5 KEYS TO IDENTITY MANAGEMENT
As digital information and systems continue to move toward cloud-based technologies, we often hear the expression “Identity is the new firewall”. This statement emphasizes the increasing importance of identity management (IDM) as a fundamental component of every IT security program. 90% of data breaches begin with some form of phishing, and these phishing attacks are often being used to steal credentials. Rather than trying to identify and exploit a vulnerability from the outside, many attackers find it easier and more productive to compromise a user’s credentials, and then “walk in the front door.” In order to protect your organization it’s important to understand the value of identity management and implement best practices to reduce risk when it comes to users.
What Is Identity Management?
Identity management, which is also sometimes referred to as identity and access management (IAM) is the overarching technique and strategy for verifying a user’s identity and ensuring accuracy before giving access to a system or network.
Why is Identity Management Important?
Organizations need to utilize identity management best practices in order to verify who is gaining access to their systems, and keeping their information and data safe. Without proper identity management, hackers can easily access systems and steal information.
5 Keys to Identity Management
1. Use a cloud-based identity management directory. A cloud-based system enables integrated and coordinated access to both on-prem and cloud-based applications and data. For businesses utilizing Microsoft Office 365, Azure AD is an excellent option. Okta is also a very good 3rd party directory.
Utilizing a cloud-based identity directory allows you to utilize “identity federation” which enables the use of common credentials across cloud-based SaaS applications, rather than carrying around a key ring of unique credentials for each cloud-based system. In many cases, this can also enable a “single sign-on” experience where you do not need to re-authenticate when accessing cloud-based applications and services. This increases convenience for users and IT organizations like.
The use of a common directory service also provides critical integration to identity management processes. When an employee or contractor leaves the organization, the disabling of their primary logon credential will automatically disable their ability to log on to all of the integrated/federated on-prem and cloud-based systems and services, rather than disabling accounts for these services individually.
2. Multi-factor authentication (MFA). Perhaps the single most important security technology to allow business and IT security personnel to sleep at night. MFA will typically utilize something you know (a password) with something you have (often a cellphone) to provide an important layer of protection beyond passwords alone. No matter how strong a password may be, it is always possible that it can be compromised through social engineering or eavesdropping. By adding the additional factor, the likelihood of identity compromise drops significantly.
In most organizations, the use of MFA should be a requirement for remote access to company networks, systems and data. As more organizations move resources to the cloud, as well as the increase in “work from home,” more and more access to systems and data will fall into this “remote access” category and