Emerging Technology (Enhancing, Engaging, Connecting)
Identity Management Systems
With the rise in social engineering cyberattacks such as spear phishing, the importance of protecting user identities has never been more crucial. If our credentials are stolen and our accounts accessed maliciously the harm can include the theft of our identities, resulting in enormous personal loss and damage. For organizations, compromised accounts are among the most common and serious sources of successful cyberattacks.
An area of technology that has been gaining significant attention involves strengthening the protections for our digital identities. Specialized software systems have been designed for this purpose. These systems fall under the general title of identity management systems, or IdMS. These systems have many benefits for both organizations and individual users.
IdMS for Organizations
For organizations, an IdMS allows the management of identities through a central database and by using a seamless toolset. With a robust IdMS, organizations can quickly establish an identity for employees, students or other persons associated with the institution. Frequently this includes trustees, contractors, emeriti faculty members and others that fall into special categories and thus prove more challenging because they exist outside of traditional administrative HR and student systems. All of this falls under the general term “account provisioning” and is of increasing importance in the face of heightened cyber threats and campus security incidents.
The IdMS also makes it possible to efficiently and effectively manage the authorized rights and permissions for users. These control access to systems, networks, facilities and other assets as determined by policies. Operational security is also increased since it becomes easier to monitor and manage the activities of individuals should that become necessary, for example in the case of insider threats.
IdMS for Individual Users
Individual users also see benefits from using a robust IdMS. The IdMS can make it easier and simpler to manage their own credentials through self-service, including changing passwords regularly. An IdMS can even help users choose passwords that are more difficult to hack.
IdMSes can also incorporate multiple forms of authentication such as biometrics, PINs sent through SMS, client software running on trusted devices such as smartphones and other means. Using different technologies for identity management is called multi-factor authentication, and this strategy helps ensure that a stolen identity does not in itself provide access to an account. A great benefit can be notifying users when their accounts show anomalous activity, such as being accessed from unknown locations or devices.
With an IdMS, users who forget their passwords can utilize a predetermined set of security “challenge” questions to help validate their identity, enabling them to reset their passwords as needed. This can be coupled with multi-factor authentication confirmation such as texted PINs or software running on a trusted secondary device.
The IdMS Marketplace
The IdMS marketplace is expanding, and the systems available continue to evolve. Companies including Okta, One Identity and Centrify are well-known in the IdMS sector, but a range of other providers exist as well. Various ratings and reviews exist from industry analysts that can be helpful in exploring the various offerings. Fischer is particularly well-regarded in higher education, our own uniquely challenging environment.
A range of products is available to support the capabilities inherent in IdMSes. One of the most notable of these is Duo, well known as among the best multi-factor identification providers. Duo has a large and well-respected presence among higher ed institutions and works with nearly all IdMSes on the market.
Moving to an IdMS doesn’t necessarily require changing out all current authentication systems. The IdMS can be overlaid onto an existing foundation if the current technologies are solid in terms of design, implementation and management. This is especially true if the current technologies are based on recognized trust-based standards such as SAML. Among other benefits, trust-based standards make single sign-on (SSO) much easier.
An IdMS can be implemented on-premises or in the cloud. Cloud-based identity management can have many benefits including support for business continuity. After all, you can’t access systems when you can’t authenticate to them, as when local services are off-line for emergencies.
An IdMS coupled with multi-factor authentication offers numerous important benefits and should be strongly considered as a fundamental part of an institution’s holistic security strategy.
This article originally appeared in the issue of .
About the Author
David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology in Hoboken, NJ. He can be reached at 201/216-5491 or [email protected].