{"id":5092,"date":"2020-10-02T16:01:17","date_gmt":"2020-10-02T20:01:17","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=5092"},"modified":"2020-10-02T16:01:17","modified_gmt":"2020-10-02T20:01:17","slug":"identity-management-isnt-all-authentication-its-about-permissions-too","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/","title":{"rendered":"Identity Management Isn&#8217;t All Authentication. It&#8217;s About Permissions Too"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-4581\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg\" alt=\"Identity Management Isn't All Authentication. It's About Permissions Too\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The discourse surrounding identity and access management tends to center on authentication. On the surface, it is easy enough to see why; the majority of attacks begin with compromised or stolen credentials and bypassed authentication. If hackers obtain the means to enter your network through the authentication portal, detecting them and mitigating the damage can take valuable time and resources.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Therefore, most attention is paid to how recognized users enter and exit the enterprise network. Often, this takes the form of multifactor authentication (MFA), which includes biometric authentication, geofencing, and other key capabilities. Additionally, many vendors now boast continuous authentication even after the initial login stage through behavioral biometrics and the like.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, this discourse around authentication tends to neglect conversations about <\/span><i><span style=\"font-weight: 400\">what <\/span><\/i><span style=\"font-weight: 400\">your recognized employees can actually do on your network once they log in. What sorts of permissions and privileges does the average user have, and how do they gain those permissions? How do they gain new permissions? Who regulates or rescinds them?\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">This conversation isn\u2019t speculative. Instead, it speaks to a problem suffered by enterprises around the world: access creep.\u00a0<\/span><\/p>\n<p><b><br \/>Widget not in any sidebars<br \/><\/b><\/p>\n<h2 style=\"text-align: justify\"><b>How Access Creep Works Via Permissions<\/b><\/h2>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Take the average user, let\u2019s call her Carol. Carol has average credentials for her role in the enterprise (a challenge in itself, but we\u2019ll come back to that). Suddenly, Carol\u2019s coworker becomes sick, and her boss asks her to take over their activities as well as her own.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">To do this, they give Carol temporary permissions. She does the job fairly well, and eventually, her coworker returns. Except now, the IT team that gave her the permissions is focused on something else, and forget to rescind those temporary permissions.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Now Carol has de facto permanent access to both her own resources as per her job and those of her coworker. As this cycle repeats over and over again, Carol\u2019s credentials demonstrate access creep, which a savvy hacker can exploit. With greater potential in the business network comes the greater potential for long-term damage inflicted by a threat actor.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Worse, because the IT team forgot that Carol had these permissions, they may not realize the extent of the damage or even that there is damage until far too late. After all, this activity is \u201cnormal\u201d according to the rules of the system. In other words, it won&#8217;t trigger an alert.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Now let\u2019s take the opposite approach: what if Carol becomes hostile to the business. Perhaps she leaves the company disgruntled, and decides to take revenge on the network. Your IT team may have rescinded her original permissions&#8230;but do they know about the other permissions she possesses?<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">This is where <a href=\"https:\/\/solutionsreview.com\/identity-management\/identity-governance-and-administration-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">identity governance and administration (IGA)<\/a> steps in. It helps regulate how employees receive permissions and provide critical visibility into each employee\u2019s permissions. Further, IGA can set timers on temporary permissions to ensure that employees can\u2019t accumulate permissions by accident.\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>IGA Smooths Out the Onboarding and Offboarding Process<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In addition to maintaining control over current permissions, IGA enables your business to maintain control over both future and historical permissions as well. IGA can help your enterprise establish set roles for new employees to slot into when they join. These roles each come with an established and modifiable set of privileges so that employees have exactly what they need to do their job and no more.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Further, IGA can help remove employees that have left the business entirely, including all of their permissions. This helps prevent the formation of orphaned accounts, which hackers can exploit later.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><div class=\"hr hr\"><\/div><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">You can learn more in our <a href=\"https:\/\/solutionsreview.com\/identity-management\/identity-governance-and-administration-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">Identity Governance and Administration Buyer\u2019s Guide<\/a>.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/solutionsreview.com\/identity-management\/identity-governance-and-administration-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"Identity Governance and Administration Buyer's Guide\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/01\/identity-governance-administration-speedbump-cta.jpg\" alt=\"Download Link to Identity Governance and Administration Buyer's Guide\" width=\"800\" height=\"225\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The discourse surrounding identity and access management tends to center on authentication. On the surface, it is easy enough to see why; the majority of attacks begin with compromised or stolen credentials and bypassed authentication. If hackers obtain the means to enter your network through the authentication portal, detecting them and mitigating the damage can [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":4581,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[142,125,16,76,286,397,188,1546],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Identity Management Isn&#039;t All Authentication. It&#039;s About Permissions Too<\/title>\n<meta name=\"description\" content=\"What are permissions from an identity and access management perspective? How can they determine your level of cybersecurity?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/\",\"name\":\"Identity Management Isn't All Authentication. It's About Permissions Too\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg\",\"datePublished\":\"2020-10-02T20:01:17+00:00\",\"dateModified\":\"2020-10-02T20:01:17+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"What are permissions from an identity and access management perspective? How can they determine your level of cybersecurity?\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"CVS Database Containing Over 1 Billion Records Exposed\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Identity Management Isn&#8217;t All Authentication. It&#8217;s About Permissions Too\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Identity Management Isn't All Authentication. It's About Permissions Too","description":"What are permissions from an identity and access management perspective? How can they determine your level of cybersecurity?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/","url":"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/","name":"Identity Management Isn't All Authentication. It's About Permissions Too","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg","datePublished":"2020-10-02T20:01:17+00:00","dateModified":"2020-10-02T20:01:17+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"What are permissions from an identity and access management perspective? How can they determine your level of cybersecurity?","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/Hacker-New-Image-Mod.jpg","width":800,"height":400,"caption":"CVS Database Containing Over 1 Billion Records Exposed"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/identity-management-isnt-all-authentication-its-about-permissions-too\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Identity Management Isn&#8217;t All Authentication. It&#8217;s About Permissions Too"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5092"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=5092"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5092\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/4581"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=5092"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=5092"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=5092"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}