ID management 101: A primer for IT

James Thew - Fotolia

Manage Learn to apply best practices and optimize your operations.

Crack the code on mobile identity management systems

As mobile security threats arise, the need for identity management systems becomes more and more crucial. The right tools help IT protect company data and users alike.

In a world of hackers and malicious actors, mobile identity management has quickly become a crucial part of any security strategy.

IT administrators are always looking for security measures that enhance effectiveness, lower costs and are easy to understand and administer, but that don't get in the way of the users who must apply them on a day-to-day basis. Mobile security is one area where even a single, simple mistake can be disastrous, so IT should take the utmost care when evaluating and selecting identity management systems.

The 'triple A' of  mobile security

Most organization-wide mobile security strategies can fall under the acronym AAA: authentication, authorization and accounting.

Authentication determines and verifies identity for both parties to a given communication, and is ideally two-factor, requiring the user to enter "something they have plus something they know."

Authorization defines the set of allowed functions and activities for a given authenticated user; for example, what apps they can use, what files they can access and what activities are expressly prohibited for them.

Accounting is the record-keeping of what happened and when, producing logs suitable for admins to analyze authorized access and detect attempts at unauthorized access.

AAA is a great model for security -- just add encryption of sensitive information while at rest -- on a server or client device or in transit across a network. With this model, IT should be able to easily address most security requirements.

The next step for mobile security

Mobility introduces a much broader set of opportunities, possibilities and potential security challenges. This is where access and identity management (ID management) takes over. Mobile identity management systems also enable the specification of authentication and authorization for a given user, location, device, period of time, time of day and more.

Wireless LAN vendors, network equipment vendors and a number of third-party providers all offer ID management systems. The field is relatively new and continues to evolve. Early adopters should therefore take caution and consider the scope and range of any ID management system, and evaluate how the provisioned services, capabilities and implementations fit with current and planned network strategies and operations.

How mobile identity management systems work

The essence of ID management involves authenticating a given user with a given device and assorted credentials, and then specifying what privileges they may have.

For example, an Apple iPad user in the engineering department from 8 a.m. to 5 p.m. each weekday might have access to a given set of network resources, and, at other times, a different set of privileges or even no access whatsoever. That same user, with an unauthorized iPhone, might have no access, although an ID management system can enable multiple devices per user. 

Management and reporting functionality and detailed logs are requirements for any effective ID system.

Users might be logged out after their period of access expires, if they physically move to a location where they have no access or after a given period of connectivity expires.

Many identity management systems feature self-service onboarding and provisioning, which enable already-authorized users to register new devices and change passwords. Also key is integration with existing directory services such as Lightweight Directory Access Protocol and Microsoft Active Directory.

Much of the information IT needs to authenticate a user is already present in these access repositories. Having a single point of residence for this data eliminates redundancy, out-of-sync conditions and related post-installation problems. It's also possible for admins to define and specify varying degrees of granular control, from individual users to groups. IT might define groups according to organizational role (corporate management, engineering, marketing, customers, guests and contractors, etc.), or by employees working together on a specific project.

Gartner survey results on use of identity as a service

Other considerations

Users can even have more than one identity with different privileges to each, although in that case, auditing and management workloads could increase. Regardless, management and reporting functionality and detailed logs are a requirement of any effective ID management system, along with alerts of any unusual activity.

Additional functionalities to consider include:

Certificate management: Identity management systems provide an ideal location for IT to ensure that only the right users have access to the corporate network.

Unified and federated access: This involves the sharing of credentials with other entities, often referred to as single sign-on (SSO). SSO can make logging in much easier, but IT must take care to guard against inadvertent errors that could compromise user credentials.

Cloud implementations: IT can provision many identity management systems as cloud-based services and make installation, growth and scaling easier. Such an approach converts what might otherwise be a capital expense into an operating expense.

Extensibility: Finally, it's important to consider that security is and likely always will remain an evolving set of challenges and responses. It's therefore vital that mobile identity management be extensible, with the ability to add new protocols and perhaps entirely new strategies over time, without having to overhaul an operational system.

Identity and access management should be the backbone of any contemporary policy-based security implementation, providing IT an easy-to-use framework with the features and flexibility to live and grow with over the long haul.

Next Steps

Find answers to your mobile ID management questions

Beat authentication blues with cloud ID management

How ID management systems combat cyberthreats

Dig Deeper on Enterprise mobile security

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How could your company benefit from an identity management product?
One of the problems we experience is with Banks - whose low level employees know less than the customer E.G. Barclays and HSBC. As a result of their failures due to restrictions placed upon them by their superiors - they get frustrated and abused through no fault of their own - only unemployable employers. There are no proper procedures in place and these luckless wonders have to work with clients - who have already forged the notion This Bank Does Not Care  - and they are right !
Before you can ensure the right people have the right access to the right data, you need to ensure your people are right. The Citadel Group has just released its first Identity-as-a-Service solution which provides a trusted, single sign-on that integrates with all systems, and is within a certified PROTECTED environment in Australia. Let me know if you would like further information on the product.
As organisations turn to enterprise mobility to improve productivity and reduce costs, it has become more important than ever to manage user identities and access to IT resources. In today’s emerging IT environment, managing employee’s access to applications and data from multiple devices and locations, without compromising security has become a challenge for enterprises. Mobile Identity and access management solution provides answers to this problem. Benefits of MIM for business include: Improved User Experiences The need for users to remember multiple passwords to access different levels of the organization’s system is eliminated. Automatic logins using user authentication policies can ensure user security profiles. Better Security Profiles Identity management policies can restrict access to apps and content based on location, time or day. Access decisions can be automated based on identity attribute, membership or authentication method. Easier Audit and Reporting Consolidating user identities and passwords with MIM solution makes it easier for IT departments to keep track of where and how user credentials are being used. If any credential is compromised, it will be easier for IT admins to identify the compromised ID and data. Easy Access To Company System Depending on user authorisation, access to all company interconnected systems is easy and simple, regardless of where the user is located. This can be very useful for companies that do business globally and need to provide ease of access to employees, partners or even clients. Improved Productivity and Reduced IT Costs MIM can help reduce the cost of internal help desks through automated Identity access anf management policies.