Keep the bad guys out
Identity management begins by authorising users. Before access to data is granted, an individual typically must be identified with a username and password. Sometimes a second factor, such as a fingerprint or key card, is also required. Authorising the user involves ascertaining their privileges and, if a match exists between data type and privilege level, they are granted access.
To ensure security, all attempts to gain access to a system must be logged. Logging not only provides the basis for an audit trail, it may also be a legal requirement. It ensures that repeated unauthorised attempts to log onto a system can be identified, and alarms triggered if the number of attempts goes beyond a maximum allowed by policy.
Identity management in practice
Some argue for moving the task of the initial data entry about users from the IT department to HR, which already manages information about employees, thus ensuring a consistent approach and helping to reduce errors.
From a technology point of view, identity management, or IDM, systems consist of a number of core components. These include some form of directory service, which acts as the repository of data against which individuals, groups, and devices can be authenticated. It also should have a provisioning system that manages repeated processes, such as setting up an account, or resetting passwords.
The IDM system should also be able to implement and manage context-based access. This means understanding where the user is, what device they are logging on from, and what the date and time of each interaction is. This allows businesses to prevent logins to particular services or require a further layer of authentication outside working hours for particular groups of users, or for users using mobile devices, for example.
In addition, IDM systems should provide a view of permissions and activities, usually via a web portal, to business managers so that they can see which employees have access to which resources, and who is logging into which systems at what times.
As beneficial as identity management can be, just remember, it's not a 'fit and forget' concept. Rather it is a process that needs ongoing attention to ensure that you stay on top of best practices, in order to reap the rewards of increased security.