organizational policies and processes

The cloud and digital transformation surface new challenges.

While the shift to the cloud has made identity the new perimeter, digital transformation is driving identity as the critical unifying factor in the enterprise. Through identity, digital transformation is providing employees, partners, and customers with controlled access to the resources they need, and facilitating collaboration.

Both of these trends have significant implications.

  1. Decentralization of security work. With the shift to SaaS, IaaS, and PaaS, business teams are acquiring their own applications and managing them independently of IT.  Application owners in the business are configuring their own applications with productivity and efficiency goals in mind. These app owners are effectively doing security work but aren’t quite responsible for enterprise security and compliance.
  2. Cloud scale has made manual approaches to managing access untenable. With dozens, if not hundreds, of cloud applications in use, manually tracking thousands of accounts and entitlements across dynamic resource environments is an impossible task. Monitoring and controlling privileged access alone is a tall order.
  3. DevOps security is complicated but critical. Digital transformation is accompanied by a rapid increase in the number of machine identities, and in the complexity of entitlements that DevOps teams need for platforms like AWS, Azure and GCP. Securing complex cloud infrastructure with dynamic cloud assets and federated identities is a huge struggle.

What organizations need is a unified, holistic, identity security solution that assigns, monitors, and remediates access on a continuous basis. It includes:

  • Comprehensive support for all the digital services across the business
  • Automation to manage and secure access
  • A simple user experience that enables collaboration between app owners, IT/security staff and auditors

Zilla to the rescue. 

Zilla delivers an identity security solution focused on comprehensive security and compliance that is automated and easy to use. Our platform combines identity governance with cloud security to deliver access visibility, reviews, lifecycle management, and policy-based security remediation.

Zilla’s no-code integration with SaaS applications like Salesforce, cloud infrastructure like AWS, and cloud databases like Databricks, is unparalleled.  Robotic automation, a key pillar of our integration strategy, enables us to monitor and configure all your web-based applications, even those that don’t have security APIs. Zilla’s self-learning, intelligent automation easily handles cloud scale and dramatically reduces your cost of ownership. But the best part, with Zilla, your team is in the drivers seat, not expensive, third-party professional services consultants!

Give us a try. Contact us today and see what we can do for you.

Tags