In Depth
An Introduction to Identity Management
Providing IT managers with tools and technologies for controlling user access to critical information within an organization.
By John K Waters
One risk worth keeping in mind: Centralized operations present tempting targets to hackers and crackers. By putting a dashboard over all of a company's ID management activities, these systems reduce complexity for more than the administrators. Once compromised, they could allow an intruder to create IDs with extensive privileges and access to many resources.
What terminology should I know?
The buzzwords come and go, but a few key terms in the identity management space are worth knowing:
Access management
You almost never see "identity management" without this term right next to it. In fact, a number of vendors and analysts are combining the two into a single concept: IAM (identity and access management). It refers to the processes and technologies used to control and monitor network access. Access management features, such as authentication, authorization, trust and security auditing, are part and parcel of the top ID management systems.
Credential
An identifier employed by the user to gain access to a network. It's the user's password, public key infrastructure (PKI) certificate or biometric information (fingerprint, retinal scan).
De-provisioning
The process of removing an identity from an ID repository and terminating access privileges.
Digital identity
The ID itself, including the description of the user and his/her/its access privileges. ("Its" because an endpoint, such as a laptop or a cell phone, can have a digital identity.)
Entitlement
The set of attributes that specify the access rights and privileges of an authenticated security principal.
Identity lifecycle management
Another buzz phrase. Similar to access lifecycle management. It refers to the entire set of processes and technologies for maintaining and updating digital identities. Identity lifecycle management includes identity synchronization, provisioning, de-provisioning, and the ongoing management of user attributes, credentials and entitlements.
Identity synchronization
The process of ensuring that multiple identity stores
say, the result of an acquisition contain consistent data for a given digital ID. Password reset
In this context, it's a feature of an ID management system that allows users to re-establish their own passwords, relieving the administrators of the job and cutting support calls. The reset application is usually accessed by the user through a browser. The application asks for a secret word or a set of questions to verify the user's identity.
Provisioning
The process of creating identities, defining their access privileges and adding them to an ID repository.
Security principal
A digital identity with one or more credentials that can be authenticated and authorized to interact with the network.
identity management
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Keeping Your Members Safe from Online Scams and Predators
- Understanding Versatile Authentication and Its Benefits
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- WagerWorks Takes Fraudsters Out of the Game Using iovation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
