Breaches are frequent when undeserving candidates find access to information that they aren’t privy to. One of the ways to tackle this is to allow individuals access different parts of systems as per an Identity and Access Management Configuration which allows them selective access to portions of business which they should be handling.
The changing landscape of network and technology needs IAM to be more robust in terms of handling complexities. When it comes to implementation, IAM deployments are complex and susceptible to failure. To add to the trouble there are legacy systems that demonstrate compatibility issues.
While every other organisation has embraced cloud computing, a small subset of them wants the users to bring their own device. Another aspect is connected devices or the internet of things. All these emerging technologies pose challenges on IAM roles and to ensure data safety IAM needs to continuously evolve and adapt. The key to a successful digital business is to ensure a seamless user experience when it comes to matters of secuity.
Remote Work and IAM
Remote users will need to be verified not just with the re-playable name/ password combination but using Multi Factor Authentication (MFA), which can include one or more of name/ password (what you know), access token (what you have), biometric (what you are), etc.
Cloud hosted services need to be safeguarded using your own firewall and other security setup as appropriate. Securing the cloud services in the responsibility of the user and not the Cloud Service Provider. Will also need to ensure that the Cloud Solutions & Services are properly configured - all ports closed, except for the necessary ones and all non-necessary services turned off. Proper roles with responsibilities will need to be defined along with required access control setup. All of this will need to be periodically checked and verified.
Managing on-prem users are bit easy for IAM role context though it has it’s own challenges as threat actors can get access to intranet in-case able to exploit the credentials.
But in case users are bringing their own devices in office and or working from home ensuring security is bit challenging and there are many unknown threats are there which yet to be exploited by threat actors hence it would evolve the responsibility of IAM.
In the case of the above-mentioned examples and remote workforce, the users are not in the physical office premise that has a secure network and layered protection. They are out in the open-access open, with a public network, and personal device which is not hardened or patched. This calls for additional security. IAM specifically needs to be addressed in detail to ensure the asset is being used by the right user using the right device with the right set of privileges. Solutions like multi-factor authentication, biometric authentication, role-based access control, restricting data to the intranet, and requiring a VPN for access are ways organizations are dealing with changes in work location and technology. Further, devices issued for remote locations or BYOB should require additional hardening and monitoring to ensure no issues come across.
IAM professionals need to be able to identify these risks and put in place the appropriate controls to mitigate them. With the ever-changing landscape of security threats, there is always a need for skilled IAM professionals who can help organizations keep their data and systems safe.
Globally, the remote workforce is becoming increasingly common in the last few years, and new challenges for IAM professionals come with that. For example, how do you ensure that remote employees have the appropriate access to company resources? And how do you track which devices those employees use to access company data? These are just a few of the challenges that IAM professionals face daily.
One of the consequences of the COVID-19 pandemic is the increase in remote work. As people work from home, they need to be able to access their company’s resources. IAM can help by allowing employees to access resources through their devices without having to remember multiple usernames and passwords. Additionally, IAM can help prevent unauthorized access to company resources. For example, if an employee loses their laptop, they can use IAM to delete all the company data from the device remotely.
BYOD and IAM
BYOD creates another level of complexity for IAM professional. New processes for onboarding employee devices need to be established and followed properly
With BYOD, IAM professionals need to track the devices through the users who want to access the organizational systems. Device onboarding, privilege allocation, monitoring and revoking access are additional actions IAM professionals may do. Devices are also treated as users in the view of IAM. Endpoint security tools and binding devices with user accounts may make this a bit easy.
For BYOD, additional check will need to be put in place to ensure that the device connecting is an authorized device. If this is not possible, then the connecting device needs to be thoroughly verified, using a NAC solution, to ensure that it has minimum basic setup – latest Anti-Virus, personal Firewall enabled, latest OS patches updated, etc., before allowing inside the network.
For own devices, I would mandate for usage of VPN. As organization is not owning the asset and users, not necessarily, will have knowledge to secure the device or network. In this case, establishing a secured gateway is the Best applied solution. All they need to have is a login id and credential to validate the access that would execute the user access through a virtual computer network.
IOT and IAM
IoT enables distributed data collection and communication. Onboarding devices, monitoring authentication & authorization, and revoking when security threats are identified are additional roles for IoT IAM professionals. Unless user IAM provisioning, IoT provisioning may be at a large scale and distributed.
The remote workforce increases the management of additional security or IAM measures like VPN access management, device and location monitoring, etc. Also in the past first user provisioning happens in a controlled area of offices. So first provisioning is believed to be within a secure environment. When onboarding users remotely, this also brings additional steps in onboarding itself.
Likewise, of IoT devices, will need to ensure that access is restricted to bare minimum set of users and services. Only the required ports and services are running and the OS and the solution running is kept up to date with the latest security/ update patches.
In future almost each electronic devices will be on internet hence threat actors can exploit any system and can get access to infra by impersonation, If someone working from home and threat actor able to get access to home-network, will find its way to get access to office infra as well
For VPN, these systems are stored and maintained in a different network separated from the main server where business or client information is stored. Back-ups of data is a recommended on regular interval.
A unified approach to data and systems access should “elevate security while reducing complexity and alleviating many of the risks” inherent in the world of BYOD. A good enterprise Identity and Access Management (IAM) solution will include “include an access control policy, separation of duties, and single sign-on,” among other features, according to Dell. Two other nuggets here include:
- ensuring your IAM strategy enables your line of business managers to have control over compliance, as they often know best who needs access to what.
– including both mobility and on-premises security and access management in your solution in order to ensure comprehensiveness.
Conclusion
The Internet of Things means that device identity will become just as important as user identity, so device control and authorization capabilities are a must. Network access control systems will need to be able to support IAM by ensuring that BYOD and IoT devices comply with security requirements before granting them access to the network. As monitoring is becoming the best way of detecting and preventing malicious activity, an IAM system has to provide detailed access logs, including access attempts. This data will provide many of the clues necessary to spot unwanted or suspicious activity. Although it’s a demanding task, this review process will create a clear list of requirements and priorities and show which aspects of an IAM system are the most critical for success. Some vendors charge by user and others charge by line item, so you should evaluate each IAM system using a per-user, per-month cost model to get a true comparison of costs.