Authorized employees should only use a company’s systems. But in times of the Internet and smartphones, the identities of these authorized persons must be handled just as flexibly as their access to the designs.
Business leaders love the idea that their IT systems are secured like Fort Knox. This is seldom the case in reality. Access management may be physically regulated with keycards and passwords, but what happens if an unauthorized person disguises himself by assuming a different identity? Cases at the file backup service Dropbox, Wired-Magazine, and others have shown that identities can be stolen and misused to access systems and information.
Identity And Access Management (IAM): Security For Access Data
Suppose a company wants to ensure that access data – the entry ticket, so to speak – is not forged or intercepted. In that case, it has to come up with something to secure both the identity, access, and verification. Solutions that perform these main tasks are called Identity and Access Management, or IAM for short.
“encompasses all aspects of managing and storing such identities. There is also the larger area of access management, i.e., the question of who is allowed to access what and how that is controlled.” Social media, access via mobile devices, and logging into cloud applications currently play an essential role for IAM.
As a rule, the users of the company’s IT are registered in a directory (literally: directory) and are managed there. The most common directory is Active Directory (AD) from Microsoft. The system administrator assigns roles and corresponding access rights to the users. For example, the cleaning staff doesn’t need to know how much the board earns. It gets tricky when a user changes departments. He is then assigned a different role, i.e., a different digital identity, which includes more or fewer rights.
Before Introducing An IAM System, “Role Mining” Is Recommended
Companies should “role-mine” before introducing an IAM system, sales manager for security solutions at CA Technologies to be on the safe side. “Role mining determines the current status in the directory.” There are numerous solutions to achieve the desired target status. But no one suits every company. “One should understand that authentication, i.e., the identity check, has to be adequate for the risk of information or transactions and therefore quite variable.”
To ensure that logging into an IT system, including in the cloud, is as quick as possible, directories such as that from Microsoft offer the function of “single sign-on” (SSO). The employee logs in once and – according to his role – is activated for all applications and systems relevant to him. But what has to happen if the user is a mobile employee who is constantly on the move? The system administrator also has to manage via SSO. This works best in new cloud services that collect identities and access.
CA Technologies: Contextual IAM Protects Against Former Employees
Cyberark from CA Technologies, for example, manages the access of system administrators so that they cannot act on their initiative. That is Identity Management and “Authentication as a Service.” In this way, the degree of strength of an identity check can also be varied. “Two-factor Authentication”: In addition to the usual password, the system sends the user an SMS containing a second password on the mobile phone. Must also enter this to gain access.
CA relies on context-sensitive IAM. The purpose of this is to secure identities, access rights, and additional information. Not every employee who has extensive access rights should be able to automatically access and forward any news. Some employees who have been terminated have provided themselves with valuable documents before leaving for the competition and obtained a golden ticket from the rival. Fired ex-employees can also be prevented from carrying out sabotage to take revenge on their ex-employer.
