ID management 101: A primer for IT



Mobile identity management best practices

IT admins need identity management tools to ensure network users are who they say they are. This applies to mobile users on an enterprise WLAN and the wired network itself.

Identity management is essential to authentication, encryption and user activity policy.

Mobile identity management is the natural evolution of what's historically been called AAA: authentication, authorization and accounting, three of the core components of any effective IT security strategy.

Recent years have seen a broad range of new identity and access management products and services introduced, driven in large part by the wireless LAN industry. This is perhaps to be expected; after all, Wi-Fi has become the primary or default network access for almost everyone today, and smartphones and tablets don't provide any mechanisms to connect to wired networks.

But identity management isn't just about wireless networking. The most important thing to remember when it comes to mobile identity management best practices is that the technology needs to be deployed across the entire network, no matter how a user connects.

Using multiple mobile identity management tools is a bad idea, because cost and complexity can quickly spiral out of control.

More identity management best practices to keep in mind

Identity management needs to be deployed and enforced across the entire network, no matter how a user connects.

Two-factor authentication: Because it's impossible to guarantee absolute security, each identity management element must be as reliable as possible. Mobile identity management systems that make use of the "something you have plus something you know" ethic of two-factor authentication have a major advantage. The second factor might use a specific device, biometrics, hardware token or other element.

Directory services integration: Minimizing the number of security databases involved in any organizational security strategy is essential in avoiding potential conflicts and synchronization issues that can be crippling and difficult to resolve. Securing directories and other databases therefore requires additional attention.

Audits and alerts: Any identity management tool must provide integral audit and alert mechanisms. The range of personnel who have access to identity management consoles should be limited to a small number of background-checked and highly-trusted individuals. IT must log all actions, and alert the appropriate management staff to any significant changes.

As always, admins should be sure their security policies and related end-user agreements are up to date before proceeding with mobile identity management. There's little point in putting in place a core element of an organizational security strategy that's not in concert with, and reinforcing of, overall organizational policies, procedures and objectives.

Next Steps

Okta, Box expand partnership to include mobile identity management

How cloud identity management can ease authentication blues

Quiz: Test your cloud identity management know-how

Dig Deeper on EMM tools | Enterprise mobility management technology