Skip to the content

Identity management is critical for business


Providing access to a business tool or platform – and the IT function of identity management – are nothing new but the modern act of access management is complex.
With 2020 being a year of pandemic-driven remote working and escalating cybercrime, digital identity management has become somewhat critical for a company’s cyber hygiene.

This article looks at what identity management (IDM) entails, and why it's so important for a business to stay vigilantly protected in the current digital climate.

 

The new security landscape

Hackers exploit the subtle difference between identity management and access management:

  • Identity management is about authenticating users.
  • Access management relates to authorising users.

With many businesses having moved permanently to the work-from-home model, there is a need to boost remote access security and anti-phising efforts.

Just because a business is good at authenticating users does not mean they’re doing the right things with access management.

For example, if hackers manage to steal an account’s login and password, they are guaranteed access to all data within that account.

Not every business understands its security position, nor the effectiveness of controls that are in place. This is where thorough penetration testing would help – the resulting report will provide guidance on all security actions to take.

Securing end users and data, and implementing the security controls should take priority, followed by the task of reassessing digital processes and architectures.

These should adopt IAM (identity and access management), automation to improve the security of remote users, devices and data, as well as the following models:

  • Zero Trust: the principle of maintaining strict access controls and not trusting anyone by default, even those already inside the network perimeter.
  • Software Defined Security: the ability to control some or all of a system’s functions using software.
  • Secure Access Service Edge architecture (SASE/ “Sassy”): a network architecture that combines WAN capabilities with cloud-native security functions such as secure web gateways, cloud access security brokers, firewalls, and zero-trust network access.


How identity management works

While there are multiple IDM products on the market, we use Microsoft Azure at Pattern because moving identity management to the cloud offers the highest level of protection for our digital assets.

With Azure Active Directory (AD), a user must sign-in to Azure AD before accessing any application for authentication. Access can be granted to only the applications that the user is allocated.

The goal with AD is to control the administration of all services from a single point. While there are various ways to achieve this, we choose the System for Cross-domain Identity Management (SCIM) method.

Once an account is created in AD with the correct entitlements or group memberships, the next step is managing the provisioning into Azure AD.

Ideally, you could use an HR system to trigger the provisioning of an Azure AD account which in turn provisions onward to the other systems.

Linking to an HR system makes it possible to control the user’s joiner, mover and leaver (JML) process.

New starters can be provisioned ahead of their start date but only enabled on their first day.

When they change roles or departments, their access can be automatically modified. When they leave, their access can be removed.

 

More information

 

References

  1. Unlocking digital identity management, Raconteur
  2. Creating a cloud identity strategy, Third Space
  3. Identity management isn’t all authentication, it’s about permissions too, Solutions Review
  4. The best identity management solutions 2020, PC Mag
By Jo Lo
Security