Microsoft CIEM, Decentralized Identity Tools Secure AccessVerified ID and Permissions Management Will Extend Secure Access to Workloads, Apps
Microsoft plans to roll out new decentralized identity and cloud infrastructure entitlement management, or CIEM, products to extend secure access from users to workloads and applications.
The Redmond, Washington-based software giant unveiled Tuesday the Microsoft Entra identity and access product family, which features new CIEM and decentralized identity products as well as Azure Active Directory. Microsoft Entra Permissions Management leverages the CIEM tool Microsoft acquired from CloudKnox and will be available on a stand-alone basis in July. Verified ID will debut in August.
"Identity is the new battleground," Joy Chik, corporate vice president of Microsoft Identity, tells Information Security Media Group. "The future is in the identity and secure access solutions we can provide with Entra."
Marrying Privacy and Security
Verified ID goes beyond securing access to applications and data and enhances user privacy, Chik says. The product allows users and organizations to decide what information they share, when they share it, with whom they share it, and - when necessary - allows them to take it back, according to Microsoft (see: Microsoft Unveils Services to Simplify Threat Hunting, XDR).
The platform makes it possible to verify aspects of a user's digital identity such as passport, driver's license, employment status, and education and certification credentials without having to store the data in a centralized repository, Chik says. Any entity or organization can verify forms of identity such as a driver's license, Chik says, and it prevents having identity data spread across numerous providers.
"We can have digital interactions and digital transactions without having to store the sensitive private data of individuals from any organization," Chik says.
Verified ID can be particularly helpful in a remote onboarding scenario, where many companies today are asking new hires to photocopy and physically present their driver's license, passport and COVID-19 vaccination status, Chik says. This process eats up a ton of time and money for IT and HR personnel, according to Chik.
Decentralized identity makes it possible for HR to replace some paper-based or in-person identity or credential verification processes and verify an employee’s skills, certifications, education, and career history in a privacy-respecting manner, according to Microsoft. Verifying the identity of new employees as part of their training program will allow them to start working on projects sooner, Chik says.
Microsoft has been working with the decentralized identity community for the past five years to come up with new ways to provide secure access while offering greater levels of user privacy, according to Chik. She says that Verified ID was designed with specific use cases, such as remote onboarding, in mind.
"We think that the world is really moving to a more decentralized model," Chik says. "That doesn't mean it will replace today's centralized model, but it can be a complementary offering sitting side by side with today's centralized world when the use cases make sense."
Microsoft Entra Permissions Management, meanwhile, can ensure that user and workload identities are granted the appropriate level of access when traversing across cloud or on-premises environments, Chik says. Customers are increasingly deploying apps across more than one public cloud environment and increasingly find themselves grappling with more than just user identities, according to Chik.
"From a resource perspective, the IT professionals are stretched really thin in terms of how we think about managing access all these sensitive data platforms in a hybrid way," she says.
Permissions Management provides a simple administrative experience and ensures that identities have access to the right information for the right amount of time without being overprovisioned, Chik says. As applications increasingly interact with one another without having a human involved, new technology is needed to vet the identity of these applications and govern interactions between apps and workloads.
Microsoft has pushed to evolve from a traditional human-centric approach to identity to protecting workloads and verifying identity across the entire management life cycle, rather than restricting the vetting to a single point in time, Chik says. Given that identities frequently come and go, she says it's important to provider greater control and governance over permissions.
"Identity is the most common form of attack pattern," Chik says. "There are now over 921 attacks on passwords alone every single second."