Identity management (IDM) is an essential component of network management and cybersecurity. You use identity management to control who and what can access your systems, applications, and data. The larger and more complex your environment gets, the more advanced your identity management system needs to be. Before choosing a vendor, you need to analyze your environment’s unique requirements, determine what your current and future identity management goals are, and always keep security at the front of your mind.
There are four major identity management system factors to prioritize before choosing a vendor:
As your enterprise resources and workloads have moved to cloud and software-as-a-service (SaaS) platforms, you’ve likely run into problems trying to apply enterprise user access policies to systems outside your enterprise network. Managing accounts and access roles through each individual interface is tedious and time-consuming, often leading to lax policy enforcement and over-provisioning of account privileges. If a hacker compromises a low-level cloud user account that’s been given privileges it doesn’t need, they could access far more resources and do much more damage than if that user account had been appropriately limited.
If you’re currently (or planning to in the future) using a hybrid, cloud, or multi-cloud architecture, you need a cross-platform IDM solution. With cross-platform cloud support, all your user accounts and policies from across all your cloud providers are brought together with your enterprise accounts under one management console. This allows you to apply the same security standards to users in your cloud infrastructure and your internal infrastructure—for example, using the principle of least privilege (PoLP) to ensure user accounts only have the bare minimum privileges needed to perform their job role.
One of the most important factors to prioritize when looking for an identity management system is how that solution will integrate with your existing applications, technologies, and network architecture. Ideally, your IDM should manage identities and apply privileges for every single login that happens within your enterprise, including web services, third-party software, and security solutions.
One way that identity management systems accomplish this is through single sign-on (SSO). With SSO, a user only maintains one set of credentials, which they can use to authenticate to multiple systems and services. This is only possible if your IDM solution integrates with all the platforms, vendors, and applications your users need to log in to.
If you’re hoping to adopt new, cutting-edge network architectures and security methodologies such as secure access service edge (SASE) or zero trust security, you also need to ensure your IDM solution supports those initiatives. For example, zero trust security requires an IDM that will verify the identity of users and devices every single time they access a network resource and then issue one-time access privileges. When selecting an identity management system, you should ensure it supports your future goals and initiatives as well as your current needs, so you’re not held back by inadequate account management technology.
According to Microsoft, 1.2 million of their accounts were hacked in January 2020 alone, and 99.9 percent of those accounts were not using multi-factor authentication (MFA). You can’t chalk numbers like that up to coincidence—MFA is clearly a vital component of a successful identity management and security strategy.
Multi-factor authentication requires users to provide an additional method of authentication and identity verification before they’re granted access to enterprise resources. The underlying principle of MFA is that users must provide at least two pieces of evidence to prove their identity, and each piece of evidence must come from a different category: something only they know, something only they have, or something only they are. Some examples of MFA verification would be a password (something only the user knows), plus an authenticator app on their smartphone (something only they have) or a biometric fingerprint scanner (something only they are).
What if, despite your multi-factor authentication tools and strict global security policies, a hacker still manages to compromise an account and breach your enterprise network? How long could that hacker remain on your network, jumping from system to system and exfiltrating data, before that account is flagged and blocked? Often, these types of attacks go unnoticed for hours or even days—according to cybersecurity company FireEye Mandiant, the median breach duration time in 2020 was 24 days.
That’s where user and entity behavior analytics (UEBA) can help. IDM systems with UEBA use machine learning to monitor the behavior and activity of users, devices, service accounts, and other entities on your network to establish baselines. Then, UEBA continuously monitors and analyzes user and entity behavior so it can spot deviations from normal activity patterns. For example, if a user account normally accesses the exact same systems every day from 9 am to 5 pm, but then starts logging in late at night and downloading files from unusual locations, UEBA would flag that behavior as suspicious and lock the account. In this way, IDM systems with UEBA can prevent and minimize the damage caused by compromised accounts.
The most important thing to remember when shopping for an identity management system is that there’s no one solution that’s right for every business. You need a deep understanding of your current environment, including your security vulnerabilities, so you can ensure your IDM addresses all your unique challenges and requirements. If you need help analyzing your environment and identifying weaknesses in your security strategy, you should consider consulting with trusted experts.