BACKGROUND IMAGE: Neyro/Fotolia

E-Handbook:

ID management 101: A primer for IT

Manage Learn to apply best practices and optimize your operations.

Crack the code on identity management system options

As mobile security threats arise, the need for identity management systems becomes more and more crucial. The right tools help IT protect company data and users alike.

In a world of hackers and malicious actors, identity management has quickly become a crucial part of any mobile security strategy.

IT administrators are always looking for security measures that enhance effectiveness, lower costs and are easy to understand and administer, but won't get in the way of the users who must apply them on a day-to-day basis. Mobile security is one area where even a single, simple mistake can be disastrous, so IT should take the utmost care when evaluating and selecting an identity management system.

The 'triple A' of security

Most companywide mobile security strategies can fall under the acronym AAA: authentication, authorization and accounting.

Authentication determines and verifies identity for both parties to a given communication. It is ideally two-factor, requiring the user to enter "something they have plus something they know."

Authorization defines the set of allowed functions and activities for a given authenticated user -- for example, what apps they can use, what files they can access and what activities are expressly prohibited for them.

Accounting is the record-keeping of what happened and when, producing logs suitable for admins to analyze authorized access and detect attempts at unauthorized access.

AAA is a great model for security -- just add encryption of sensitive information while at rest -- on a server or client device or in transit across a network. With this model, IT should be able to easily address most security requirements.

The next step for mobile security

Mobility introduces a much broader set of opportunities, possibilities and potential security challenges. This is where access and identity management (ID management) takes over. An ID management system also enables the specification of authentication and authorization for a given user, location, device, period of time, time of day and more.

Wireless LAN vendors, network equipment vendors and a number of third-party providers all offer ID management systems. The field is relatively new and continues to evolve. Early adopters should therefore take caution and consider the scope and range of any identity management system, and evaluate how the provisioned services, capabilities and implementations fit with current and planned network strategies and operations.

How ID management systems work

The essence of ID management involves authenticating a given user with a given device and assorted credentials and then specifying what privileges they may have.

For example, an Apple iPad user in the engineering department from 8 a.m. to 5 p.m. each weekday might have access to a given set of network resources and, at other times, a different set of privileges or even no access whatsoever. That same user, with an unauthorized iPhone, might have no access, although ID management systems can enable multiple devices per user.

Management and reporting functionality and detailed logs are requirements for any effective ID system.

Users might be logged out after their period of access expires, if they physically move to a location where they have no access or after a given period of connectivity expires.

Many ID management systems feature self-service onboarding and provisioning, which enable already-authorized users to register new devices and change passwords. Also key is integration with existing directory services such as Lightweight Directory Access Protocol and Microsoft Active Directory.

Much of the information IT needs to authenticate a user is already present in these access repositories. Having a single point of residence for this data eliminates redundancy, out-of-sync conditions and related post-installation problems. It's also possible for admins to define and specify varying degrees of granular control, from individual users to groups. IT might define groups according to organizational role -- corporate management, engineering, marketing, customers, guests and contractors, etc. -- or by employees working together on a specific project.

Other considerations

Users can even have more than one identity with different privileges for each. Although in that case, auditing and management workloads could increase. Regardless, management and reporting functionality and detailed logs are requirements for any effective ID system, along with alerts of any unusual activity.

Additional functionalities to consider include the following:

Certificate management: ID management systems provide an ideal location for IT to ensure that only the right users have access to the corporate network.

Unified and federated access: This involves the sharing of credentials with other entities, often referred to as single sign-on (SSO). SSO can make logging in much easier, but IT must take care to guard against inadvertent errors that could compromise user credentials.

Cloud implementations: IT can provision many ID management systems as cloud-based services and make installation, growth and scaling easier. Such an approach converts what might otherwise be a capital expense into an operating expense.

Extensibility: Finally, it's important to consider that security is and likely always will remain an evolving set of challenges and responses. It's therefore vital that ID management be extensible, with the ability to add new protocols and perhaps entirely new strategies over time, without having to overhaul an operational ID management system.

Identity and access management should be the backbone of any contemporary policy-based security implementation, providing IT an easy-to-use framework with the features and flexibility to live and grow with over the long haul.

Next Steps

Find answers to your mobile ID management questions

Beat authentication blues with cloud ID management

How ID management systems combat cyberthreats

This was last published in May 2017

Dig Deeper on Enterprise mobile security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How could your company benefit from an identity management product?
Cancel
One of the problems we experience is with Banks - whose low level employees know less than the customer E.G. Barclays and HSBC. As a result of their failures due to restrictions placed upon them by their superiors - they get frustrated and abused through no fault of their own - only unemployable employers. There are no proper procedures in place and these luckless wonders have to work with clients - who have already forged the notion This Bank Does Not Care  - and they are right !
Cancel
Before you can ensure the right people have the right access to the right data, you need to ensure your people are right. The Citadel Group has just released its first Identity-as-a-Service solution which provides a trusted, single sign-on that integrates with all systems, and is within a certified PROTECTED environment in Australia. Let me know if you would like further information on the product.
Cancel

-ADS BY GOOGLE

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close