An Introduction To Identity Access Management

Identity Access Management

An Introduction To Identity Access Management

 

Data breaches come in many forms, and today’s organisations need to govern and enforce user access to prevent data loss. It’s an issue that causes an abundance of data leaks due to the lack of safeguarding valuable data with context-based access control. This is where identity access management can support a reliable data protection policy.

Identity Access Management is a framework for business processes that facilitates the management of digital identities.  The technology enables businesses to essentially close any loopholes in their online security.

Identity Access Management technology can be used to initiate, capture and record user identities and their access permissions. It makes sure that only the right people have access to certain streams of information. IAM solutions use integrated identity information to create, modify, and retire identities and control their access while also ensuring passwords are effective and secure.

The Known Threat

Look around your office. It’s likely that 99.9% of the people you work with are trustworthy, hardworking and intelligent individuals. However, emotion always causes risk. The things to consider are: 1 – The guy you fired but forgot to disable his remote access, 2 – Espionage/Financial Gain, 3 – Grudge & 4 – Ideology (Think, Edward Snowden). When you apply strong emotion and any of the points above to ANY individual, a risk has been created. In addition to this, there also needs to be a consideration for stolen user credentials. So, how do you manage this kind of risk?

First of all, CONTROL user access. You must look at what users need to have access to and then centralise their access: Single Sign-On, Multi Factor Authentication, AD Bridging, AD Auditing, User provisioning & Managing Privileged Accounts. Prevention is better than cure and these elements help to protect your environment from the risk of malicious users. However, it’s widely accepted and feared that despite everything you do to protect yourself from an attack, there are always other ways to be exploited. Therefore, utilisation of tools such as user & entity behaviour analytics can ensure that whenever & wherever an anomaly is detected, you have the ability to respond at the earliest possible point with the information necessary to fully understand and remediate the threat. Constantly MONITOR your users to detect anomalies.

The Unknown Threat

Standard identity and access management solutions that control user access typically do not encompass SSH key based access to systems and accounts. This is a serious issue because most large enterprises use Secure Shell (SSH) to provide secure authentication and confidentiality for many business critical functions such as automated backups, day-to-day file transfers and interactive user access for systems administration. However, most organisations leave the process of generating, configuring and deploying the SSH public and private keys that enable these functions in the hands of end users. Over time, this results in uncontrolled proliferation of authentication keys. Security managers lose visibility and control over who has access to what servers and whether previously granted access rights should be revoked. It becomes nearly impossible to map the trust relationships between individual users, system accounts and application IDs with their respective destination servers.

Similarly, Privileged users need access to critical systems, devices and data to do their jobs. Their activities are secured by protocols such as Secure Shell (SSH), Remote Desktop Protocol (RDP) and Secure Socket Layer (SSL). Shared accounts and encrypted communications make it difficult to know which privileged user is doing what, where and when, especially in today’s virtual office environment and outsourced IT administration set-ups. There has to be accountability and true visibility, while enabling efficient working practices. Every session and command must be traced to an individual and individuals should not have more access than they need to do their jobs. Finally, malicious activity must be stopped in real time. These are not just “nice to have” capabilities. Lack of accountability, control and real-time response expose your organisation to costly data breach, denial of service and compliance failures. So my final point is this, ensure you have tools in place to MONITOR and RECORD encrypted sessions.