BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
When it comes to identity and access management, IT must consider a variety of factors. Here's how IT pros can...
select and implement the right identity and access management (IAM) system for their organization.
Do your research
In order to choose the right IAM system, it's important to know where to host the platform. IT can implement IAM systems on premises, as a cloud service or can integrate them into an enterprise mobility management platform.
Once IT pros select a hosting location, they should determine which identity management services they need. IT should decide whether they'll use single sign-on (SSO) and then chose a user authentication method, such as multifactor authentication (MFA).
When IT pros evaluate IAM tools, they should make sure the implementation will fit. First, check the tools' compatibility with your organization's security policy and other requirements. Ensure that when it is put into full production, the IAM product will uphold the security policy. In addition, prepare to train your staff on the selected IAM product's policies and procedures.
IAM products to consider
As the market for IAM systems grows, there are more options for IT to choose from. IAM products such as Ping Identity and ForgeRock focus on authentication and attribute exchange, while Trulioo and Signicat focus on gathering identity data to help identify threats.
It's also important to consider user experience with an IAM product. For example, it can be irritating for users to have to repeatedly enter a password. IAM products, such as OAuth, aim to fix that by enabling users to log in once for all the enterprise portals.
IT pros should also look at tools that track metrics such as login history and usage. The tools should incorporate Lightweight Directory Access Protocol and Active Directory to manage and control access. Alternatively, administrators can externalize access management using a blockchain application.
Features to consider post-purchase
It is easy to buy an IAM system that fits your organization's current needs, but IT should also consider the future of the system. As new threats, partnerships and technologies form, administrators will need to consider changing password management policies, simplifying access to resources across systems and implementing new tools.
IAM systems focus on managing passwords to lower security risks. IAM tools need to be in compliance, but administrators can do more. For more granularity, IT can control authentication on an individual page and directory level or over a whole site.
Once a system authorizes users through SSO and MFA, an IT pros' job is still not done. They will need to continue to monitor for risks and change their password management policy to combat new threats. IT can further streamline identity management by automating user enrollment.
If users need to access resources outside of a single security domain, IT should consider federated identity management. This enables internal users to access external resources and external users to access internal resources.
With identity federation, users only need to authenticate once across the member domains. Federated identity also eases the issues caused by multi-domain access. Administrators still manage their own domain's level of access. When organizations decide to create an identity federation, all of the members must agree to the policies and the technologies needed to build the federation.
Artificial intelligence and biometrics are also shaping IAM products. As these technologies progress, IAM will develop with them to handle the new ways that users access technology and a greater diversity of devices and applications.
Currently, many administrators use username and password credentials to determine enterprise access. New IAM tools could use fingerprint, facial or voice recognition combined with AI features, such as keystroke analysis, location and time of day data, to determine access. You may want to use multiple tools together to increase security.