Over the years, the world has changed drastically in many different ways. As exemplified in our last lecture, as the business world has moved into the digital age, the need for cloud software and services has grown exponentially. With that being said, we have the side effect of Traditional and On-Premises Directories being slowly transitioned out and replaced with newer Cloud-Based Active Directories like Azure AD. Alongside these changes, organizations need to also be aware of how this affects their overall security posture. Just think of all of the changes in the past 20 years. Smartphones have become a staple of society. Thousands of people now have the freedom to work from home, possibly even with their own personal devices, and even the capability for cloud-based software. All of these changes completely skewed the security landscape of an organization. With these changes in the ever-growing cloud environment, it's more important than ever for organizations to fully understand how to maintain security across their entire workforce. Historically, network security has been the main focus of security with on-premises servers and networks being the focal point of organizational data.

However, with these aforementioned changes, this focal point shifts to the identity. Each and every identity can be thought of as a potential security risk and as such, identity has become the primary security perimeter for many organizations. Now, when I say security perimeter, think of it like a police line. People are not allowed to cross that line or they may get access to things that they're not supposed to. This example is exactly what I mean only rather than keeping someone from something like a crime scene, the security perimeter is keeping someone from your organizational data. Think about this, this entire course, we have been talking about identity and access management with your permissions or access being defined and determined by your identity. So, if someone was able to access your identity, they would then in theory have access to all things that identity has access to. Do you see where I'm going with this? Effectively, the most vulnerable part is an identity and as such, the primary security perimeter in any cloud organization should be the identities within that organization. It's for this reason, organizations should consider four fundamental pillars when creating their identity infrastructure; administration, authentication, authorization, and auditing.

This is why we started the course off with the concepts of authorization and authentication, but let's go over each pillar briefly. Administration is all about management of identities within an organization. How you manage identities, whether it be a user or a device or anything else alongside how and when those identities can be changed or adjusted. Authentication is all about proof, how much proof will you require for an identity to prove they are who they say they are. Authorization then is about the level of access an identity has. Specifically, how much access someone who would been authenticated will have to anything that they're trying to access. And finally, auditing is all about tracking and understanding. Tracking which identities do what when they do them, and maintaining a deep understanding of alerts, reporting, and identity governance. Whenever you think of identity, think back to these four pillars as they are effectively the foundation for any strong identity infrastructure within any cloud organizations.