Five Key Features to Look for in Your Enterprise Identity and Access Management Solution
Richard Walters, General Manager and Vice President of Identity and Access Management (IAM), Intermedia
When it comes to safeguarding sensitive business information, passwords are often a company’s primary line of defence. But as employees need to remember a growing number of different login credentials, these defences become prone to human error and consequently vulnerable to attacks. A recent study conducted by Intermedia last year found that the average employee relies on 13 different web applications at work, each requiring a different password. 89% of working adults retained access (i.e., a valid login and password) to at least one application from a former employer. More concerning, 45% retained access to “confidential” or “highly confidential” data and 49% logged into an account after leaving the company.
With these realities in mind, Identity and Access Management (IAM) software is increasingly necessary for businesses of every size to combat potential data breaches to data and IT systems. IAM is not only about Single Sign-On (SSO): there is a range of new and advanced capabilities that greatly increase security while also improving employees’ productivity. The following are the top five features business should look for in an IAM solution:
Double Down on Security: Two-Factor Authentication (2FA)
By now, it should go without saying that two-factor authentication is essential. Having one, single, strong password to log in to all of your accounts is convenient, but it’s not enough, especially if that one password gets compromised. Two-factor authentication randomly generates and sends a unique verification code or a push notification to the user’s phone, making the login system much more secure than one that uses passwords alone.
Set it and Forget it: Dynamic Password Management
People are notoriously bad at creating and then remembering multiple strong passwords and often take passwords with them after leaving the company – putting their previous employers at real risk. IT teams should take the responsibility of creating passwords out of the employee’s hands and, in fact, not even let employees know their corporate web application passwords, beyond their one master password.
Dynamic password management technology creates a unique, strong password for each of a user’s corporate web applications and changes it on a pre-defined scheduled basis. Employees never know what those passwords are — they simply log onto their IAM system and the system logs them into all their web applications. This ensures that employees cannot log onto those systems outside of work and take confidential information without the company’s knowledge. And, most importantly, it means they can’t take their passwords to corporate web applications with them when they leave the organisation.
The Best of Both Worlds: App Shaping
Most IAM solutions give IT complete control over which corporate applications employees can access. However, it’s growing increasingly important to have even more fine-grained control than that.
App shaping is a new technology that gives IT complete control over what each employee or group of employees can see and do within web applications. For example, you could redact certain data fields within these web applications for certain types of employees, disable certain features or even make web applications read-only.
By removing high-risk features (e.g. exporting files, ability to mass delete, etc.), companies can increase their security, without limiting their workforce’s flexibility.
See the Whole Picture: Capture Visuals for the Audit Trail
With compliance an ongoing concern for many businesses, any IAM solution should maintain an audit trail. However, just knowing who and when someone logged in and out is no longer adequate. Advanced IAM solutions allow for IT teams to monitor for specific features within web applications, send alerts for unusual activity and even provide the option to capture screen shots when certain online behaviours occur. This provides visual evidence of exactly what the user was doing.
Get Smarter Restrictions: User Empowered Identity
Digital identities need to be protected and who can identify suspicious account activity better than individual users? Premium IAM solutions give users real-time notifications when suspicious events occur and empower them to perform immediate and appropriate action.
For instance, if an attacker were to attempt to log in with a user’s identity from a different country, the user would be presented with a security notification in the browser or via an SMS text message. This is quicker and more effective than an operations team being alerted, as they may not be aware of the individual’s location. The user can then issue a response to disable the account or immediately change the password. This gives companies a higher level of assurance that their data and user accounts are protected.