Skip to content

What is it?

The information security discipline that establishes and manages the roles and access privileges of individual users, including humans and machines, within a computer network. Identity management is also known as identity and access management.

Why is it important?

Identity management enables companies to control who, how, when, and which users access information or digital assets. Identity management systems can enhance productivity in addition to protecting assets.

Why does a business professional need to know this?

Business professionals need to understand identity management because it is at the center of controlling access to digital assets. Access control requires you to authenticate the identity of people and computers. Identity management systems also help ensure that each user has only the privileges required for the job at hand and no more.

In today’s digital world, identity management is evolving. One important trend is federated identity management, which enables users to leverage the same user name and password across multiple networks. Single sign-on (SSO) is a similar capability that, again, allows users to use the same credentials across different systems.

In addition to interoperability across platforms and networks, there are schemes that leverage attributes of an individual’s identity other than user names and passwords. One example of such a scheme is biometrics, which refers to the use of human characteristics such as fingerprints for access control.

Successful identity management programs are clearly planned and aligned with the organization’s goals, and they weigh risks against potential business gains. After decades of planning, organizations are finally getting closer to having effective online identities that improve security.

References

About Evelyn de Souza

Photo of Evelyn de Souza

Evelyn de Souza is an advisor to privacy and data security startups and the Cloud Security Alliance. She consults with organizations across the technology spectrum.  Evelyn was recognized by CloudNOW as one of the Top 10 Women in Cloud and in 2015 as a Silicon Valley Business Journal Woman of Influence.

Term: Identity Management

Email: e_desouza@yahoo.com

Website: cloudtweaks.com/author/evelyn

Twitter: @e_desouza

LinkedIn: linkedin.com/in/evelynd

What is it?

A combination of two or more dissimilar authentication modes, called factors (possession, knowledge, inherence, location, or habit), that must be presented together as part of the process of authenticating the identity of a person or device requesting access.

Why is it important?

When properly implemented, multi-factor authentication (MFA) makes it harder for someone to impersonate an authorized user, giving you a higher level of confidence about the identity of a person or entity attempting to access your system.

Why does a business professional need to know this?

Many data breaches start with the theft of user credentials. At the 2017 Black Hat Conference, a survey question asked: Which of the following is most responsible for security breaches? The choices were: humans, not enough security software, unpatched software, or other. Eighty-five percent (85%) of the hackers surveyed said humans.(blackhat 2017)

When the same group was asked what was the strongest barrier to stealing credentials, sixty-eight percent (68%) said it was the combination of multi-factor authentication and data encryption.

Business professionals need to know about multi-factor authentication so they can adapt authentication to meet their needs while balancing expense with security.

Authentication factors include the following:

  • Physical things such as key cards
  • Biometric factors such as fingerprints/iris scans
  • Knowledge such as a password or PIN that the user knows

MFA happens when a combination of two or more of these methods is presented at the same time. What makes MFA more secure than single-factor authentication is that the odds of a hacker possessing two or more of the authentication factors at the same time are very low.

One factor alone is weak authentication. Cards can be cloned, passwords cracked, biometrics fooled, and smartphones stolen. The combination of two or more of the same factor (like two cards, two passwords, or two biometrics) is not true multi-factor authentication. While stronger than having only a single factor, combining two of the same factor is double single-factor authentication.

The first step to hacking into many networks is to bypass the logon authentication by stealing a legitimate user credential. Cybersecurity starts by first knowing who is knocking on the virtual front door. That knowing begins with multi-factor authentication.

References

About Dovell Bonnett

Photo of Dovell Bonnett

Dovell Bonnett has been creating computer security solutions for over 20 years. In 2005, he founded Access Smart to provide cyber-access control solutions to government and small-to-medium-sized businesses in areas such as healthcare. His premier product, Power LogOn, is a multi-factor authentication, enterprise password manager.

Dovell is a frequent speaker and consultant on the topic of passwords, cybersecurity, and multi-factor authentication. His most recent book is Making Passwords Secure: How to Fix the Weakest Link in Cybersecurity.

Term: Multi-factor Authentication

Email: Dovell@access-smart.com

Website: access-smart.com

Twitter: @AccessSmart

LinkedIn: linkedin.com/in/accesssmart

Facebook: facebook.com/AccessSmart

What is it?

A subset of cybersecurity that protects networked devices, such as smartphones and medical equipment, that are usually accessed by an individual user or group.

Why is it important?

Endpoints are a vulnerable point of entry for breaches. Because of the large number of connected devices available and the wide diversity of types, endpoints are difficult to manage and keep vulnerabilities patched.

...continue reading "Term of the Week: Endpoint Security"

What is it?

The implementation of policies, practices, and technology to enable positive identification of people, devices, and applications.

Why is it important?

Understanding authentication is critical for establishing a secure environment because you must reliably know the identity of the people, devices, and applications accessing your resources in order to properly govern access and permissions.

...continue reading "Term of the Week: Authentication"