By Greg Keller Posted June 17, 2016
Identity Management has been one of the most vexing areas for IT in the last decade.
Identities are the way that users access IT resources and IT resources continue to expand (think more types of devices, more SaaS apps, Virtual Computing, and on and on). So identities have been forced to stretch, shift, and evolve with IT resources.
When Identity Management is done right, your employees stay productive and the organization remains secure. When Identity Management is done incorrectly, your users can’t access the resources they need – and malicious hackers can.
So, it’s safe to say that your IAM (Identity and Access Management) strategy is important. But it’s also complicated. The best IAM plan for one company won’t necessarily work very well for another, so we’ll pose some questions a little bit later that you can answer to better understand where you stand. There is a lot of give and take with IAM, so I want to start with talking about striking the right balance between efficiency and security.
The Inverse Relationship Between Efficiency and Security
One of the factors making Identity Management so challenging is that the more secure you make access to IT resources, the less fluid it tends to be for the end user. Think about, for example, how Multi-Factor Authentication (MFA) makes credentials so much more secure, but at the same time makes your users less productive – it is another step after all. In this case, that extra step is worth the hassle, but in other areas it may not be.
On the other hand, when Google Chrome automatically remembers your password for a website, it’s highly efficient – but once your device gets in the wrong hands, they can access your user accounts. Efficiency soars, security takes a dive.
These examples illuminate the careful balancing act that IT must perform in order to get the best of both worlds in Identity Management.
So How Do You Maximize IAM Efficiency & Security?
If you want the easy answer, I would say, “Go check out Directory-as-a-Service® right now.”
If you want the more nuanced answer, then let’s answer some questions about your enterprise:
- Where are your IT resources located? Cloud or on-premises?
- What authentication and management protocols do they support?
- How will you secure and audit access to those resources?
Within your answers to these questions is embedded the ideal Identity Management strategy for you. For instance…
If your resources are located exclusively on-premises and a Windows shop, than you won’t have difficulty employing an on-premises directory (e.g. Microsoft® AD). If you’re taking advantage of the cloud, then you’ll want to consider a cloud-based directory service.
When it comes to protocols, you’re obviously going to want an identity management solution that communicates well in the protocols in use at your organization. You’ll likely want to have LDAP, RADIUS, SAML, and maybe all or some of OpenID, TACACS, OAuth, and Kerberos.
As a general rule, security always trumps efficiency on the priority list. This is true now more than ever. So no matter what route you go with, make sure that you’re one-way hashing and salting your credentials. And I know that I used Multi-Factor Authentication (MFA) as an example of the inverse relationship between security and efficiency earlier, but I still strongly recommend implementing MFA at your organization. It’s simply the most effective way to make your user access is secure.
Admittedly, this advice is a little bit surface-level. If you want more actionable advice and more in-depth information on the 2016 IAM landscape, then click here.
Better Identity Management, Explained
The link above is to our newly released IT Guide to Identity Management 2016. Inside you’ll find an overview of the current IAM landscape, along with a checklist that can help you to determine where you stand. The guide then lays out the challenges (e.g. identity sprawl and shadow IT) along with some of the innovative new solutions available.
Identity management sits at the core of your organization. It connects your users to the IT resources they need. Your identity framework is a catalyst for productivity and a determinant of your security. Carefully thinking about your approach will help ensure success with a difficult problem.
At JumpCloud, we have a lot to offer for organizations looking for better identity management. Through our Directory-as-a-Service® (DaaS), admins can manage a wide variety of users and devices all from one centralized location. You can learn more about DaaS here or contact us directly with any questions.