Peeling back the layers of identity and access management
.jpg)
In cybersecurity, there is no one-size-fits-all solution. When it comes to identity and access management, the set of practices, policies and procedures that an organisation decides to put in place, as well as the software solutions it chooses to utilise, need to be tailored to its specific needs. Often, however, businesses either fail to see the value of their digital assets and underestimate their need for proper identity and access management or end up choosing solutions that are inordinately complex and expensive relative to the types of data they are protecting and the risk they are facing.
For this reason, here is an easy to understand guide of some of the possible IAM functions that organisations should adopt, alongside a little insight into the sometimes-daunting lingo of identity access management.
Identity governance and administration (IGA)
IGA is the umbrella term used to describe all the IAM measures taken by an organisation to ensure that users have the right access and to prove that said access is correct. Good IGA means that an organisation has control over all its identities and the access they enable, including access to applications, data and privileged accounts. The benefits of maintaining solid governance over access are reduced risk and increased control on for on-premises, hybrid or cloud networks.
Username and password
Simple username/password combinations are one of the least secure forms of authentication. Yet many organisations still employ them due to the expense and complexity often required to implement stronger forms of authentication.
Many businesses sometimes think the information they store would be of little interest to cybercriminals; however, a breach to their systems could not only be of great value to hackers but could also open up much wider networks – such as that of its clients and suppliers - to criminal activity.
To discourage simple user/password authentication measures, the state of California has recently approved a bill that will ban simple log-in credentials (such as the combination admin/password) from 2020. The rule will apply to manufacturers, who will have to devise a more secure approach for the products and gadgets they distribute, which often have basic passwords based on default factory settings. The law will demand that each internet-connected device comes with a unique password or a start-up procedure that allows users to set up their own log-in credentials.
Active Directory (AD)
Password self-service
Perhaps the biggest burden on helpdesks is the relentless need to help users reset passwords and unlock accounts when they’ve forgotten them. Trends towards stronger password policy and greater emphasis on securing these credentials have only exacerbated the problem. However, there are tools that can greatly reduce the number of helpdesk calls by providing self-service functions for regular and ad-hoc password changes, ensuring that the process is secure.
Role-based provisioning and access control
Used by the majority of organisations with more than 500 employees, role-based access control (RBAC) is an approach that restricts system access to authorised users based on their role within the organisation (or Group membership in AD). It is based on provisioning different levels of access to applications and data based on the role. The provisioning of permissions happens automatically, drawing information on people’s duties from an authoritative data source such as the HR system.
Multifactor authentication (MFA)
Multifactor authentication (MFA) has been applied to many consumer products, such as email, mobile phones and bank accounts to provide an additional layer of security on top of the traditional username and password login. It is also a valuable tool for enterprise identity access management, as easy-to-use solutions have been developed to ensure that the authentication process doesn’t slow down productivity. Smartphone-based approval and fingerprint recognition are just two examples of how organisations can effectively implement a further layer of security without it becoming an impediment to employees.
Privileged password management
As most systems have an all-powerful, and often shared administrative login, it is wise to add secure management of privileged credentials to the IAM mix. Privileged password management can be added as an additional layer of security. Privileged password management tools store passwords in a secure vault, issue them as needed according to pre-established workflows and approval paradigms, and rotate them in pre-set intervals.
Privileged session management
When coupled with privileged password management, privileged session management allows organisations to control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users. Session recordings are particularly important for forensic IT, as they allow organisations to track suspicious activity happening in their systems.
Recently, regulators have started to put pressure on enterprises to record sessions that require privileged access, which will draw more attention to this kind of solution. Combined with MFA and privileged password management, privileged session management greatly increases the security of an organisation’s identity access policies.
Privileged behaviour analytics
Another valuable tool in IT forensics, privileged behaviour analysis allows organisations to single out suspect behaviours and to uncover threats coming both from inside and outside organisations. The user behaviour analytics technology can detect anomalies and rank them based on their risk level, enabling businesses to prioritise their threat response and take appropriate action. Combined, data from privileged account analytics and other sources - such as system and audit logs and session data - can further strengthen an organisation’s privileged access management standpoint and make the enterprise’s PAM portfolio complete.
With no scarcity of cyber threats in sight, building a cybersecurity strategy that implements the many facets of IAM is an essential way to prepare. Identity is swiftly becoming the new perimeter within organisations as attackers determine the fact that they are more likely to breach individuals often seen to be the path of least resistance into enterprise networks. Getting Identity and access management right is key to limiting the potential damage that attackers can inflict on organisations, while also reducing the threat from malicious insiders.
source itproportal
Industry: Cyber Security News
Latest Jobs
-
- Identity Channel Partner Manager | London
- London
- N/A
-
Identity Channel Partner Manager | London Location: South East UK (commutable to London) We are working with a Cyber Security business who are looking for a Channel Partner Manager to drive and grow relationships across their identity ecosystem. Prior experience working within VARs, distributors, vendors or resellers in the identity space is essential. You must have experience working with technologies such as CyberArk, Sailpoint, Okta etc Responsibilities will include, but not be limited to: Build, maintain and develop strong relationships with channel partners. Work closely with partner sales teams to support growth drive sales opportunities. Identify and onboard new partners while strengthening existing partnerships. Act as the key point of contact for all channel-related activity. If you are an experienced channel professional, with experience in the Identity space and are ready for your next challenge, apply today.
-
- Service Architect- DACH regions
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Service Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the Service/ solutioning effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company area a global managed services business working with enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead Service/ solution design from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. You’ll Need: Experience working as a Service architect, Service Manager or Customer Success Manager R Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical grasp: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Deal Architect- DACH region
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Deal Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the solutioning/ Service effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company is a global managed services business providing solutions to enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead the deal from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. Be responsible for the service Wrap and ensuring the Service meets clients requirements You’ll Need: A back ground with IT Services Experience in a similar type of role, for example: Deal, Service, or Solution Architect in ICT outsourcing. Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical knowledge: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Pre Sales Lead- IT Services
- Germany
- Upto €100,000 plus benefits
-
As the Pre-Sales Lead (Sales Engineer/ Solution Architect) you will drive large-scale ICT managed services and outsourcing deals (from €0.5M to €20M+). You'll work directly with Business Development and clients to design high-impact solutions across Cloud (Azure, IaaS, SaaS, PaaS), EUC, Unified Comms, Security (SIEM, PAM), Networks, and Smart Workplaces. What You’ll Do: Lead the end-to-end pre-sales cycle — from RFI/RFP to contract. Design innovative, client-specific solutions with technical & commercial impact. Present at CxO level and steer proposal strategies & financial models. Collaborate closely with Portfolio, Service Desk, Field, and Digital Workplace teams. Support deal shaping with strong knowledge of ITIL, SIAM, Automation, and cost analysis. What You’ll Bring: Have strong experience in pre-sales or solution architecture. Experience with €M+ managed service deals. Deep technical expertise in modern ICT stack and enterprise IT services. Strong German (C1) and English communication skills. Certifications: ITIL v3/v4 required; SIAM, ISO20000 desirable.