What is privileged identity management

Identity & Access Management The future of secure identity management

Digital identities are becoming more and more important, not least because of the IoT. But the more identities that emerge and the more privileges they have, the more difficult it is to manage them. New approaches are needed here.

Company on the subject

Identity & Access Management, short I AM, is the ability to provide, manage, check and secure digital identities in order to enable authorized, authentic inquiries or access to company data, services, systems and networks. This applies - regardless of whether they are on-premises or in the cloud - on the basis of roles and privileges that are assigned to every digital identity, both human and machine.

With an increasing number of programs, IoT devices and applications that entail more and more logins and verification processes and thus more and more identities, the requirements placed on the IAM also increase. IT managers should keep the following five points in mind if they want to achieve effective identity management that increases company security in the long term and forms the basis of successful digitization.

Security in IIoT Environments

Identities for machines and controls

1. IAM and PAM must go hand in hand

While the role of Privileged Access Management (PAM) consists in protecting access to privileged accounts and applications and thus sensitive data and company assets, Identity & Access Management takes care of the everyday users of a company by controlling access granted to them within an application or program. Since both areas cannot easily be viewed and managed in isolation, it makes sense to To integrate PAM and IAM more intensively in the future.

In this way, the PAM solution can provide the IAM with data on who is granted access to which role-based accounts. At the same time, the PAM solution receives valuable data from the IAM that shows who should have access to privileged tasks. Ultimately, the entire company security benefits from this, since the Security controls increased and Passwords of potentially vulnerable and high-risk credentials rotates automatically become.

2. Behavioral profiles to protect against identity fraud

In order to be able to identify manipulations of any kind in the best possible way and, above all, promptly, it is essential that IAM solutions create individual identity footprints for users on the basis of behavioral analyzes and automatically compare their activities with them. If the behavior of a user deviates from his usual activities, will automates measures initiated to stop potential account compromise.

For example, if employees unexpectedly access from countries where their company has no offices, the systems can require additional security controls or even access workflows that an employee of the same rank can access Approve access must as long as the employee is in this unusual location. The same applies, for example, to an employee who has valid credentials to access a corporate application, but wants to access an unknown, unmanaged device. Here, too, there is generally an increased risk of data loss or access fraud, which is why security controls must reduce employee privileges to a minimum.

3. Identity Management in the Internet of Things

In the future, identities will also play an increasingly important role in the IoT. Regardless of whether it is in terms of mobility, for example keyless cars, vehicle sharing, digital tickets, or in the smart home environment, where things are about building control and home automation - digital identities will be the way we look on the Internet of Things move, change sustainably. But the more tasks and characteristics our identities have, the more more diverse will the Security risks and thus the requirements for identity protection.

This is all the more true for the IoT as the security of IoT devices is still severely neglected. More than 90 percent of the firmware files in IoT devices have critical security gaps, as a study by the firmware analysis platform IoT Inspector showed last year. Permanently programmed passwords in the firmware file system, hidden standard user credentials or weak points in the system configuration are among the most frequently identified weak points.

In order to minimize the risk of identity theft and abuse - and their potentially devastating consequences - there is also a need in the IoT environment new protection mechanisms and technologies that meaningfully combine biometric processes, PAM solutions and artificial intelligence.

4. Risk-based authentication for dynamic security

Making logins as tamper-proof as possible and thus protecting sensitive data and valuable assets from unauthorized access is one of the most important premises in Identity & Access Management. At the same time, the registration procedures should not be unnecessarily time-consuming or complicated in order not to hinder the work processes of authorized employees. It can be annoying to have to go through multiple authentications, such as entering a password, out-of-band PINs and SMS confirmations, before accessing an account.

You can remedy this here risk-based authentication create. The context of an access is analyzed on the basis of computational measurements and a risk profile is created that may or may not require further authentication steps. Any number of elements are checked: Where access is from, how high the privileges of the user are, whether the system meets the general security requirements, whether a VPN connection is open, when the digital identity was last used for the same request was and others.

For example, if the network a user is accessing from is privileged, their authentication poses an increased risk, so one or more additional authentication factors should be addressed. What is special about the risk-based approach is that dynamic security measures are used depending on the calculated risk. If the risk of access is too high, the request will be rejected entirely. This dynamic approach Automatically increases security parameters when the threat level is high and decreases them when it is low.


Identity and access management

GDPR ensures high demand for IAM solutions with a connection to the HR system

5. Overcoming boundaries with Identity-as-a-Service (IDaaS)

Cloud technologies and, above all, cloud delivery models are booming incessantly - also in identity management. Identity-as-a-Service services offer companies the opportunity to overcome the limits of their previous IAM solutions by benefiting from a cloud-based service for the provision of digital identities, single sign-on and bundled access management.

IDaaS can be opened hybrid models where local accounts are provided via a local identity management solution and cloud accounts via a cloud or IDaaS solution. This means that employees can access cloud solutions provided by their employers without having to authenticate through the organization's internal network. In this way, a company can also enable third-party access without ever having to provide a company-owned account in Active Directory. IDaaS enables functions for the Business-to-business identity associationso that accounts do not have to be provisioned on internal systems.

In combination with deception technologies, IDaaS platforms are also ideal honeypots to lure attackers with fake identities and to research the attack paths and hacking techniques with which they try to gain access to the network and the systems. This creates a unique opportunity to observe the attackers' behavior, analyze their lateral movements in the systems and generate individual threat intelligence that increases cybersecurity over the long term.

"Lissi" initiative

Initiative explores the ecosystem for identities based on blockchain

(ID: 46830676)