From time to time here at Solutions Review, we review the blogs of the top identity and access management solutions providers. With the deluge of data breaches, insider threat studies, and authentication innovations flooding the news feeds, studying the reports from the literal boots on the digital ground can give us insight into what’s important when making IAM solution selections.
This week, we read the OneLogin blog, which posts the research and opinions of the titular Californian identity and access management vendor. Here’s the key findings enterprises should take heed of:
We’ve written before about our dissatisfaction with passwords as an authentication factor and with single-factor authentication platforms in particular. Passwords are a weak part of any enterprise’ security posture: an easily crackable attack vector and a target of much user hatred. The OneLogin blog shares our sentiments but acknowledges that passwords are here to stay for now—especially because so many legacy identity and access management solutions hinge on passwords.
In light of this unfortunate reality, the OneLogin blog argues on behalf of having a Password Champion on staff. This member of your IT security team would focus on strengthening your employee’s password policies, protecting asset access, and educating your users on overall better password practices. This individual needs to balance password best practices with more modern approaches to authentication and access management. If you have the resources and staff, it may be time to find the Password Champion for your enterprise.
The OneLogin blog defines unified access management as the access integration of Security-as-a-Service and on-premises application environments. It also extends access management to enterprise networks and devices, unifying their corporate user directories.
The aim of unified access management is to simplify the administrative experience—an oft-neglected but nonetheless vital aspect of any IAM solution experience—reduce your overall costs, and improving the end-user experience. The OneLogin blog states that this kind of access management solution can be a huge boon to enterprises undergoing a digital transformation or otherwise embracing cloud application adoption; unified access management can unify cloud directories and existing user stores to provide greater scalability.
Again we have to confront the reality that passwords are a poor identity authentication factor for enterprises of any size. In this blog post, OneLogin examines the upcoming biometric authentication revolution which is poised as a response to this frustration. As part of multifactor authentication schemes, fingerprint and facial recognition are becoming all the rage among security-conscious enterprises and professionals.
But biometric authentication haven’t been met with universal approval by end-users. As the OneLogin blog points out, plenty of end-users are reluctant to hand over their biometric data to enterprises, especially financial enterprises. One of the reasons for this reluctance is a well-known issue among biometric authentication experts: a password can be changed in the event of a theft, but a fingerprint cannot.
The OneLogin blog advises reducing the attack surface on biometric data to help secure the information from threat actors and increase user trust. Restricting the number of employees that can access to your users’ biometric data and carefully selecting what databases and assets require biometric authentication (not every login should) will help make sure that the digital attack surface is as small as possible.
Legacy solutions, as the OneLogin blog is quick to remind its readers, are not equipped for the realities of securing cloud applications or the modern hybrid enterprise. Therefore enterprises can see increased costs and hidden costs, increased IAM complexity, and more difficult maintenance requirements.
And these issues tend to interweave with each other. As legacy solutions continue to age, finding the right personnel to manage them becomes increasingly tricky. These experts, in turn, can be more expensive and require more time to manage your legacy solution, taking their focus from more relevant security threats and limiting their productivity. This requires the hiring of more cybersecurity experts…and a vicious cycle begins. In other words, legacy IAM solutions can’t keep up with modern threats and it can drag the rest of your cybersecurity solution down with it.
Maybe it’s time for your enterprise to change their IAM solution? It could save you time, energy, money, and security concerns.
- The Best Books for Identity Security Available Now - September 16, 2021
- Authentication Apps: Best of 2021 and Beyond from Solutions Review - September 15, 2021
- Authentication Platforms: Best of 2021 and Beyond from Solutions Review - September 14, 2021