JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Here is Your Checklist for Identity Management Security



Identity-as-a-Service platforms are quickly becoming one of the hottest trends in the IT sector. As more IT infrastructure moves online, so does the directory service. IT admins are realizing that their legacy Microsoft Active Directory and OpenLDAP implementations are too limiting. They are either single platform or single protocol. Either way, both solutions fail to meet their needs which are to have central control over user access to IT resources, reduce employee friction, save IT time, and build systematic processes to scale their organization.

Get To Know Your Identity Management Security Needs

For IT admins, perhaps one of the most critical requirements is to increase security. The breach of credentials is the number one way organizations are hacked. We hear about those breaches every day, and most of them start with a compromised account somewhere in the chain.

So, the identity management platform is an essential solution in the fight to increase security. This identity management security checklist is a quick way to ensure that your choice of Directory-as-a-Service® platform meets the test of increased security.

The Checklist

Go down the list and make sure you’re leveraging each of these critical security features.

Centralize User Management

Central access control over IT resources is of crucial importance. While a virtual cloud directory is good at that task, it needs to be all-encompassing: cross-platform device support (Windows, Mac, and Linux), multi-protocol (LDAP, SSH, SAML, RADIUS, and more), and location agnostic (cloud, on-prem, or remote). If possible, every system should be connected to your core cloud directory service.

One-Way Hashing And Salting

There’s no way around it, one of your systems is the authoritative identity provider hosting credentials or passwords. Those passwords need to be one-way hashed and salted. They shouldn’t be encrypted because your decryption key is at risk of compromise. In addition, they definitely should not be stored in the clear.

Password Complexity And Rotation

When your users are selecting passwords, you want them to be long and complex. And, you want the ability to rotate them as desired. Those complex passwords can be the difference being hacked and staying safe.

SSH Key Management

You’ll want to leverage SSH keys wherever possible – mostly on your servers. Storing and managing public keys can be painful. An automated system makes that process easy, encourages your users to leverage keys, and allows you to rotate them when desired.

Multi-Factor Authentication

Perhaps the single most significant security upgrade you can make is two-factor authentication. After entering their password, your users will be forced to enter an authorization token from their smartphone. This significantly reduces the risk of a breach.

Auditing / Logging

This core security feature gives you the knowledge of who is accessing what and when. This is quite possibly one of the hardest security goals to achieve. It can be a complex challenge for IT organizations due to the number of systems they have. A cloud-based directory service can centralize logging for a number of authentication items.

Checklist Complete

When choosing a core identity management platform, make sure that it has the security capabilities that you need. These six requirements are a great baseline. Your organization may have others. If you have any questions or comments on our checklist, drop us a note. Or, feel free to try JumpCloud’s Directory-as-a-Service platform to see these identity management security capabilities and more in action.


Recent Posts
Use the JumpCloud Windows App now for easy, native, and secure password management for employees on Windows OS.

Blog

Introducing the JumpCloud Windows App for Workflow Simplicity and Security

Use the JumpCloud Windows App now for easy, native, and secure password management for employees on Windows OS.

Find a single identity and access management solution that supports all the authentication protocols you need. Try JumpCloud free today.

Blog

Which Protocols Should Be Used for IAM?

Find a single identity and access management solution that supports all the authentication protocols you need. Try JumpCloud free today.

Read this blog to see why a domainless approach to identity management is the future of IT, and how you can implement it easily in your environment.

Blog

Breaking Down the Domainless Enterprise

Read this blog to see why a domainless approach to identity management is the future of IT, and how you can implement it easily in your environment.