Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 28 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Identity and Access Management – Use Technology to Reduce Security Risks and to Meet Compliances

by The Gurus
September 21, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

Identity and Access Management – Use Technology to Reduce Security Risks and to Meet Compliances

Do you think that heavily guarded castles with invaluable treasures in them exist only in fairy-tales and history books? Maybe but there are analogies in today’s world—modern day organizations keep their critical technological resources in somewhat similar way—within heavily guarded IT infrastructure with strict access controls.  One will not be get access to such resources unless the organization wants him to have the access. Also, access will be extremely limited, and only for a limited period allowed by the origination. But how all these are facilitated in organizations where thousands of employees work on large computer networks, many devices, websites, files, folders, software, and other resources? The credit for this goes to an idea known as Identity and Access Management (I&AM).

Identity and Access Management

Identity and Access Management ensures that the IT infrastructure of the organization is as secure as the old fairy-tale castle. I&AM ensures that only trusted people with genuine purpose can use the resources of the organization, that too in very controlled way.  Then what is I&AM?
Identity and Access Management is a combination of policies, processes, and technologies intended to protect the resources like applications, databases, and system data from being misused. Apart from protecting, it helps to meet the mandatory security compliances. Simply, I&AM is the primary tool for protecting the technological resources of the organization through the effective management of its digital identities.

Why Identity and Access Management?

An organization has to share its data and resources with different types of users–employees, costumers, clients, partners etc. Depending on their role or relation with the organization, they may have to access different types of data and other resources. It is not necessary and safe to share all the resources with all users. Organization has to keep the security of data, cost of information sharing, and regulatory compliances in mind. So I&AM is used to facilitate secure and controlled access to its resources.

The importance of policies, processes, and technologies

Identity and Access Management starts with security policies. And technology is there to support the implementation of policies through various processes. Depending on its risk tolerance, the organization should enforce some restrictions regarding the usage of its resources. Then comes implementation of these restrictions through a series of steps. In every step, care is taken that resources are not misused in anyway at any level. Use of technology helps to automate these processes to ensure compliance and to eliminate security risks, with the optimum usage of resources.

Digital Identity, Directory Serveries, and Access Management

The entire I&AM stands on three pillars: Digital Identify, Directory Services, and Access Management.
The most essential thing for implementing I&AM is a digital identity. In order to access a resource, a digital identity is essential for people and devices. Email accounts, user accounts, and computer accounts are examples of digital identity. Ideally a digital identity consists of an identifier and its credential (attributes too). In day-to-day life, it simply turns out to be a user id and a password. However, in more complex situations a digital identity has more dimensions.
It is Directory Services that stores digital identities. It is also responsible for giving entitlement—the privileges and rights provided to users and user groups. Also, it hold security polices like password complexity, trust configuration etc. MS Active Directory Service is the most popular example for a directory service.
The Directory Services allow access to resources after authentication and authorization of the credentials of the identifier. In authentication the credentials of the identifier are validated, and in authorization, it is ensured that the identifier has legitimate right to access the resource or to perform a particular action.

What are the challenges faced by I&AM technologies?

Before adopting I&AM technologies, organizations should have an idea about the key challenges faced by them. Hera are a few:

  1. Extremely complex IT environment

IT environment of organizations are extremely complex. Most of the organizations work from many different geographical locations, operate from many different time zones, own braches and operational centers in different countries and regions, are divided into many departments and business divisions, and go for merger and acquisition quite often. So the IT environment they own is as complex as the organization itself. Also, they are used by users of different types—employees, clients, contractors, customers, business partners etc. They work in complex computer networks and BYOD devices using sophisticated technologies. So an Identity and Access Management System need to be competent enough to meet to the requirements of such a complex environment.

  1. Need to enforce access management policies of the organization

I&AM technologies should be well-designed, and effective enough to safeguard the security interests of the organization. It should be able to implement the access management policies of the organization in a foolproof way. While providing access, it should strictly control when and to what extend the resources can be accessed, depending on who is accessing.

  1. Need for simple and effective access to business resources

An Identify and Access Management System need to be simple—simple even from the view a non-technical end user. Simplicity of the tool helps in increasing the productivity of the end user and improving the efficiency of the business process.

  1. Cost considerations

Identity and Access Management comes at a price. But organizations want it to be as cheap as possible. Also they wants to improve productivity with the help of it. An automated Identify and Access Management system can save the productive hours of the IT team and the employees by minimizing the human effort. A quick logon and authentication and password reset mechanism can reduce number of calls to IT helps desks and also employee waiting time. Additionally, a good I&AM should be able to check the duplicate identity data so as to reduce costs. In short, the Total Cost of Ownership (TCO) needs to be as less as possible.

  1. Security concerns

Organizations need to protect business resources form unauthorized accesses and misuses. The possible threats can be external or internal. To meet the security requirements, an I&AM system should be able to provide effective access controls. Enforcement of account policy, effective handling of stale or inactive accounts, secure mechanism for data transfer, an authentication mechanism supported by strong technologies, robust directory services, flexible authorization mechanisms, entitlement management and provisioning facilities, powerful identity life-cycle management and group membership management features, reduced attack surface, and password policy implementation features are expected in an I&AM technology.

  1. Requirement for flexibility

Mergers and acquisitions, which are very common now, poses unique challenges to organizations. After such events, the organization needs to ensure swift access its resources through a consolidated I&AM system. An I&AM system that need to be very flexible in situations like merger and acquisitions.

  1. Regulatory compliances

No organization can be casual about regulatory compliances. Failing to meet compliances may lead to legal and financial issues. I&AM system actions, especially provisioning, need to be auditable. I&AM technologies need to support the organization to meet the regulatory compliances.

Summary

Identity and Access Management refers to an automated system that that secures the technological resources of the organization by implementing its security policies. Apart from ensuring information security, it help organizations to improve the efficiency of the business process, and to improve productivity.
 
Rupesh Kumar is managing director of Lepide Software 

FacebookTweetLinkedIn
ShareTweet
Previous Post

App Store hit by Malware Attack in China

Next Post

Outcry prompts India encryption shift

Recent News

Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information