What is identity management and what role does it play in a security strategy?

Make sure only the right people have access to your infrastructure

identity head digital

Making sure only certain people and systems have access to your important corporate data is what identity management is all about. Get it right and you have made a crucial step in developing a rock solid security strategy. 

In essence, identity management is about identifying people within your corporate infrastructure and controlling which resources those people can access, and when they can do so.

Within enterprises, identity management is used as a security measure to safely boost productivity at minimal or no cost. In a mobile setting, this can also mean what mobile devices can access corporate networks, servers and applications.

What should identity management systems include?

Identity management systems should include a central directory service of user identities and access permissions. This should be able to grow as an organisation does. It should also help in setting up users' accounts and provisioning users by enabling a workflow that cuts down on errors and abuse. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Access requests should be reviewed at multiple stages with approvals required to mitigate security risks. There should also be a mechanism to prevent privilege creep, the gradual process of a user acquiring access rights beyond what they need. 

Other identity management technologies are surfacing, focusing on ease of use in addition to security. Tasks such as the provisioning and de-provisioning of users can be automated, saving both time and resources. When a user leaves the organisation or changes roles, their account is automatically altered to suit.

Single sign-on technology has been developed, providing employees with just one set of credentials to access applications. This eliminates IT and human-error led password issues which are a major drain of IT departments' resources, and also ensures employees can access the applications they need without unnecessary hindrance.

Deploying identity management as part of security strategies

The role of identity management in an enterprise's security strategy should be to meet the task of securing an ever more interconnected, cloud-based network ecosystem. 

This means not only making sure those who need access to data and services can get it, but also those that aren't authorised to access such data and services are prevented from doing so. Both situations require that access attempts are logged and can be later analysed for security purposes.

The issues here are that there are many operating systems and applications within a workplace, and these can all support different methods of authentication with various repositories for storing credentials and diverse communications protocols.

Advertisement - Article continues below

Also to consider in a security strategy is what kind of granular access your data requires. The more granular you make access rights; the more work is required to keep it up to date.

Another issue is moving data to the cloud. Diligence is needed when porting staff or customers' personal details outside your own network infrastructure.

One way of managing identity and security across heterogeneous networks is the use of federated identity. In essence, an organisation puts its trust in how another organisation deploys its identity management and allows access based on that trust. No personal data need be shared with a partner organisation when a user requests access, only an assertion from a trusted organisation that the user is authorised to make such requests.

When considering identity management and the role it plays in an organisation's security strategy, one must consider where identity management overlaps with other security projects in place, and whether they have similar goals that overlap. This can result in avoiding duplication of effort and resources. 

Integrating identity management with the wider organisation

Even when an IT department has recognised that identity technology will increase security throughout an organisation, implementation of a chosen system can still bring its challenges among employees.

Advertisement
Advertisement - Article continues below

Systems which fail to address the balance between ease of use and security could be an obstacle to efficiency, affecting workflows. Many systems focus on just one aspect of identity security, and it is only through combining multiple singular systems and products that organisations can experience complete security and identity visibility. A by-product of this however, is a negative impact on ease of use factors.

Advertisement - Article continues below

All-in-one systems offer a holistic solution to security problems. Through combining different technologies, they provide the visibility and authentication necessary to deliver security benefits across organisations, while also dismantling efficiency obstacles for employees.

Picture: Bigstock

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/careers/28219/it-manager-job-description-what-does-an-it-manager-do
Careers & training

IT manager job description: What does an IT manager do?

28 Oct 2019
Visit/strategy/28223/cio-job-description-what-does-a-cio-do
Business strategy

CIO job description: What does a CIO do?

1 Oct 2019
Visit/careers/28228/ciso-job-description-what-does-a-ciso-do
Careers & training

What does a CISO do?

25 Sep 2019
Visit/security/28196/the-cybersecurity-skills-your-business-needs
Security

The cyber security skills your business needs

24 Sep 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019