Identity Management & Secuirity
Identity management (ID management) is a broad administrative area that deals with identifying individuals in a system (such as a country, a network, or an enterprise) and controlling their access to resources within that system by associating user rights and restrictions with the established identity.
At the most basic level, identity management involves defining what users can do on the network with specific devices and under what circumstances. Today, many security products have an emphasis on managing mobile access to corporate systems. In an enterprise setting, identity management is used to increase security and productivity, while decreasing cost and redundant effort.
For security reasons, tools for managing identity management should run as an application on a dedicated network appliance or server, either on-premises or in the cloud. At the core of an identity management system are policies defining which devices and users are allowed on the network and what a user can accomplish, depending on his device type, location and other factors. All of this also depends on appropriate management console functionality, including policy definition, reporting, alerts, alarms and other common management and operations requirements. An alarm might be triggered, for example, when a specific user tries to access a resource for which they do not have permission. Reporting produces an audit log documenting what specific activities were initiated.
Why Identity Management is Important
Sometimes, we’re our own worst enemies. A much-publicized 2007 Microsoft study showed the average employee had about seven logins to remember. Now we’re piling on SaaS and mobile applications while granting trusted status and network access to partners without fully vetting their security–and just ask one CIO whose organization was breached how that worked out. Yet just 27% of the 438 business technology professionals responding to our 2011 Information Week Identity Management Survey say their companies have what we consider comprehensive identity management (IdM) deployments, defined as company-wide internal IdM programs plus cross-domain use for outside vendors and partners. Adoption increases are miniscule since we last surveyed readers on IdM, in 2009.
No wonder people still use sticky notes to manage user names and passwords.
Single Sign In
Current Authentication solutions should leverage cross-domain federation with external suppliers, where each business acts as both an issuer and a consumer of identity credentials; the holy grail was to give users access via single sign-on to every member of the federation. Today, companies like Facebook and Twitter are advancing this concept by espousing “bring your own identity,” or BYOI. Vendors are finally committing to standards, like OAuth. It’s exciting stuff. But at the end of the day, you’re still on the hook to verify that people accessing sensitive data are who they say they are. And that remains a challenge.
More Agile Infrastructure
Identity and Access Management (IAM) addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements. This security practice is a crucial undertaking for any enterprise. It is increasingly business-aligned, and it requires business skills, not just technical expertise.
Enterprises that develop mature IAM capabilities can reduce their identity management costs and, more importantly, become significantly more agile in supporting new business initiatives.
SCAD Solutions address IAM as a part of the core design!
IAM needs to be globally implemented
The ROI from identity management is directly dependent on how strictly an IT organization integrates all applications and services into its IdM program. Every single piece of software that isn’t connected, or is only partially so, requires a unique set of authentication and authorization processes, and that means pricey customization. Eventually, you have gaps.
Identity Management needs to consider third party access.
identity management has to be about more than just internal logins and identities. Most companies let suppliers and contractors access sensitive data. However, when you attempt to link your federation technology to that of an external party, you can generally forget having your IdM products communicate using the same language, because of a lack of widely adopted standards.
Integration can be challenging
most applications and network systems still can’t talk to IdM products, period: Surveys show that only 18% of those enrolling cloud/SaaS application authentication in their IdM program say these applications integrate with their user directories; 49% do expensive custom development to integrate with their SaaS providers, while 44% provision user access and manage passwords manually.