By Ryan Squires Posted December 3, 2018
Identity and Access Management (IAM) can rightfully be considered a blanket term covering many different areas of IT and the identity management arena. From logging in to systems and networks to accessing web-based applications and cloud infrastructure, each of those IAM areas fall squarely under the Identity and Access Management moniker. For this post, we will highlight the Top 5 Security IAM areas to consider today. And, while ranking is certainly fun, all of these areas combine to create a comprehensive security framework that protects both users and organizations.
Network Authentication – RADIUS
RADIUS stands for Remote Authentication Dial-In User Service. When you see the term “dial-in” with regard to technology, you know that it’s old. But age does not necessarily hamper effectiveness, especially when it comes to RADIUS. RADIUS is an authorization and authentication protocol used to bolster security on both wired and WiFi network connections. When implemented, it allows users to login to networks with their own unique set of credentials, which increases network security by diminishing the reliance on shared SSID and password combinations. Bonus points for IT organizations that use dynamic VLAN tagging to create even greater security through the RADIUS protocol.
Governance – Event Logging
Event logging is one of those terms that may not mean much until you’re up for a security audit or a breach has occurred and you need to know some information right away. You might now it from the buzz word Governance, but really that’s ensuring that you are building in safe guards so that only the right people can access the right IT resources. If in the unfortunate case that a security breach occurs, IT admins who have event logging capabilities are able to step back in time and trace the steps of individual users. What this does is it gives IT admins the ability to pinpoint when and where breaches occur such that they can find the guilty party, deprovision access, and address outstanding security threats.
Encryption – SSH Key Management
SSH Keys are complex; they’re that way on purpose. In fact, when compared to a standard password, an SSH key generated using RSA 2048-bit encryption is about as complex as a 617-digit password. SSH keys are generally used to access cloud infrastructure from services like Amazon Web Services® (AWS®) and Google Compute Engine. Data stored on those cloud servers is often highly sensitive and should be protected with 617-digit or longer passwords.
Secure Credentials – Multi-factor Authentication (MFA)
The biggest issue surrounding passwords is the fact that human beings create them. When IT admins aren’t able to implement password complexity requirements, or shadow IT occurs, people tend to either recycle passwords or make them incredibly easy to guess. Think of passwords such as, “password,” “12345678,” or “letmein” and you begin to realize that perhaps a secondary method of authentication should be used to save the users from themselves. When you leverage MFA, the most common approach is to link accounts to a user’s smartphone. On that smartphone is a TOTP (time-based, one-time password) generator that spits out a new code every 30 to 60 seconds. So, when a user inputs his or her password, with MFA enabled, they have to also input the corresponding TOTP code to gain access to that resource.
Identity & Access Management – Directory-as-a-Service®
Traditional directory services like Microsoft® Active Directory® (MAD or AD) are stuck in the past. Microsoft created Active Directory some 20 years ago to enable access to what was largely Windows-based networks. It worked very well for that time, but with the internet boom, a myriad of non-Windows resources started to make their way into IT environments. These resources include tools like web-based applications, cloud infrastructure, NAS devices, and so much more. Because AD is a tuned for Windows devices, it struggles to enable user access to all of these new tools. As a result, identity sprawl occurs, password reuse becomes the norm, and IT admins get stuck changing passwords instead of doing more important tasks. With Directory-as-a-Service, this doesn’t happen.
Learn More About JumpCloud
When you leverage Directory-as-a-Service, you roll all top 5 security identity and access management areas into one cloud-based solution. But, it’s a great deal more than that. Visit our blog, drop us a line or visit our YouTube channel to learn more. If you just want to get your hands dirty, sign up today for a free account. JumpCloud’s free account is risk free, which means no credit card is required. Plus, you can manage up to 10 users for free, forever with it.