Digital identity and access management (the process of working out who someone or something is and what they can do, typically referred to as IAM) is a key component of any enterprise cyber security arsenal. This function was initially focused on making sure employees had the correct access to perform their jobs - whilst upholding things like signal sign on, password policies, multi-factor authentication and audit.
IAM has now expanded and evolved to be a mission critical part of any modern organisation and their digital transformation mission - from handling employee “work from anywhere” and the zero trust design pattern (especially crucial now during Covid-19), securing supply chain integration, helping to deliver secure consumer services that are managed online, as well being a foundation for mobile applications.
Enter Stage Left: The Edge
Digital transformation, whilst bringing huge opportunities for end user empowerment through the likes of the GDPR and consent management initiatives, can also be a huge competitive advantage for those organisations looking to deliver great user experiences combined with security and privacy. But these new services often need to be delivered across a range of different environments and devices.
Edge computing brings us new concepts such as the Internet of Things, offline devices (that have no consistent access to a central cloud “mothership”), high performance microservices or systems which are globally distributed. Think of the following use cases and how identity and access management needs to adapt to survive:
- How to pair a smart TV to a specific user identity in order to deliver personalised content - then how to do that for millions of end users?
- How to authenticate and authorise calls from a mobile application that is powered by 200 distributed microservices, each generating 1000 transactions a second with one another?
- How to securely allow an employee working from home in New York to gain immediate access to an application in a European data centre?
- How to provide login and access control services to staff on a cruise ship that is unable to communicate with the port's home network for 3 weeks?
New Concepts New Designs
All of the above use cases require the traditional functionality of authentication (working out who something or someone is) along with authorization (working out what they can then do). But how to do that, when the traditional centralised, on-premise, low scale identity and security infrastructure is no longer able to deliver these use cases?
A modern identity platform requires DNA based on the following concepts:
- Based on standards - to allow integration with different device types and programming languages - Eg OAuth2 (for authorization), WebAuthn (for passwordless login) and JWT (JSON Web Tokens for identity data distribution).
- Be elastic - meaning that it can grow and shrink based on unknown spikes in demand (such as Covid-19, or prime time content demand).
- Be distributed - with the ability to deploy nodes in cloud based data centres or within on-premise devops managed hubs across geographic locations.
Another major concept for the edge, is that of being stateless. This essentially supports the idea, where security decisions can be made away from a central “mothership”. What does that mean? In a highly distributed and high scale ecosystem, making a call back to a central hub is not feasible - the latency involved will be too high, the central service may not be able to cope under such load and the services requiring security decisions, may not even have access to a stable Internet connection.
By issuing security tokens that essentially contain all the necessary information to allow remote or offline identity and access management decisions, can help with the scale, speed and distributed nature of edge computing.
Edge computing provides a myriad of new opportunities to deliver personalised high scale user experiences, deliver IoT, Operational Technology driven smart industry, but must also adhere to modern identity, security and privacy standards.