Organizations around the world depend on properly implemented identity and access management solutions to secure their data and resources. Work staff, customers and business partners all need appropriate, secure access to information and technology resources on demand. At the same time, an organization must be careful to maintain security controls that prevent unauthorized users from gaining access, as well as block legitimate users from exceeding their authorization.
Identity and access management (IAM) solutions provide enterprises with a secure, centralized approach to managing user identities and access permissions. They work across a variety of different technology platforms, consolidating all access controls on a single platform that improves data security, reduces costs and relieves administrators of the burden of managing access control on many diverse systems.
Enterprises should implement an IAM system that provides users with authorized access to information and resources. This system must function efficiently across a wide variety of technology platforms and provide users with access regardless of the devices they use. It must work well across notebooks and mobile devices and support both on-premises and cloud technology. To provide effective security in today’s threat environment, IAM solutions must also go beyond traditional password technology and offer secure authentication approaches that provide access based on context and identity.
Organizations adopting a new IAM solution may choose to adopt traditional, on-premises software-based solutions, such as the CA Identity Manager, or adopt one of the increasingly popular cloud-based solutions, such as Okta or Centrify. Whatever solution they choose, organizations should select a platform that can integrate with both on-premises and cloud-based service providers. Those that don’t currently make heavy use of cloud solutions should still consider this an important requirement so that the selection of an IAM product doesn’t limit future options for managing devices, users and applications in the cloud.
The cloud-based approaches to identity management offered by companies such as Centrify and Okta seek to reduce the burden of IAM on enterprises by offering identity management as a service. These vendors provide prebuilt integrations with many popular cloud applications, making setup fast and simple. They also offer connectors to traditional enterprise software and operating systems, allowing security teams to use a single cloud-based platform to manage access to both cloud and on-premises computing services.
Single sign-on (SSO) technology provides important benefits to both users and administrators. Centralizing authentication and authorization on a single platform reduces the number of times that users must authenticate and provides them with a single set of credentials to access diverse systems across the enterprise. That combination of factors greatly improves user satisfaction and reduces the burden that security systems place on an organization. At the same time, SSO improves security by allowing administrators to efficiently manage access across diverse technology platforms from a single console.
Modern IAM systems also support the use of two-factor authentication technology. Users may prove their identity to an IT system using three different authentication factors:
Something you know: Knowledge-based authentication schemes depend on the user and system having a shared secret piece of information, such as a password. This approach is the easiest to implement, but it also provides the least security because passwords may be lost or stolen.
Something you have: Token-based approaches require that the user have a specific device in his or her possession. This device might generate a passcode, contain a digital certificate or run an application that provides secure authentication technology. Anyone who possesses the device linked to a user account may then use it as part of the authentication process. Stolen devices are a problem for this approach.
Something you are: Biometric security technologies read a physical characteristic of the user to complete the authentication process. This might include a fingerprint, retinal scan, voice analysis, facial recognition or some other physical attribute of the user. This technology is quite secure but often requires the purchase of specialized hardware.
Each approach to authentication, used in isolation, has security weaknesses. For this reason, enterprises seeking high levels of security use an approach known as two-factor authentication (2FA). 2FA approaches require users to authenticate using two different techniques, coming from two different authentication factors. For example, an organization might require that a user first provide a password (something you know) and then verify the login attempt on a registered smartphone running an authentication app (something you have). For an attacker to defeat this security approach, he or she would have to both obtain the user’s password and steal his or her smartphone.
Learn more about the benefits of IAM solutions by downloading the white paper, "IAM: Overcoming the Authentication Challenge."