Using Identity Access Management

 

Identity Management (IdM), which is also known as Identity and Access Management (IAM), denotes a structure of policies and technologies with the intention of safeguarding that the correct people within an organisation have the correct access to right technology and systems. 

 

 

It also includes the management of descriptive information about the user and how and by whom that information can be accessed and modified. Managed entities typically include users, hardware and network resources and even applications.

Also called identity management (IDM), IAM systems fall under the overarching umbrella of IT security. Identity and access management systems not only identify, authenticate and authorise individuals who will be utilising IT resources, but also the hardware and applications employees need to access. 

 

Identity and Access Management solutions have become more prevalent and critical in recent years as regulatory compliance requirements have become increasingly more rigorous and complex. It is used in computer security, the security and business discipline that "enables the right individuals to access the right resources at the right times and for the right reasons". It addresses the need to ensure appropriate access to resources across increasingly heterogeneous technology environments and to meet increasingly rigorous compliance requirements.

 

The truth of the popular statement "everyone is online now" gets more grounded with each day that passes. Daily, millions of people come online to carry out different activities ranging from researching an academic topic, to shopping for new items, to dropping comments on social media platforms and even carrying out different financial transactions. The more transactions an individual carries out online, the more digital footprints they leave behind.

 

Identity and access management (IAM) is one area in which various attempts have been made to harness blockchain technology. A blockchain-based identity management platform, for example, is using its mobile application to tackle identity theft and fraudulent activity on credit reports. Users select the information that they wish to share, submitting and verifying their personal details which are then locked and encrypted.

 

Most online transactions require that individuals disclose specific personal information before they can proceed to access services. For instance, before financial transactions can be carried out on platforms such as Amazon Pay, PayPal and Google Wallet, among others, users are always required to input their sign up/login details, i.e., financial and personal details. 

Thus, every time an individual discloses this information, it gets stored on numerous internet databases. As such, digital clones of one and the same individual spring into existence across these different platforms. 

 

This also exposes a lot of security issues. Thus, as evidenced by the Equifax hack, gaining access to a major database exposes all the personal information of users and exemplifies the high vulnerability of the current system.

 

Most systems in place rely heavily on obtaining individual data without the knowledge of the owner, and third parties can, in turn, gain access to this data without the subject's knowledge. Further, information contained on these online databases can be shared with third parties without the subject’s consent. Although this may sometimes be done in the interest or service of the subject, such as for recommending related goods and services the subject can try out, it doesn’t change the fact that the consent of the individual wasn’t obtained and control is left in the hands of those who own the database. 

 

This leaves the subject with little or no choice in deciding whether or not they want their data shared with other parties.

There are, however, some challenges and restrictions in terms of blockchain’s role within IAM. Digital identity is, of course, closely linked with issues of privacy and data protection, particularly following the introduction of stricter data protection regulations such as GDPR. 

 

Yet privacy is in some ways at odds with the notion of an immutable ledger distributed to a significant number of parties.

As such, for blockchain to be of genuine value in the IAM space, a consensus has built that identities and private information should not be stored on public blockchain networks. Rather, only individuals’ unique cryptographic identifiers should be stored and referenced.

 

The security of the blockchain network is another challenging obstacle. Distributed security is generally far more difficult to achieve than centralised security, simply because of the broader attack surface. As such, cryptographic key security is a foundational element of the blockchain concept. 

 

 

Protection means not only securing keys as robustly as possible, but also the recovery of lost private keys without introducing an escrow agent. Such a third party would void the disintermediation concept of the blockchain.

All of these security concerns, then, need to be solved before concepts such as Self Sovereign Identity using blockchain can become genuinely mainstream.

 

Biometric data plays a very important role in modern authentication systems. Static biometrics, such as a fingerprint or facial scan, provides a secure form of authentication that is easier for users than memorizing a password. In a study by IBM, 87% of respondents said they felt comfortable using biometric authentication today or that they would feel comfortable using it in the near future. In the same study, static biometrics were ranked as more secure than either password or PIN authentication. 

While static biometric data can be copied, it is significantly harder to copy than other forms of authentication.

 

However, static biometrics presents two challenges. Although fingerprints are harder to copy than passwords, they can be copied and used to fool even the most advanced sensors. Moreover, PII and data stored online are vulnerable to fraud via identity/credential theft or account take over. Second, a static biometric scan still introduces friction to the user experience. 

 

A fingerprint or facial scan might be significantly faster than entering a password or PIN, but it still requires the user to stop their current activity and wait for the authentication process to complete. For systems that require multiple forms of authentication (known as multi-factor authentication, or MFA), each factor adds a new hurdle for users to jump over.

 

For IAM solutions to provide an optimal user experience, they need to be able to continuously authenticate users. The only time the authentication process should present itself to a user is if an error occurs, or if stronger authentication is required. 

This process is known as silent security since it only becomes apparent to the user when it detects a problem. Static biometrics will not work for silent security since they require direct input from users, but behavioral biometrics are much better suited.

 

Successful IAM implementations require strong authentication. Behavioral biometrics allows organisations to offer a more positive authentication experience for their customers while offering greater security than traditional forms of authentication. 

As more organisations implement strong authentication measures as part of their digital transformation, behavioral biometrics and advancing biometric security will continue playing a greater role, in demonstrating the impact of boosting authentication with biometrics, to make fraud prevention at once secure, reliable, and user-friendly.

 

It can be difficult for a company to start using cloud Identity and Access Management solutions because they don’t directly increase profitability, and it is hard for a company to cede control over infrastructure. However, there are several perks that make using an IAM solution very valuable, such as the following:

 

• The ability to spend less on enterprise security by relying on the centralized trust model to deal with Identity Management across third-party and own applications.

• It enables your users to work from any location and any device.

• You can give them access to all your applications using just one set of credentials through Single Sign-On.

• You can protect your sensitive data and apps: Add extra layers of security to your mission-critical apps using Multifactor Authentication.

• It helps maintain compliance of processes and procedures. A typical problem is that permissions are granted based on employees’ needs and tasks, and not revoked when they are no longer necessary, thus creating users with lots of unnecessary privileges.

 

Privileged access management (PAM) consists of the cybersecurity strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment. 

By dialing in the appropriate level of privileged access controls, PAM helps organisations condense their organisation’s attack surface, and prevent, or at least mitigate, the damage arising from external attacks as well as from insider malfeasance or negligence.

 

While privilege management encompasses many strategies, a central goal is the enforcement of least privilege, defined as the restriction of access rights and permissions for users, accounts, applications, systems, devices (such as IoT) and computing processes to the absolute minimum necessary to perform routine, authorised activities.

 

Wikipedia:                       Security Intelligence: 

 

You Might Also Read: 

 

Identity Management Fundamentals: