We here at Solutions Review try to avoid alarmist titles when we can. We’re not in the business of scaring enterprise decision-makers into making rash and immediate solution choices—especially not in an area as vital and impactful as cybersecurity. Our goal is to inform and guide through a daunting process, not to cause unhelpful panics.
Yet as we inch ever closer to 2019, our editors find themselves unable to shake the question: does traditional identity management still provide the identity security enterprises need to stand up to both hackers and insider threats?
The short answer is obviously yes. Traditional identity management provides a strong and well-rounded identity solution to enterprises of all sizes. It offers greater authentication, credential management, and visibility than manual processes could hope to provide. However, a well-rounded solution may not provide the focus of a specialized identity solution—the sort of specialized identity solution your enterprise might need to fill its identity gaps.
What do these specialized identity solutions offer traditional identity management simply doesn’t? Here is a brief overview of the main three branches:
Privileged Access Management
Traditional identity management is concerned with your employees’ access and credentials as an entire group. In contrast, a privileged access management solution is designed to secure the credentials, accounts, and passwords of your superusers—the users with the most permissions and access on your enterprise’s network. These users are usually your managers or executives…which makes their credentials so much more valuable for hackers.
Additionally, privileged access management solutions help enterprises enforce the Principle of Least Privileges across their networks. This rule essentially keeps enterprises from bestowing their privileged users with too many permissions and too much access. As a popular example, you don’t want your finance department’s leader to be able to access the HR leaders’ assets. Having too much overlap in permissions, or bestowing unnecessary privileges, can provide hackers with a tool to enact even more damage than they would otherwise.
Privileged access management has taken a special importance over the past few years. According to the 2018 Verizon Data Breach Investigations Report, 80% of all enterprise-level data breaches include stolen or weak privileged accounts.
Identity Governance and Administration
Traditional identity management is concerned with access and credentials, especially when it concerns authentication. However, identity governance and administration solutions are more preoccupied with the permissions your users already have—how they acquire new permissions, how their roles match with those privileges, and how your identity security policies align with your compliance requirements.
Identity governance and administration’s most important asset is their role management capability. IGA is designed to determine what access users have and to enact limitations on those permissions i.e. removing unnecessary access. The goal is to limit and prevent access creep—the insidious accumulation of access users gain from temporary projects, role changes within the enterprise, and changes in role parameters and expectations.
Much like privileged credentials operating outside the principle of least privileges, accounts with unchecked access creep can provide a powerful attack vector for both hackers and insider threats alike. Access creep can conceal glaring security holes and obscure dwelling threats for months. Best to put a stop to it before it happens.
Authentication is, of course, a major priority for traditional identity management solutions. Solution providers are constantly innovating ways to supplement or supplant the single factor authentication scheme or the much-reviled password. These can include device authentication and recognition, geofencing, hard tokens, and PINs, operating in two factor or multifactor authentication schemes.
However, biometric authentication solution providers are looking to take an even further step from passwords by making psychological traits like fingerprints or even common user behaviors like typing into authentication factors.
The argument goes that biometric authentication factors cannot be forgotten, are always available, and cannot be replicated or stolen. While there are some arguments over its implementation, so far these claims have held fast. Certainly, they have—when in an MFA authentication protocol—proven to deter potential hackers and limit their access to valuable digital assets.
Traditional Identity Management?
And these three major branches don’t cover the possibility of customer identity and access management (CIAM) which is much like traditional identity management but oriented to consumers than employees (emphasizing convenience over security, for example). Identity security has become a complex conversation indeed.
Is traditional identity management the right identity security for your enterprise? Should you instead focus on a specialized solution? Only you can answer these questions, and only after serious self-examination and consultation with your security teams.
Cybersecurity is not a rush job. Only the complete and thoughtful strategy will succeed. But success if more than its own reward. It might be the only path to a bright digital future.
Latest posts by Ben Canner (see all)
- Experts Comment: 21 Million Passwords, 773 Million Emails Breached via “Collection #1” - January 17, 2019
- Experts Weigh In: The Oklahoma Securities Commission Breach - January 17, 2019
- Want Better Identity Management? Remove your Orphaned Accounts - January 15, 2019