Identity Management Security

By Greg Keller Posted September 9, 2016

Security is a hot topic these days. It seems like there is a security breach just about every other day. “Here we go again! Another major company or government has been hacked.”

Most of us have heard of them – LinkedIn, Twitter, Target, and so on. If you want to see many of them, head over to the Krebs on Security blog. Even CNN provides coverage of these major breaches.

The primary method for just about all of these hacks has been the compromise of critical credentials. Whether these credentials belong to an employee or contractor, they can provide access to a large part of the network infrastructure. Identity management security is an absolutely critical component of any organization’s security strategy.

Balancing Identity Management Security and Efficiency

icon-password-complexity-management-12987c580b493c5b6ee67c7ad3a0600c

By definition, identity management is all about security. However, it also correlates closely to productivity. Essentially, the core of an identity management strategy is how to connect your users with the IT assets that they need. Those IT resources could be systems, applications, networks, and many items in between. To maximize productivity, IT’s goal is to build an infrastructure that easily and securely enables their employees, contractors, and vendors to access the resources they need in order to accomplish the tasks at hand.

The challenge becomes how to protect the identity management infrastructure as well as the user.

Explaining The Role Of A SaaS Directory Services Provider

icon-directory-services-dd9d21685572ff908739e6cb41847543

At a high level, credentials are found in two spots: one within the identity management system and the other with the user themselves. Each of those ‘systems’ must be secured. An identity management system stores credentials for users and those IT resources that each user can access. In this case, the cloud-based directory service is, effectively, a database that joins users with the IT resources they need to access. In order to secure these credentials and the table of connections, high-quality SaaS directory services providers will do two things:

  1. They will one-way hash and salt any credentials. No passwords are stored in the clear or even stored with encryption. A one-way hash ensures that it is virtually impossible to reverse a password.
  2. The other half of the equation is ensuring that the person themselves is secure. They need to choose complex, long passwords and not reuse those passwords. They must leverage multi-factor authentication tools via their smartphone to make it harder for a compromised password to be leveraged. In short, the person needs to be more vigilant about their own decisions involving security.

Directory-as-a-Services Defines Modern Identity Management Security

JumpCloud’s identity management platform called Directory-as-a-Service® is a prime example of identity management security. Not only does the system step-up an organization’s security, but it also requires the user to do the same.

With password complexity and password rotation functionality, end users are forced into strong security postures. JumpCloud’s cloud directory supports the use of SSH keys and multi-factor authentication to add even more security.

daas-landscape

Identity management platforms should be a part of every organization’s security program. If you would like to learn more about how JumpCloud® can support your identity management security approach, drop us a note. Finally, don’t forget to give our Identity-as-a-Service platform a try for yourself.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts