Identity and Access Management (IAM) policies are planned to
prevent escaping privileges, prevent attackers from misusing your credentials,
detect and prevent credential theft, and more.
Your specific IAM implementation should be tailored to the
size of your organization and residence.
For example, the larger and more complex the organization,
the more tightly controlled IAM is to define. Specifically, large companies
require a centralized IAM to effectively track tag, wake that, wake that, wipe
that, wipe that. For example, deliberate an employee who started in Human
Resources before moving to the proper network.
If proper controls have not been established and applied
throughout the company, that person can now have access to your applications
and files for human resources and marketing plans. This represents a
potentially serious liability.
Includes for IAM deployment
Regardless of the type of corporation you work for or the
type of information available, your IAM implementation must contain some of the
following components:
Password protection tools
Users reuse their passwords in various applications, use
simple passwords (for example, "123456"), or leave written sticky
notes on their monitor. Moreover, hackers are constantly improving hard
computing techniques.
For example, an approach called single sign-on (SSO) allows
users to create a single password that securely unlocks all of their corporate
applications. Since employees only need to manage one password at a time for
their work, this reduces the likelihood of password reuse and allows them to
remember a more complex passphrase.
That being said, your IAM implementation should also
blacklist simpler passwords, increasing the cryptographic strength of your
password hashes with granular controls for adding and stretching them.
Biometric identification
If you have ever unlocked your smartphone using your
fingerprint, then you know that biometric identification is convenient and
effective.
In fact, the proliferation of smartphones has made
previously expensive tools like fingerprint scanners a commodity, allowing
biometric locks on the most sensitive data. We are not saying that every business has such sensitive data that you should use fingerprint scanners to
protect it, but if you invest in IAM, you should have the opportunity in case
you ever need it.
In addition to fingerprint scanning, other options allow
users to unlock devices and data using technologies such as retinal scans or
face identification.
For example, Windows Hello now allows users to unlock their
laptops or desktops with facial recognition through a connected webcam. These
technologies are in a relatively rudimentary state, but one day we may see them
largely replace passwords.
Multi-factor authentication (MFA)
Suppose someone manages to steal this critical SSO password
and gain access to all of the employee's apps, what next?
In most cases, the MFA should represent the next line of
defense. With a technology known as device fingerprint, your IAM implementation
should see that an attacker is using a different computer than usual, and this
action should prompt you to invoke the MFA.
How so? Well, that includes sending the user's (legitimate)
one-time password via email, text, or voice. The idea is that the attacker
controls the account information, but not the victim's phone or secondary email
address.
techdirtblog slashdotblog justhealthguide healthandblog supercomputerworld
