There are countless ways that malicious entities can break into your company network and wreak havoc and chaos. This can range from stealing private data to disabling mission-critical applications and more; really, it is all a matter of how skilled and imaginative this attacker can be. This is why firewalls, encryption, and other security tools are so important. But what if the hacker had the key to the kingdom - a set of credentials that could give them access and bypass your network security? This is where identity management comes in.
At its core, identity management deals with how users are identified and how their ability to access data and applications is controlled. It is different from application control in that application control controls specific applications, such as Facebook or Outlook as opposed to Bob in Accounting and Mary in IT. In other words, it is a matter of identifying who is accessing your system, which in a default way would likely be a single password. This isnât ideal in todayâs world where that would be a single point of failure, however, so there are other tools that fall into the category to help defend your data.
Administrators can help to defend the network by establishing rules for users in the network - if someone tries to go where they arenât typically allowed, for example, an alert can notify the administrator. Other restrictions can be applied such as only allowing specific users in via specific appliances, such as a work computer. These rules, also referred to as policies, enable administrators to be as advanced or basic with their use group as they feel is necessary. It might seem like a good idea to require every possible gate to be up and running (and in a perfect world it would be) but you also have to be familiar with your user base. If you want to use two-factor authentication, for example, and you have employees that are constantly misplacing or losing the keyfob they use to get the second code, then all the system will do is frustrate everyone - employees that canât work and IT staff that constantly have to override security protocols and order more keyfobs. Properly managing users also enables you to be able to review logs and identify who either lost their credentials or is an internal attackers, enabling you to resolve those issues as they occur.
Since attackers can absolutely come from the inside, itâs also important to ensure that best practices are still in place - one user should be one identity, period. It doesnât makes sense to have all of marketing share a single username and password as that would increase the chances of those specific credentials getting lost in the wild (or a disgruntled employee gets terminated), and if they do get compromised and IT finds out before someone uses them to do bad things, then everyone else will be unable to work, resulting in lost productivity. But by giving everyone independent credentials, it is much easier to section off problems so that the company as a whole can remain productive.
Many of these solutions can be powered by leaders in network security. Fortinet, for example, sells a keyfob system (FortiToken) as well as more advanced appliances such as FortiAuthenticator to manage users. The baseline firewalls also have basic features in place as well to enable monitoring and activity logs to give IT the ability to view and manage any threats that might be brewing. Because of this we highly recommend having one of these vendors in place to protect mission-critical infrastructure such as your servers or VMs.
This blog is listed under IT Security & Architecture Community