By Rajat Bhargava Posted August 16, 2016
Identity-as-a-Service platforms are quickly becoming one of the hottest trends in the IT sector. As more IT infrastructure moves online, so does the directory service. IT admins are realizing that their legacy Microsoft Active Directory and OpenLDAP implementations are too limiting. They are either single platform or single protocol. Either way, both solutions fail to meet their needs which are to have central control over user access to IT resources, reduce employee friction, save IT time, and build systematic processes to scale their organization.
Get To Know Your Identity Management Security Needs
For IT admins, perhaps one of the most critical requirements is to increase security. The breach of credentials is the number one way organizations are hacked. We hear about those breaches every day, and most of them start with a compromised account somewhere in the chain.
So, the identity management platform is an essential solution in the fight to increase security. This identity management security checklist is a quick way to ensure that your choice of Directory-as-a-Service® platform meets the test of increased security.
Go down the list and make sure you’re leveraging each of these critical security features.
Centralize User Management
Central access control over IT resources is of crucial importance. While a virtual cloud directory is good at that task, it needs to be all-encompassing: cross-platform device support (Windows, Mac, and Linux), multi-protocol (LDAP, SSH, SAML, RADIUS, and more), and location agnostic (cloud, on-prem, or remote). If possible, every system should be connected to your core cloud directory service.
One-Way Hashing And Salting
There’s no way around it, one of your systems is the authoritative identity provider hosting credentials or passwords. Those passwords need to be one-way hashed and salted. They shouldn’t be encrypted because your decryption key is at risk of compromise. In addition, they definitely should not be stored in the clear.
Password Complexity And Rotation
When your users are selecting passwords, you want them to be long and complex. And, you want the ability to rotate them as desired. Those complex passwords can be the difference being hacked and staying safe.
SSH Key Management
You’ll want to leverage SSH keys wherever possible – mostly on your servers. Storing and managing public keys can be painful. An automated system makes that process easy, encourages your users to leverage keys, and allows you to rotate them when desired.
Perhaps the single most significant security upgrade you can make is two-factor authentication. After entering their password, your users will be forced to enter an authorization token from their smartphone. This significantly reduces the risk of a breach.
Auditing / Logging
This core security feature gives you the knowledge of who is accessing what and when. This is quite possibly one of the hardest security goals to achieve. It can be a complex challenge for IT organizations due to the number of systems they have. A cloud-based directory service can centralize logging for a number of authentication items.
When choosing a core identity management platform, make sure that it has the security capabilities that you need. These six requirements are a great baseline. Your organization may have others. If you have any questions or comments on our checklist, drop us a note. Or, feel free to try JumpCloud’s Directory-as-a-Service platform to see these identity management security capabilities and more in action.