Using Identity Access Management

Despite the real work of many cyber security professionals to update and secure their company’s IT systems, if access is not managed correctly, hackers will gain entry giving rise to expensive data breaches.  Identity & Access Management (IAM) has become a key element of modern cyber security strategy and tactics. And so controlling the use of administrative passwords is key to security. 
 
Identity Management (IdM), which is also known as Identity and Access Management (IAM), denotes a structure of policies and technologies with the intention of safeguarding that the correct people within an organisation have the correct access to right technology and systems. 
 
Identity management (IdM) authenticates the identity of a user, and information that describes information and actions they are authorised to access and/or perform. 
 
It also includes the management of descriptive information about the user and how and by whom that information can be accessed and modified. Managed entities typically include users, hardware and network resources and even applications.
Also called identity management (IDM), IAM systems fall under the overarching umbrella of IT security. Identity and access management systems not only identify, authenticate and authorise individuals who will be utilising IT resources, but also the hardware and applications employees need to access. 
 
Identity and Access Management solutions have become more prevalent and critical in recent years as regulatory compliance requirements have become increasingly more rigorous and complex. It is used in computer security, the security and business discipline that "enables the right individuals to access the right resources at the right times and for the right reasons". It addresses the need to ensure appropriate access to resources across increasingly heterogeneous technology environments and to meet increasingly rigorous compliance requirements.
 
How Blockchain Can Solve Identity Management Problems
The truth of the popular statement "everyone is online now" gets more grounded with each day that passes. Daily, millions of people come online to carry out different activities ranging from researching an academic topic, to shopping for new items, to dropping comments on social media platforms and even carrying out different financial transactions. The more transactions an individual carries out online, the more digital footprints they leave behind.
 
Identity and access management (IAM) is one area in which various attempts have been made to harness blockchain technology. A blockchain-based identity management platform, for example, is using its mobile application to tackle identity theft and fraudulent activity on credit reports. Users select the information that they wish to share, submitting and verifying their personal details which are then locked and encrypted.
 
Problems of Current Identity Management Systems
Most online transactions require that individuals disclose specific personal information before they can proceed to access services. For instance, before financial transactions can be carried out on platforms such as Amazon Pay, PayPal and Google Wallet, among others, users are always required to input their sign up/login details, i.e., financial and personal details. 
Thus, every time an individual discloses this information, it gets stored on numerous internet databases. As such, digital clones of one and the same individual spring into existence across these different platforms. 
 
This also exposes a lot of security issues. Thus, as evidenced by the Equifax hack, gaining access to a major database exposes all the personal information of users and exemplifies the high vulnerability of the current system.
 
Most systems in place rely heavily on obtaining individual data without the knowledge of the owner, and third parties can, in turn, gain access to this data without the subject's knowledge. Further, information contained on these online databases can be shared with third parties without the subject’s consent. Although this may sometimes be done in the interest or service of the subject, such as for recommending related goods and services the subject can try out, it doesn’t change the fact that the consent of the individual wasn’t obtained and control is left in the hands of those who own the database. 
 
This leaves the subject with little or no choice in deciding whether or not they want their data shared with other parties.
There are, however, some challenges and restrictions in terms of blockchain’s role within IAM. Digital identity is, of course, closely linked with issues of privacy and data protection, particularly following the introduction of stricter data protection regulations such as GDPR
 
Yet privacy is in some ways at odds with the notion of an immutable ledger distributed to a significant number of parties.
As such, for blockchain to be of genuine value in the IAM space, a consensus has built that identities and private information should not be stored on public blockchain networks. Rather, only individuals’ unique cryptographic identifiers should be stored and referenced.
 
The security of the blockchain network is another challenging obstacle. Distributed security is generally far more difficult to achieve than centralised security, simply because of the broader attack surface. As such, cryptographic key security is a foundational element of the blockchain concept. 
 
This means that protecting the keys which allow access to the ledger and blockchain applications is paramount for blockchain solutions as a whole to be secure. 
 
Protection means not only securing keys as robustly as possible, but also the recovery of lost private keys without introducing an escrow agent. Such a third party would void the disintermediation concept of the blockchain.
All of these security concerns, then, need to be solved before concepts such as Self Sovereign Identity using blockchain can become genuinely mainstream.
 
The Role of Biometrics in IAM
Biometric data plays a very important role in modern authentication systems. Static biometrics, such as a fingerprint or facial scan, provides a secure form of authentication that is easier for users than memorizing a password. In a study by IBM, 87% of respondents said they felt comfortable using biometric authentication today or that they would feel comfortable using it in the near future. In the same study, static biometrics were ranked as more secure than either password or PIN authentication. 
While static biometric data can be copied, it is significantly harder to copy than other forms of authentication.
 
However, static biometrics presents two challenges. Although fingerprints are harder to copy than passwords, they can be copied and used to fool even the most advanced sensors. Moreover, PII and data stored online are vulnerable to fraud via identity/credential theft or account take over. Second, a static biometric scan still introduces friction to the user experience. 
 
A fingerprint or facial scan might be significantly faster than entering a password or PIN, but it still requires the user to stop their current activity and wait for the authentication process to complete. For systems that require multiple forms of authentication (known as multi-factor authentication, or MFA), each factor adds a new hurdle for users to jump over.
 
For IAM solutions to provide an optimal user experience, they need to be able to continuously authenticate users. The only time the authentication process should present itself to a user is if an error occurs, or if stronger authentication is required. 
This process is known as silent security since it only becomes apparent to the user when it detects a problem. Static biometrics will not work for silent security since they require direct input from users, but behavioral biometrics are much better suited.
 
The Future of Biometric Security in IAM
Successful IAM implementations require strong authentication. Behavioral biometrics allows organisations to offer a more positive authentication experience for their customers while offering greater security than traditional forms of authentication. 
As more organisations implement strong authentication measures as part of their digital transformation, behavioral biometrics and advancing biometric security will continue playing a greater role, in demonstrating the impact of boosting authentication with biometrics, to make fraud prevention at once secure, reliable, and user-friendly.
 
It can be difficult for a company to start using cloud Identity and Access Management solutions because they don’t directly increase profitability, and it is hard for a company to cede control over infrastructure. However, there are several perks that make using an IAM solution very valuable, such as the following:
 
• The ability to spend less on enterprise security by relying on the centralized trust model to deal with Identity Management across third-party and own applications.
• It enables your users to work from any location and any device.
• You can give them access to all your applications using just one set of credentials through Single Sign-On.
• You can protect your sensitive data and apps: Add extra layers of security to your mission-critical apps using Multifactor Authentication.
• It helps maintain compliance of processes and procedures. A typical problem is that permissions are granted based on employees’ needs and tasks, and not revoked when they are no longer necessary, thus creating users with lots of unnecessary privileges.
 
How does privileged access management fit into IAM?
Privileged access management (PAM) consists of the cybersecurity strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment. 
By dialing in the appropriate level of privileged access controls, PAM helps organisations condense their organisation’s attack surface, and prevent, or at least mitigate, the damage arising from external attacks as well as from insider malfeasance or negligence.
 
While privilege management encompasses many strategies, a central goal is the enforcement of least privilege, defined as the restriction of access rights and permissions for users, accounts, applications, systems, devices (such as IoT) and computing processes to the absolute minimum necessary to perform routine, authorised activities.
 
Wikipedia:                       Security Intelligence
 
You Might Also Read: 
 
Identity Management Fundamentals:
 
« Mossad Needs Cyber Experts
A Microphchip That Can Stop Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Institute for National Security and Counterterrorism (INSCT)

Institute for National Security and Counterterrorism (INSCT)

INSCT is a center for the study of national security, international security, and counterterrorism. Research programs include New Frontiers in Science, Cyber, & Technology

Smart Payment Association (SPA)

Smart Payment Association (SPA)

Smart Payment Association (SPA) is the trade body of the smart payments industry.

Bedrock Automation

Bedrock Automation

Bedrock Automation provides the world’s most powerful, scalable and cyber secure industrial control system (ICS).

IT Security House

IT Security House

IT Security House is a leading European supplier of Cyber Security Intelligence and eCrime services.

Netpay International

Netpay International

Netpay's innovative technology ensures your business can provide secure, innovative payments solutions to all your e-commerce transactions.

Carson & SAINT

Carson & SAINT

Carson & SAINT is an award-winning consulting firm with deep experience in cybersecurity technology, software, and management consulting.

Arete

Arete

Arete is a global cyber risk company whose mission is to transform the way organizations prepare for, respond to, and prevent cybercrime.

Pipeline Security

Pipeline Security

Pipeline Security protects businesses with real-time threat data, threat detection & prevention, continuous cyber security monitoring and security analytics.

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

TryHackMe

TryHackMe

TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers.

Telefonica Global Solutions (TGS)

Telefonica Global Solutions (TGS)

Telefonica Global Solutions is the technological partner of wholesalers and enterprises, helping them to achieve the digitalization they need.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Security BSides Cayman Islands

Security BSides Cayman Islands

Security BSides is a non-profit, community-driven event built for and by information security community members. Our aim is to help build an Information Security community in the Cayman Islands.

McAfee

McAfee

McAfee is a worldwide leader in online protection. We’re focused on protecting people, not devices. Our solutions adapt to our customers’ needs and empower them to confidently experience life online.