CIO
opinion
CIO
OPINION
The evolving Secure Access
Secure Access layered trust model
In order to start to understand how
Secure Access needs to evolve, we need
to establish a trust model that underpins
the secure access in all of its forms. One
such model breaks the problem into four
layers, that are typically associated with
distinct management domains within the
IT organisation. The top-level objective is
to provide the user (or IoT device for that
matter) secure access to create, store and
retrieve information. This is based on client-
side services and applications that connect
to cloud and enterprise applications, that
in turn rely on client devices connecting to
cloud and data centre infrastructure, through
wired and wireless connectivity into public
and corporate networks.
Secure Access then translates into
information access based on trust across and
between the layers. Some use-case scenarios
rely on implicit trust, whereas others require
explicit trust relationships. For example,
a user who logs into a legacy corporate
computer that is connected to the corporate
LAN used to be implicitly trusted to access
most internal/on-premise enterprise
applications (file-shares, mail-server, intranet
server, etc.). In today’s environment, a user
may need to authenticate with a mobile
application that was installed and secured
by an End-Point Management solution,
using a device profile for using corporate
Wi-Fi connections, to access the enterprise
application behind the firewall. A user role
and profile would determine which part and
what information of the application would
be accessible.
Note that when trust depends on the trust
between the layers, then this also implies
www.intelligentcio.com
“
SECURE ACCESS
TO CORPORATE
OR IOT DEVICE
INFORMATION IS
ROOTED IN THE
ESTABLISHMENT
OF MUTUAL
TRUST BETWEEN
THE PROVIDER
(SERVICE) AND
CONSUMER/
SUBSCRIBER
(CLIENT) OF
THAT
INFORMATION.
Given the diversity of applications, cloud
applications, client devices, server/service
infrastructure and networks and topologies,
it is unlikely that a single vendor can cover
all data paths in this multi-layer fabric
of connections. It is envisioned however,
that a vendor who is client, service and
infrastructure neutral, can orchestrate
multi-vendor solutions based on a central,
consistent policy and trust model.
Whether an information access request
occurs between an IoT device and end-
user-device, between cloud services or as a
client aggregation request across cloud and
data centre, a common policy model would
consistently determine and enforce trust
and trust levels amongst the requester and
providers of information.
At the same time, the end-user experience
or IoT connection setup needs to be simple
and consistent regardless of the different
paths, layers and solutions that support
the Secure Access connection types. To do
so, you would adopt a single orchestration
solution that centralises the core principles
of your Secure Access and trust model into a
single, consistent management model that
is distributed across the ecosystem and your
multi-cloud environment.
What to Look for in a Secure Access
Orchestration solution
that the systems solutions used by the
different IT departments can trust each
other (and have the same model and
understanding of such trust). Using this
model, we can now define Secure Access
in the multi-cloud environment as the
‘ubiquitous secure connectivity for users
and devices to a specific set of enterprise
multi-cloud applications and services, based
on their role and context, from any location
through any network at any time.’
Orchestration in a multi-vendor
IT environment
With a Secure Access Orchestration
solution in place, companies can take
advantage of multiple use cases, including
BYOD, multi-vendor IoT support, unified
compliance enforcement, and DevOps
delivery with integrated secure access.
Given the diversity and dynamics of
today’s businesses, your solution should
reflect the switch from a static trust and
policy enforcement model into a more
dynamic, but consistent context-based and
analytics and insights-driven trust model.
The Secure Access Orchestration solution
should also provide API management
services for developers and 3rd party
products that integrate into your existing
solutions, services, processes, and fabric.
All of this in support of ubiquitous secure
connectivity based on a common, dynamic,
multi-layer trust model, will deliver on the
dual objectives of enterprise security and
user productivity. n
INTELLIGENTCIO
53