Is Traditional Client-Based Access Obsolete? Rethinking Internal Security

"If you envision a world where what would be the most ideal way to make access management IAM decisions, to enable people to access internal things, you'd want to do a few things,” reflects Bobby DeSimone, Founder and CEO at Pomerium.In this episode of The Security Strategies Podcast, host Alejandro Leal, cybersecurity expert and senior analyst at KuppingerCole Analysts AG speaks with DeSimone about the shifting focus in security to internal access solutions, particularly in identity and access management [IAM].DeSimone emphasises the importance of simplifying typically complex internal access management IAM solutions. He suggests directing focus on the foundational need for secure and user-friendly access among other recommendations.Additionally, he shares insights from his journey in the privileged access management space, discussing the limitations of traditional perimeter-based security and the need for a more comprehensive approach to identity and access.The conversation also explores the challenges posed by client-based access solutions, the importance of context-driven access, and how Pomerium's clientless approach to device health is reforming internal access management IAM.As threats become more sophisticated and workforces more distributed, the once impenetrable "castle and moat" approach leaves organisations vulnerable in terms of identity and access. As such, this podcast addresses the limitations of conventional access management IAM solutions and explores a modern, context-driven approach to securing internal assets.DeSimone argues that the numerous acronyms like SASE, CASB, and PAM, while representing different facets of privileged access, ultimately fall under the umbrella of "just actually one big market under it, which is the internal identity and access market". The core challenge lies in moving beyond login-based authorization to a more granular, context-driven access model.Watch the podcast to learn more about how to overcome traditional complexities and approach a more modern and relevant internal access management IAM solution.TakeawaysBobby's journey in security began with privileged access management.Traditional perimeter-based security has significant limitations.Organisations struggle with internal access despite strong outer defenses.Client-based access solutions introduce administrative burdens and vulnerabilities.Context-driven access is essential for modern security solutions.Pomerium supports clientless device identity for easier access management.The security landscape is evolving towards a more integrated internal access market.Real-world applications of Pomerium show its effectiveness across industries.CISOs should prioritize securing internal assets without traditional complexities.Pomerium offers a flexible approach to access control on organisational terms.Chapters00:00 Introduction to Security Strategies Podcast01:02 Bobby's Journey in Security and PAM03:01 Challenges of Traditional Client-Based Access Solutions05:53 Market Segmentation and Context-Driven Access09:02 Pomerium's Approach to Device Health and Clientless Access12:03 Beyond the Perimeter: Real-World Applications of Pomerium16:51 Key Takeaways for CISOsAbout Pomerium