Simplifying Identity-Based Security in a Cloud-First World

This post is also available in: 日本語 (Japanese)

An all-encompassing Zero Trust approach to network security is critical for safeguarding productivity in the new reality of remote, mobile and hybrid work. To achieve Zero Trust Network Security, you need to be able to easily and consistently secure users across your branch, data center, public clouds and remote workforce. How do you consistently identify your users when the identity is fragmented in so many different identity stores, like Active Directory (on-premises), Okta (cloud), Azure AD (cloud) and more? According to ESG report Trends in IAM: Cloud-driven Identities" December 2020, 87% of organizations are already moving or plan to move to cloud-based identity sources in the next 24 months. Put another way, enterprises in this day and age find it difficult to consistently verify users and enforce identity-based security at all times.

To meet these needs, Palo Alto Networks is introducing a completely new cloud-based architecture for identity-based security, called the Cloud Identity Engine. With the introduction of this capability, we’re simplifying Zero Trust adoption. The Cloud Identity Engine enables you to consistently authenticate and authorize your users regardless of where user identity lives – on-premises, in the cloud or a hybrid of the two. As a result, users can securely access applications and data regardless of their location.

Existing solutions are designed for a single source of identity, either on-prem or cloud identity stores, leading to inconsistent security across the infrastructure. Moreover, every identity store and any changes by them have to be manually added and managed on the firewalls. Moving from on-prem to cloud or other identity sources can take months or years.

With the new Cloud Identity Engine, identity stores only need to be configured once. New identity sources can be configured and made ready for a large enterprise within a few minutes. The Cloud Identity Engine is used as the single point to synchronize user, group and authentication data across all firewall form factors, such as physical, virtual and cloud-delivered firewalls. This allows organizations the ability to provide secure access to applications from everywhere.

In PAN-OS 8.1, we introduced the ability to enable multi-factor authentication (MFA) for your data center applications at the network layer, using the firewall and its integrations with existing MFA providers like Ping and Okta. With the Cloud Identity Engine in PAN-OS 10.1, organizations can now use their cloud identity provider’s MFA for all their data center apps instantly.

Every organization’s cloud journey is different. But we all need a cloud-based architecture path to get there. The Palo Alto Networks Cloud Identity Engine paves the way for your organization’s cloud journey through the enablement of identity-based security for Zero Trust and identity enforcement for every location where users work.

To learn more about identity-based security for Zero Trust, register for our upcoming event series, Complete Zero Trust Network Security, and get ready to secure productivity wherever it takes place.