Using Identity Access Management

Despite the real work of many cyber security professionals to update and secure their company’s IT systems, if access is not managed correctly, hackers will gain entry giving rise to expensive data breaches.  Identity & Access Management (IAM) has become a key element of modern cyber security strategy and tactics. And so controlling the use of administrative passwords is key to security. 
 
Identity Management (IdM), which is also known as Identity and Access Management (IAM), denotes a structure of policies and technologies with the intention of safeguarding that the correct people within an organisation have the correct access to right technology and systems. 
 
Identity management (IdM) authenticates the identity of a user, and information that describes information and actions they are authorised to access and/or perform. 
 
It also includes the management of descriptive information about the user and how and by whom that information can be accessed and modified. Managed entities typically include users, hardware and network resources and even applications.
Also called identity management (IDM), IAM systems fall under the overarching umbrella of IT security. Identity and access management systems not only identify, authenticate and authorise individuals who will be utilising IT resources, but also the hardware and applications employees need to access. 
 
Identity and Access Management solutions have become more prevalent and critical in recent years as regulatory compliance requirements have become increasingly more rigorous and complex. It is used in computer security, the security and business discipline that "enables the right individuals to access the right resources at the right times and for the right reasons". It addresses the need to ensure appropriate access to resources across increasingly heterogeneous technology environments and to meet increasingly rigorous compliance requirements.
 
How Blockchain Can Solve Identity Management Problems
The truth of the popular statement "everyone is online now" gets more grounded with each day that passes. Daily, millions of people come online to carry out different activities ranging from researching an academic topic, to shopping for new items, to dropping comments on social media platforms and even carrying out different financial transactions. The more transactions an individual carries out online, the more digital footprints they leave behind.
 
Identity and access management (IAM) is one area in which various attempts have been made to harness blockchain technology. A blockchain-based identity management platform, for example, is using its mobile application to tackle identity theft and fraudulent activity on credit reports. Users select the information that they wish to share, submitting and verifying their personal details which are then locked and encrypted.
 
Problems of Current Identity Management Systems
Most online transactions require that individuals disclose specific personal information before they can proceed to access services. For instance, before financial transactions can be carried out on platforms such as Amazon Pay, PayPal and Google Wallet, among others, users are always required to input their sign up/login details, i.e., financial and personal details. 
Thus, every time an individual discloses this information, it gets stored on numerous internet databases. As such, digital clones of one and the same individual spring into existence across these different platforms. 
 
This also exposes a lot of security issues. Thus, as evidenced by the Equifax hack, gaining access to a major database exposes all the personal information of users and exemplifies the high vulnerability of the current system.
 
Most systems in place rely heavily on obtaining individual data without the knowledge of the owner, and third parties can, in turn, gain access to this data without the subject's knowledge. Further, information contained on these online databases can be shared with third parties without the subject’s consent. Although this may sometimes be done in the interest or service of the subject, such as for recommending related goods and services the subject can try out, it doesn’t change the fact that the consent of the individual wasn’t obtained and control is left in the hands of those who own the database. 
 
This leaves the subject with little or no choice in deciding whether or not they want their data shared with other parties.
There are, however, some challenges and restrictions in terms of blockchain’s role within IAM. Digital identity is, of course, closely linked with issues of privacy and data protection, particularly following the introduction of stricter data protection regulations such as GDPR
 
Yet privacy is in some ways at odds with the notion of an immutable ledger distributed to a significant number of parties.
As such, for blockchain to be of genuine value in the IAM space, a consensus has built that identities and private information should not be stored on public blockchain networks. Rather, only individuals’ unique cryptographic identifiers should be stored and referenced.
 
The security of the blockchain network is another challenging obstacle. Distributed security is generally far more difficult to achieve than centralised security, simply because of the broader attack surface. As such, cryptographic key security is a foundational element of the blockchain concept. 
 
This means that protecting the keys which allow access to the ledger and blockchain applications is paramount for blockchain solutions as a whole to be secure. 
 
Protection means not only securing keys as robustly as possible, but also the recovery of lost private keys without introducing an escrow agent. Such a third party would void the disintermediation concept of the blockchain.
All of these security concerns, then, need to be solved before concepts such as Self Sovereign Identity using blockchain can become genuinely mainstream.
 
The Role of Biometrics in IAM
Biometric data plays a very important role in modern authentication systems. Static biometrics, such as a fingerprint or facial scan, provides a secure form of authentication that is easier for users than memorizing a password. In a study by IBM, 87% of respondents said they felt comfortable using biometric authentication today or that they would feel comfortable using it in the near future. In the same study, static biometrics were ranked as more secure than either password or PIN authentication. 
While static biometric data can be copied, it is significantly harder to copy than other forms of authentication.
 
However, static biometrics presents two challenges. Although fingerprints are harder to copy than passwords, they can be copied and used to fool even the most advanced sensors. Moreover, PII and data stored online are vulnerable to fraud via identity/credential theft or account take over. Second, a static biometric scan still introduces friction to the user experience. 
 
A fingerprint or facial scan might be significantly faster than entering a password or PIN, but it still requires the user to stop their current activity and wait for the authentication process to complete. For systems that require multiple forms of authentication (known as multi-factor authentication, or MFA), each factor adds a new hurdle for users to jump over.
 
For IAM solutions to provide an optimal user experience, they need to be able to continuously authenticate users. The only time the authentication process should present itself to a user is if an error occurs, or if stronger authentication is required. 
This process is known as silent security since it only becomes apparent to the user when it detects a problem. Static biometrics will not work for silent security since they require direct input from users, but behavioral biometrics are much better suited.
 
The Future of Biometric Security in IAM
Successful IAM implementations require strong authentication. Behavioral biometrics allows organisations to offer a more positive authentication experience for their customers while offering greater security than traditional forms of authentication. 
As more organisations implement strong authentication measures as part of their digital transformation, behavioral biometrics and advancing biometric security will continue playing a greater role, in demonstrating the impact of boosting authentication with biometrics, to make fraud prevention at once secure, reliable, and user-friendly.
 
It can be difficult for a company to start using cloud Identity and Access Management solutions because they don’t directly increase profitability, and it is hard for a company to cede control over infrastructure. However, there are several perks that make using an IAM solution very valuable, such as the following:
 
• The ability to spend less on enterprise security by relying on the centralized trust model to deal with Identity Management across third-party and own applications.
• It enables your users to work from any location and any device.
• You can give them access to all your applications using just one set of credentials through Single Sign-On.
• You can protect your sensitive data and apps: Add extra layers of security to your mission-critical apps using Multifactor Authentication.
• It helps maintain compliance of processes and procedures. A typical problem is that permissions are granted based on employees’ needs and tasks, and not revoked when they are no longer necessary, thus creating users with lots of unnecessary privileges.
 
How does privileged access management fit into IAM?
Privileged access management (PAM) consists of the cybersecurity strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment. 
By dialing in the appropriate level of privileged access controls, PAM helps organisations condense their organisation’s attack surface, and prevent, or at least mitigate, the damage arising from external attacks as well as from insider malfeasance or negligence.
 
While privilege management encompasses many strategies, a central goal is the enforcement of least privilege, defined as the restriction of access rights and permissions for users, accounts, applications, systems, devices (such as IoT) and computing processes to the absolute minimum necessary to perform routine, authorised activities.
 
Wikipedia:                       Security Intelligence
 
You Might Also Read: 
 
Identity Management Fundamentals:
 
« Mossad Needs Cyber Experts
A Microphchip That Can Stop Cyber Attacks »

Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SecuPedia

SecuPedia

SecuPedia is a wiki-type platform that collects and provides the entire knowledge of security and IT security.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

OSIRIS Lab - NYU Tandon

OSIRIS Lab - NYU Tandon

The Offensive Security, Incident Response & Internet Security Lab (OSIRIS) is a security research environment where students analyze and understand how attackers take advantage of real systems.

Invensis Learning

Invensis Learning

Invensis Learning is a professional training and certification company providing IT Service Management, IT Security & Governance, DevOps, Cloud Computing and Digital Awareness training.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

101 Blockchains

101 Blockchains

101 Blockchains is a professional and trusted provider of enterprise blockchain research and training.

Olympus Sky

Olympus Sky

Olympus Sky has created a complete security system that is specifically designed to meet the challenges of IoT, including all of the deficiencies currently challenging Public Key Infrastructure.