removing-the-mask-of-iam

Triple A:

Removing the mask on IAM

Triple A: removing the mask on IAM

Dragon Bane, Psycho the Clown, and Texano Jr. No, not members of some alternate Marvel superhero group, but wrestlers on the Lucha Libre Worldwide (AAA) roster. The ‘Triple A’: an organizing body behind – among others – WrestleMania.

Mexican professional wrestling: men of fearsome reputation, skills, and...masks! Indeed, real identities are hidden with great zeal by all combatants – which brings us to another ‘Triple A’, this time associated with Identity and Access Management (IAM).

A focus on identity

IAM. You most likely know the headlines behind this technology: an information security framework focused on securing digital identities in the workplace – and controlling access to company resources.

Where the triple A bit comes in, is with the three ‘sub-components’ involved:

  • Authentication – the process of confirming an identity
  • Authorization – defining the resources (data, apps etc.) individuals can access
  • Auditing – keeping track of all the changes being made to ensure compliance

Authentication

This used to be easy – but then came along the cloud and mobile computing, and it got really complex, really fast. Now, identity has become the primary security boundary; Where the emphasis is now on confirming people are who they say they are – with access rights attributed to the back of it.

The challenge here being that once “you’ve” been authenticated and let in the door, IT has little insight into who’s actually behind the mask. Hence the growing interest in providing different levels of authentication:

  • Authentication with something you know – most commonly delivered through a user name and password or PIN
  • Authentication with something you have – for example a token, banking card or ID card. In this age of mobile devices, we often see the use of a smartphone as factor, with an sms code or authenticator app
  • Authentication with something you are – supplying biometric factors based on fingerprints, retinal scans or voice input
removing-the-mask-of-iam

Authorization

The principal question to be answered here is simple: what resources can a user be allowed to access? Well it sounds simple at least. The reality is that getting it right requires IT to strike a delicate balance between security and usability.

Central to the process of authorization is Access Control – where you set conditions for the apps, data, and devices a user can get his/her hands on. For smaller organizations, such limits can be agreed at individual level. But for larger enterprises comprising thousands of employees, broader frameworks are required – including role-based access controls that automatically create ‘personas’ based on job function and position.

To this can be added the emerging concept of ‘continuous authentication’. Where an individual is allowed access, but constantly monitored thereafter (think keystrokes etc.) to spot any suspicious behavior.

removing-the-mask-of-iam

Auditing

In order to complete the security picture, you need to enable auditing, to have a record of which users have logged in and what resources those users accessed. Obviously such a record can prove essential when responding to a potential cyber attack. It can also help with the wider software audit picture, by confirming who’s using which apps and services.

Equally, auditing can be a core building block for GDPR compliance – with identities covering more than just employees (partners, customers etc.). Done correctly, IAM can enable you to:

  • Comply with GDPR requirements such as managing consent by individuals to have their data recorded and tracked
  • Respond to individuals’ rights to have their data erased
  • Notify people in the event of a personal data breach
removing-the-mask-of-iam

Wrestle your way to effective identity and access management

IAM brings with it many immediate benefits: ranging from the mitigation of security breaches and the prevention of data loss, to greater GDPR compliance and improved IT efficiency through automation. This all helps make IAM an absolute necessity for today’s business leaders. To find out more about SoftwareONE’s IAM capabilities, experience, and solutions...

Get in touch!
  • Managed Security
  • Mobility, Security

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Blog Editorial Team

Trend Scouts

IT Trends and industry-relevant novelties

Related Articles

cyber-security-awareness-4-building-a-mobile-threat-defense
  • 21 October 2020
  • Bala Sethunathan
  • Managed Security
  • Data Backup

Protect Enterprise Mobile Devices

Despite their size, mobile devices pose a huge threat to enterprises. Here are a few threats to start protecting against today.

security-is-not-privacy-ways-to-keep-personal-data-secure
  • 14 October 2020
  • Bala Sethunathan
  • Managed Security, Cybersecurity
  • Data Security, Data Loss, Data Backup, Data Protection

Security is Not Privacy: Ways to Keep Personal Data Secure

Organizations must know the difference between data security and privacy, the ways your data could be compromised, and how to keep it secure.

Improve Network Security with VMware NSX

Network Virtualization with VMware NSX

VMware NSX enables firewalls to be implemented even for the smallest segments - and thus considerably increases IT security.