Our IT environments are getting more and more distributed. Users can access corporate information from everywhere on a variety of devices. Systems and data are getting more and more interconnected. All these statements are examples of situations where Identity Security is becoming the cornerstone of your information Security Policy.
Managing and securing identities in all their forms (human and non-human, company internal and external) can be challenging and requires a well-structured and auditable approach. Making sure that only securely identified identities have access to the systems and/or data that they are authorized to access under the set policy framework. Your chosen approach should not only address the technical aspects of managing and securing identities but also consider the needs of other stakeholders like e.g., HR, Compliance Officers and the end user.
As mentioned earlier Identity Security is about managing and securing identities in all their forms. Within every company there are next to the traditional “human” End User identities a large, if not larger, number of “non-human” identities like e.g., service accounts, admin accounts of network- and (I)OT devices and Shared Secrets. Besides these “internal/workforce” identities companies also have to deal with many “external” identities that have access to internal systems and/or information. A customer with an account to access a web shop or ordering system, a supplier with an account to access to your ERP-system or an outsourced application administrator are all examples of these “external” identities. Currently we see a shift where attacks using breached “non-human” identities and Supply Chain attacks are on the rise. Covering the full scope of an identity attack surface is therefore a crucial part of a layered defence.
Within the broader scope of Identity Security Solution six main solution groups can be specified under the umbrella of a seventh governing solution. Each of these groups address a specific segment of the Identity Security pie. Depending on your companies’ policies and needs they play their part in hardening your Identity Security and thus lowering your identity attack surface. These main solution groups are:
Authentication solutions manage and enforce secure authentication beyond basic username and password authentication and provide authentication to applications and services.
Identity and Access Management Solutions (IAM):
IAM is all about managing a workforce identities life cycle and the authorization’s it has. The identity on- and offboarding processes and identity change management are examples of IAM components.
Customer Identity and Access Management Solutions (CIAM):
CIAM is all about managing an external identities life cycle and the authorization’s it has. External identities can be Business to Consumer (B2C) identities as well as Business to Business (B2B) identities. Examples of CIAM implementations are managing identities for patient portals or web shops.
Privileged Access Management Solutions (PAM):
PAM is an Identity Security solution that safeguards identities with special access or capabilities through a combination of people, processes and technology to enforce least privilege access to applications and systems. All actions an identity performs when authenticated are logged for compliance purposes. A “Vendor” PAM to give a third parties controlled access to internal systems and/or applications (e.g., an external application administrator) is an example of a PAM implementation.
Endpoint Privileged Management (EPM):
EPM is an Identity Security solution that provides users just enough endpoint privileges to complete their tasks, but nothing more (least privilege access). Define policies and privilege distributions to fine-tune and determine the level of access available across the organization and prevent malware attacks due to over-privilege
Identity Detection and Response Solutions (IDR/UEBA):
IDR solutions monitor the behavior of identities through a combination of AI / Machine Learning and set policies to detect and respond to suspicious activities. Examples of response automation are re-validation (e.g., an additional MFA check) of an identity, to deny access applications or locking an identity.
Identity Governance and Administration (IGA):
IGA lets you implement enhanced identity governance and administration capabilities to better manage all users for your on-prem, hybrid and cloud environments. Satisfy audit and compliance initiatives, and easily provide management with a clear view of your governance posture.
Besides the above-mentioned main solution groups there are also some core components that, depending on the use case, play an important role in the implementation of these solutions. Examples of these components are a Password Vault / Password Manager and End User Self-Service capabilities.
Checkdone IT is known for its international track record selling authentication solutions from different vendors for years before the start of Checkdone IT as direct touch to end users. Now, in our company we deliver the solutions and ensure you will have “best user experience” for both end-user, and internal IT based on what fits your company or need.