Identity Management Security – Securing Identities

By Rajat Bhargava Posted September 22, 2016

One of the core challenges that IT organizations have these days is how to secure identities.

Identity theft can pose one of the most significant network security risks for an organization. Major hacks at Sony, eBay, LinkedIn, Target, and much more have proven this threat to us. Your identity management platform can play a significant role in decreasing that risk for you.

Lessen Risks with Identity Management

identity management security

Digital identities have become the number one target for hackers and cybercriminals. They are the keys to your digital kingdom. Thankfully, there are identity management security solutions that make it easier to implement best practices, that substantially reduce the risk of a breach.

Central Control Over User Access

icon-rest-api-4646ae3eb7bb51cd344dd2d025a2239f

Having complete control over all of the professional accounts that a user might have is critical. In today’s world of consumerization of IT, end users can sign up for significant IT services with their credit card and no approval or knowledge from IT. While IT doesn’t want to be a bottleneck, it does need insight into what accounts are being leveraged. In addition to that knowledge, they need to have the ability to eliminate accounts on SaaS-based applications, cloud servers, LDAP-based applications, network access via WiFi, and more. In short, IT’s goal is to have visibility into each user account.

Password Complexity

SSO Logo

Ideally, a user’s passwords are unique and strong. This can be hard to enforce sometimes. A high-quality Identity-as-a-Service platform supports this process. It includes the ability to rotate passwords, monitor for password reuse, and strengthen passwords.

SSH Keys

icon-directory-services-dd9d21685572ff908739e6cb41847543

Where possible, it is better to leverage SSH keys because it increases the level of security. Most widely used on Linux devices and platforms such as AWS, an identity management solution that helps manage SSH keys is powerful. This process can be painful for IT to manage and as a result, it is often used sparingly. In addition, it ends up being a high overhead.

Multi-Factor Authentication

icon-password-complexity-management-12987c580b493c5b6ee67c7ad3a0600c

One of the biggest obstacles to achieving security is user behavior. Much to the chagrin of IT admins, it is difficult to create separation between an end user’s personal and professional life. When users suffering from “password fatigue” leverage the same username and password for consumer sites as for their business logins, it creates risk that is difficult to track or mitigate. It’s best to nip the threat in the bud by requiring an additional metric for login.

This critical security measure is known as multi-factor authentication. In addition to their password, a smart phone-based token sent via an application, such as Google Authenticator, can help lock down user access. MFA works quite well at the systems level and should always be leveraged for critical applications such as email, cloud computing, and others.

Logging / Auditing Of Events

icon-event-logging-api-0a10bf3180a133183e0520ddc6d9e77b

IT needs to have a full log of access to their IT resources. This is, of course, nearly impossible with legacy directory services platforms. Too many IT resources were outside the directory. Consequently, legacy platforms couldn’t see who was accessing what, when. A centralized platform for authentication events is critical to any security program.

Securing Identities With JumpCloud

These are just a handful of the ways that the Directory-as-a-Service® platform can support your identity management security.

daas-landscape

If you would like to learn more about how to secure identities and leverage cloud identity management, drop us a note. Feel free to give JumpCloud’s SaaS directory service a try and see how you can step-up your identity management security posture.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts