How should you evaluate your enterprise’s identity platform? What criteria should you use to determine its identity security effectiveness? When seeking a next-generation solution, what should you look for?
These aren’t idle questions. Legacy identity platforms continue to ossify in the face of modern demands and evolving cyber attacks. Your enterprise must start updating its identity platform. This ensures not only its users’ credential safety but also facilitate its business processes.
Here’s what your enterprise should seek out:
A Good End-User Experience
While they often end up neglected in the solution selection process, convenience and ease-of-use fundamentally determine your IAM’s effectiveness and adoption. Obviously, security must remain the top priority in any identity platform; however, users must also have access to the databases and services they need to fulfill their job duties in a timely manner.
A cluttered, confusing, or onerous user experience pushes users to create dangerous workarounds and resist adoption of your solution. On the flip side, a solid user experience facilitates its adoption and encourages employees to follow identity best practices.
Scalability refers to your solutions’ ability to grow as your business grows, as business growth necessitates an infrastructure and employee base growth to match. Selecting an identity platform only ideal for your current size limits its effectiveness over time and can create integration issues with your future infrastructure.
Additionally, scalability allows you to start small with your identity platform and expand it gradually across the entire network over time. Therefore, this allows you to make adjustments if you detect problems with its optimization on your IT environment.
Single-factor authentication—passwords especially—can’t pretend to protect your users’ identities in the modern era of cyber attacks. Phishing attacks alone can compromise your users’ credentials and give hackers access in a password-only authentication scheme.
Your enterprise needs an identity platform which provides two-factor and/or multifactor authentication. The former certainly serves as a more secure alternative to passwords alone, as it relies on factors like hard tokens or SMS text messages to confirm user identities before granting access. However, hackers have developed tactics to bypass or obtain these secondary factors.
Therefore, your enterprise should ideally adopt multifactor authentication to severely curtail any hackers’ efforts to obtain your users’ credentials. If you feel MFA could interfere with the general user experience, you can also employ a granular authentication model on your most sensitive databases.
Identity Governance defines users’ digital roles. This means your IT security team can enforce the permissions those roles possess, review and audit those permissions; additionally, it can, if necessary, remove those permissions. This helps prevent access creep, in which identities accumulate unnecessary and dangerous permissions. Identities suffering from access creep prove ideal targets for hackers and insider threats.
Part of staying alert to identity security issues on your network is identifying suspicious behaviors and monitoring them for malicious intent. Session management assists with this by monitoring and recording user actions and behaviors as they go about their day-to-day jobs.
Additionally, your identity platform should help your IT security team identify the geographic location and time of access requests. This helps identify impossible or unlikely requests and block them.
Just-in-Time Privileged Access
This grants users temporary access to select databases and assets so the users can complete special projects; the identity platform automatically removes the permissions after a set time to avoid users’ retention of unnecessary access.
You can download the white paper “Just-in-Time Access” by Identity Automation to learn more about the benefits of just-in-time access.
Reporting and Logging
Your identity platform should help you compile compliance reports on log access requests, login activities, and permissions revocations to fulfill governmental and industrial regulations.
While following compliance mandates does not constitute effective identity security alone, enterprises should still take advantage of IAM’s reporting to supplement their business processes and alleviate the burden on their IT teams.
Your identity management solution should help you provision new identities, adjust permissions as users move through the enterprise, and de-provision accounts for users no longer with your business.
This list does not cover all the possible criteria for the modern identity platform. However, this should help you organize your thoughts and chose your priorities as you make one of the most crucial choices for your enterprise.
Latest posts by Ben Canner (see all)
- The Top Identity & Access Management (IAM) Books You Should Be Reading - November 20, 2019
- ForgeRock Launches The ForgeRock Identity Cloud Solution - November 19, 2019
- Key Findings: The Gartner 2019 Critical Capabilities for Identity Governance and Administration - November 13, 2019