Identity as the New Perimeter
Status: Scaffold — content in progress
The traditional network perimeter — firewall at the edge, trusted inside, untrusted outside — collapsed with cloud adoption, remote work, and SaaS proliferation. Identity is now the primary trust boundary.
The Perimeter Shift
What the Old Perimeter Assumed
- Resources inside the network are trusted
- Attackers are outside
- VPN access = trusted user
What Actually Happened
- Data lives in SaaS and cloud (outside the firewall)
- Employees, contractors, and attackers all come from the internet
- Credential theft bypasses the network boundary entirely
Identity as the Control Plane
Every access decision now depends on: which identity is requesting, what context it brings, and what policy applies.
Zero Trust and Identity
Zero Trust is not a product — it is a design principle: never trust, always verify.
The three Zero Trust pillars with identity focus:
- Verify explicitly: authenticate and authorize every request, every time, using all available signals
- Use least privilege: limit access to only what is needed, with JIT (just-in-time) and JEA (just-enough-access)
- Assume breach: design as if an attacker already has a foothold; limit blast radius
Identity as an Attack Vector
Because identity is the primary control plane, compromising it gives an attacker:
- Legitimate access that bypasses security controls
- Ability to move laterally without deploying malware
- Persistence that survives endpoint reimaging
Implications for Detection
When the perimeter is identity, detection must focus on:
- Anomalous authentication patterns
- Impossible travel / unusual source locations
- Token and credential misuse
- Privilege escalation paths
- Identity provider logs (not just network logs)
Cross-Links
| Topic | Link |
|---|---|
| What is Identity? | what-is-identity.md |
| What is ITDR? | what-is-itdr.md |
| Identity Frameworks | identity-frameworks.md |