Identity Management & Cloud Security Blog

EmpowerID's Jellybeans Approach and Proxied Model: Revolutionizing Identity Governance Across Diverse Systems

Written by Aditya Taneja | Tue, Jun 20, 2023

In the complex world of cybersecurity, managing identities and access rights across diverse systems can be a daunting task. EmpowerID, with its innovative Jellybeans approach and Proxied Model, is revolutionizing identity governance, providing a comprehensive solution for managing identities across a wide range of on-premise and cloud systems.

EmpowerID's Jellybeans Approach

To simplify the challenge of managing thousands of diverse systems and users, let's envision all the users in an organization as JellyBeans. Hopefully making this problem a little easier to digest using this analogy (pun unintended). 

In this analogy, each color of JellyBeans represents a distinct category, such as different types of employees, users, business units, customers, or even various geographic regions. Traditionally, LDAP and Virtual Directory systems allowed you to construct a hierarchy, wherein all your Users, Groups, and computers were organized within this tree-like structure. This hierarchical arrangement made it easy to remove administration roles by simply navigating through the tree.

 

This approach functioned adequately with straightforward on-premise systems in traditional organizations. However, with the emergence of the cloud, organizations have transitioned to various applications for their workflows, such as SAP, Salesforce, ServiceNow, Adobe, and more. Each of these applications operates on a distinct security model independent of Active Directory and LDAP. Consequently, managing the diverse collection of JellyBeans has become exceedingly challenging, as a single container can no longer accommodate all of them. So, what occurs now?

They are all mixed together.

The Admin Roles in database-based cloud systems often lack granularity, being too broad and limited in number. Such over-privileged admins significantly escalate your risk exposure. Nearly all modern cybersecurity attacks exploit compromised Privileged Accounts/Admins as a pivotal element in their execution. Apart from cybersecurity concerns, the privacy of your users is also completely compromised within these systems.

The Jellybeans approach in EmpowerID is a unique concept that enables granular control over identities and their access rights. EmpowerID gathers all your JellyBeans, whether they reside in on-premise systems or cloud systems, and arranges them neatly in virtual containers or mini tenants. These virtual containers can represent any desired organizational structure that aligns with your preferred approach to security delegation. This virtual container model resembles the traditional LDAP or Active Directory model, allowing you to create an organizational tree and apply policies to these virtual container locations. This way, you can regulate administrative actions, enforce privacy restrictions, and restrict users and admins to their designated containers. Hence, this technology organizes your jellybeans, granting fine-grained control to admins and users over user and object visibility, precise actions, and privacy restrictions enforcement.

 

This approach is not limited to Azure applications but extends to a wide range of systems including user accounts, service principals, managed identities, application secrets and passwords, Exchange Online mailboxes, SharePoint Online sites, Microsoft Teams, and more. By implementing the Jellybeans approach, organizations can enhance security and efficiency, effectively managing and securing identities across diverse systems.

The Proxied Model in EmpowerID

EmpowerID's Proxied Model allows non-technical users to perform complex tasks across various systems without being given direct access. This approach reduces standing privileges, mitigating potential security risks. The Proxied Model is not limited to Azure but extends to a wide range of on-premise and cloud systems including Active Directory, Azure Active Directory, SAP S4/HANA, Salesforce.com, Amazon AWS, Google GCP, ServiceNow, LDAP, and more.

Importantly, the Proxied Model also reduces the need for costly IT staff with specific knowledge and training in each of the proxied systems. This deskilling helps alleviate some of the challenges of the cybersecurity labor shortage and skills gap, making it a cost-effective solution for organizations.

Read More about how Proxy Models can help enhance Identity Governance here: Link

The Intersection of Jellybeans Approach and Proxied Model

The combination of the Jellybeans approach and the Proxied Model in EmpowerID provides a comprehensive solution for identity governance across diverse systems. The Jellybeans approach ensures granular control over identities, while the Proxied Model reduces standing privileges and the need for specialized IT staff. Together, they enhance security, improve efficiency, and facilitate effective identity governance.

Moreover, every action taken across these diverse systems is logged, providing a detailed audit trail. This not only aids in troubleshooting and incident response but also helps organizations meet compliance requirements.

Conclusion

EmpowerID, with its Jellybeans approach and Proxied Model, is revolutionizing identity governance across diverse systems. By providing granular control over identities, reducing standing privileges, and alleviating the need for specialized IT staff, EmpowerID enhances security and facilitates effective identity governance. Whether you're looking to manage identities across a wide range of on-premise and cloud systems, EmpowerID offers a comprehensive solution that aligns with your needs.