What is it?
The information security discipline that establishes and manages the roles and access privileges of individual users, including humans and machines, within a computer network. Identity management is also known as identity and access management.
Why is it important?
Identity management enables companies to control who, how, when, and which users access information or digital assets. Identity management systems can enhance productivity in addition to protecting assets.
Why does a business professional need to know this?
Business professionals need to understand identity management because it is at the center of controlling access to digital assets. Access control requires you to authenticate the identity of people and computers. Identity management systems also help ensure that each user has only the privileges required for the job at hand and no more.
In today’s digital world, identity management is evolving. One important trend is federated identity management, which enables users to leverage the same user name and password across multiple networks. Single sign-on (SSO) is a similar capability that, again, allows users to use the same credentials across different systems.
In addition to interoperability across platforms and networks, there are schemes that leverage attributes of an individual’s identity other than user names and passwords. One example of such a scheme is biometrics, which refers to the use of human characteristics such as fingerprints for access control.
Successful identity management programs are clearly planned and aligned with the organization’s goals, and they weigh risks against potential business gains. After decades of planning, organizations are finally getting closer to having effective online identities that improve security.
References
- (Rouse 2017) Identity management (ID management): Rouse, Margaret (2017). TechTarget. Discussion of the need for managing digital identities as well as details about the technologies needed to support identity management.
- (Ogrysko 2017) In the wake of the cyber sprint, OMB to develop new consolidated identity management guidance.: Ogrysko, Nicole (2017). Federal News Radio. Discussion of updated guidelines for US government agencies and contractors issued by the US National Institute of Standards and Technology (NIST) as well as details about the Trump administration’s attempt to roll back agency reporting requirements.
- (Grimes 2017) The best identity management advice right now: Grimes, Roger A. (2017). CSO Online. The history of identity management and practical advice on reducing risk. Registration required.