Ease of Use is the Key to Successful Identity Access Management Summary: Success with IAM (Identity Access Management) Relies Heavily on Convenience By: Frank J. Ohlhorst Determining a user’s Identity is one of the core concepts of enterprise security.
By: Frank J. Ohlhorst
Determining a user’s Identity is one of the core concepts of enterprise security. However, identities can be falsified and compromised, leading to potential system breaches. In an effort to reduce the possibility of cyber criminals using falsified credentials, many InfoSec managers have turned to complex security policies to help keep credentials secured. Yet, complexity is often the enemy of the end user, driving them to keep the help desk on speed dial at best, or attempting to finds ways to subvert the rules at worse.
Take for example password policies where end users are forced to use very complex passwords that have to meet several criteria, such as a mixture of letters, numbers, and special characters. End users will grudgingly adhere to those policies, yet will also subvert the reason for the policies in the first place by storing passwords on post it notes, send them via emails, or write them down somewhere else. A problem that only gets worse as more requirements are added and more logons are needed for multiple systems.
Enterprises have tried to counter those issues with technologies such as single sign on (SSO), multi-factor authentication (MFA), and Identity Access Management (IAM) systems, all with varying levels of success. When those systems fail to stem the tide of identity related problems, that failure can usually be attributed to a lack of convenience for both the end user and the administrator.
As the acronym implies, IAM is all about managing access based upon identity. In other words, access should only be granted once the user’s identity is fully confirmed. That means using an approach that requires more than just usernames and passwords to vet a user. After all, basic authentication challenges that only require a username and password can be easily compromised. That is where IAM is supposed to come into the picture, by providing a methodology to make it easier for administrators to manage users, their access rights, and their credentials. However, if that management burden is shifted to the end user, problems are sure to arise.
In today’s connected environments, access and convenience must go hand in hand. It has to be easy for administrators to provision and manage users and it must be easy for legitimate end users to access the systems they need to perform their duties. That can be accomplished by adopting platforms that integrate technologies, such as MFA and SSO, into logon process, bringing convenience to the end user. For example, MFA can still rely on less complex logons and passwords, because another layer of protection is added in the form of a digitally created code. In other words, the end user need only remember their basic credentials and then use their smartphone or a key fob to get that unique digitally created code, thus better securing their interactions with a system, while limiting complexity. What’s more, SSO can then be used to log the end user onto all of their approved systems, eliminating the need to constantly logon and logoff of each system they need to access. Simply put, combining IAM with MFA and SSO will reduce the number of calls to the end user help desk, while also introducing better security that is easier to understand and educate the end user on.
The other side of the equation comes down to deployment of the technology, where IAM, MFA, and SSO should prove to be easy to integrate and operate under a common platform. That should significantly reduce the administrative burden of deploying convenient access technologies across large organizations.
For more information, such as white papers, case studies, and how-to guides on IAM, MFA, and cloud-based security, please visit the resources provided by AuthAnvil at https://authanvil.com/resources