How to avoid flaws in identity management
The challenges around managing identities are well documented from a business perspective. However the technology flaws have to be considered when implementing solutions. David Mount, UK technical director at NetIQ, looks at the dilemmas facing businesses.
Security threats are increasingly becoming focused on where an enterprise keeps its critical data: the servers, databases, directories and in other technologies. If these are accessed by unauthorised users, the risk to a business of a critical data breach, revenue loss or compliance fines could emerge.
With the best of intentions, a simple mistake within a directory-based application among which the above technologies are acting as ‘managed resources' can knock out access for many people, and for some organisations, can cost equally impressive amounts of money.
A significant challenge faced by organisations today is related to the implementation of intelligent and integrated management of user activity and their access to appropriate systems.
Time, money and effort are invested in collecting security trends about what is happening. However, the problem arises when getting a long list of 'what' does not contribute much to addressing the issue unless it is paired with the ‘who' and the ‘when'.
Correlation of identity, event and data provides the most direct route to identifying threats before significant damage is done, but subtracting any one of those reduces the significance of security information so much that the value is doubted.
Distributed environments and complex data centres are already hard enough to manage. If you add an army of power users within an organisation that need appropriate access to all of this technology, it is imperative that an identity management solution is implemented effectively and timely. IT managers need a secure and cost-effective approach to identity and access management.
What makes up a more effective approach to identity management is becoming more familiar to us, namely:
1. Centralising and automating administration
2. Eliminating the complexity of managing multiple identities
3. Enforcing controls necessary to achieve compliance
4. Capturing and securely storing audit events
5. Easily producing meaningful reports.
However, there are three major flaws or stumbling blocks to proper implementation of such solutions. Without acknowledging these, organisations risk serious shortcomings in their identity management systems.
Flaw 1: Employee deprovisioning
It has been an ongoing problem for organisations to properly deprovision a user who has left the company. Too often, accounts are still active, or some kind of accessibility to enter the corporate network from an external location is possible. This could give an opportunity for someone to take information or even leave corruptive malware behind.
There is a need for organisations to tighten their security measures and workflows for deprovisioning to eliminate former employees' accessibility. Integration with the human resources databases to ensure faster response on the elimination of accessibility is the key.
Also, watch shared accounts and be prepared to raise the level of activity monitoring if needed. Finally, automated workflows would be the safest approach to ensure all accounts are dealt with and fully documented so they can always be referenced.
Flaw 2: Lack of a centralised identity management solution
Organisations should consolidate and centralise the access controls with one directory service. From here, the access can be extended to other systems and applications to encourage consistent security and configuration policies. Drive down the management headache and drive down the management cost.
Risking having multiple accounts to manage on various systems gives way for a lack of synchronisation and upkeep and multiple points of a breach that can be hard to track if there are many diverse systems. It is easy to stay under the radar when not everything is accessible from a central location and a generic system that is not centrally managed may be the back door that allows for unauthorised access.
Flaw 3: No secure privilege delegation
As we delve deeper into IT security and privilege in the data centre, we must understand how the definition of privilege is evolving. The excessive privileged and access control rights for users have critical financial impact on organisations with regard to the risk of a data breach, revenue loss and compliance fines.
It is strongly recommended that organisations implement tighter control by reducing the number of administrators. This eliminates the risk of accidents by managing tightly who can do what, improve auditing, streamline and simplify compliance.
Identity management is at the frontline of protecting sensitive information. When properly integrated into an organisation's information management processes and culture, these type of solutions can help protect assets and reduce the impact of a breach.
Organisations do need to take positive actions to overcome the stumbling blocks that can get in the way of maintaining a robust approach to identity management on a daily basis.
When these have been taken into account then it is more likely that risks are being mitigated, compliance penalties avoided and the overall access to critical information is under tighter control.