What is identity management and what role does it play in a security strategy?

Make sure only the right people have access to your infrastructure

identity head digital

Protecting company data is vital for any organisation – allow an unauthorised person to gain access to your system, and you’re asking for trouble. Cyber-crime is on the rise, and data breaches are both incredibly expensive and can ruin the reputation of your organisation. Ensuring you monitor user access carefully through identity management is an important step on the journey to creating a water-tight security strategy.

So what exactly is identity management? Put simply, identity management is ensuring that the right people have access to the right things within your organisation. This means identifying everyone’s required level of access to company data and only giving them the privileges they need to carry out their responsibilities effectively. It also means implementing processes to authenticate users to ensure that the person on the other side of the screen is who they say there are.

Related Resource

The total economic impact of IBM identity and access management

Cost savings and business benefits enabled by IBM's professional and managed services for identity and access management

Cost savings and business benefits enabled by IBM's professional and managed services for identity and access managementDownload now

With a rise in remote working fuelled by the COVID-19 pandemic, this is more important than ever before. A distributed workforce makes it much harder to keep visibility of your employees, and cyber criminals are only too aware of this. Identity management is a quick, easy, and low-cost way to boost security with minimal disruption.

What should identity management systems include?

Identity management systems should include a central directory service of user identities and access permissions. This should be able to grow as an organisation does. It should also help in setting up users' accounts and provisioning users by enabling a workflow that cuts down on errors and abuse.

Access requests should be reviewed at multiple stages with approvals required to mitigate security risks. There should also be a mechanism to prevent privilege creep, the gradual process of a user acquiring access rights beyond what they need.

Other identity management technologies are surfacing, focusing on ease of use in addition to security. Tasks such as the provisioning and de-provisioning of users can be automated, saving both time and resources. When a user leaves the organisation or changes roles, their account is automatically altered to suit.

Single sign-on technology has been developed, providing employees with just one set of credentials to access applications. This eliminates IT and human-error led password issues which are a major drain of IT departments' resources, and also ensures employees can access the applications they need without unnecessary hindrance.

Deploying identity management as part of security strategies

The role of identity management in an enterprise's security strategy should be to meet the task of securing an ever more interconnected, cloud-based network ecosystem.

This means not only making sure those who need access to data and services can get it, but also those that aren't authorised to access such data and services are prevented from doing so. Both situations require that access attempts are logged and can be later analysed for security purposes.

The issues here are that there are many operating systems and applications within a workplace, and these can all support different methods of authentication with various repositories for storing credentials and diverse communications protocols.

Also to consider in a security strategy is what kind of granular access your data requires. The more granular you make access rights; the more work is required to keep it up to date.

Another issue is moving data to the cloud. Diligence is needed when porting staff or customers' personal details outside your own network infrastructure.

One way of managing identity and security across heterogeneous networks is the use of federated identity. In essence, an organisation puts its trust in how another organisation deploys its identity management and allows access based on that trust. No personal data need be shared with a partner organisation when a user requests access, only an assertion from a trusted organisation that the user is authorised to make such requests.

When considering identity management and the role it plays in an organisation's security strategy, one must consider where identity management overlaps with other security projects in place, and whether they have similar goals that overlap. This can result in avoiding duplication of effort and resources.

Integrating identity management with the wider organisation

Even when an IT department has recognised that identity technology will increase security throughout an organisation, the implementation of a chosen system can still create challenges for employees.

Systems that fail to address the balance between ease of use and security could be an obstacle to efficiency, affecting workflows. Many systems focus on just one aspect of identity security, and it's only through combining multiple singular systems and products that organisations can experience complete security and identity visibility. A by-product of this, however, is a negative impact on ease of use factors.

All-in-one systems offer a holistic solution to security problems. Through combining different technologies, they provide the visibility and authentication necessary to deliver security benefits across organisations, while also dismantling efficiency obstacles for employees.

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Defend your organisation from evolving ransomware attacks
ransomware

Defend your organisation from evolving ransomware attacks

18 May 2021
Enabling operational resiliency with Veritas
Whitepaper

Enabling operational resiliency with Veritas

18 May 2021
Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021