Basics

The ABCs of Identity Management

Providing IT managers with tools and technologies for controlling user access to critical information within an organization.

By John K. Waters

How can an identity management system benefit my business?

Implementing identity management systems and associated best practices in your organization can give you a real competitive advantage in a number of ways. Nowadays, most businesses want and need to provide users outside the immediate organization with access to their internal systems. Opening your network's doors to customers, partners, suppliers, contractors and, of course, employees can increase efficiencies and lower costs. ID management systems can allow a company to extend access to its information systems without compromising security. Controlled identity and access management actually has the potential to provide greater access to outsiders, which can drive productivity, satisfaction and, ultimately, revenue.

One of the biggest cost savings touted by vendors and analysts alike comes from what might seem at first a trivial consideration: automation of password resets. Yet, depending on whose numbers you believe, somewhere around half of all help-desk calls are for password resets. ID management systems allow administrators to automate these and other time-consuming and costly tasks.

An ID management system can become a cornerstone of a secure network, because managing user identity is an essential piece of the access-control picture. An ID management system all but requires companies to define their access policies, specifically outlining who has access to what. That's a fundamental part of what a digital ID is. Consequently, well-managed IDs mean more control of user access, which translates into a reduced risk of internal and external attacks.

An ID management system can also improve regulatory compliance by providing an organization with the tools to implement comprehensive security, audit and access policies. Many systems now provide features designed to ensure that an organization is in compliance.

How do identity management systems work?

A typical ID management system today comprises four basic elements: a directory of the personal data the system uses to define individual users (think of it as an ID repository); a set of tools for adding, modifying and deleting that data (the access lifecycle management stuff); a system that regulates user access (enforcement of security policies and access privileges); and an auditing and reporting system (so you'll have a way to verify what's actually been happening on your system).

Regulating user access can involve a number of authentication methods for verifying the identity of a user, including passwords, digital certificates, tokens and smart cards. Hardware tokens and credit-card-sized smart cards have traditionally served as one component in the two-factor authentication scheme, which combines something you know (your password) with something you have (the token or the card) to verify a user's identity. A smart card carries an embedded integrated circuit chip that can be either a secure microcontroller or equivalent intelligence with internal memory or a memory chip alone. Software tokens, which can exist on any device with storage capability, from a USB drive to a cell phone, emerged in 2005.

• Email
• Print
• Comments
• Digg This
• SlashDot

• Tips for Tackling Identity Management
• Identity Management: Implementation Dos and Dont's
• The Truth About Federated Identity Management