Identity management (IdM), ensures that only authorized people have access to the technology resources they need to perform their job functions.
It includes polices and technologies that encompass an organization-wide
process to properly identify, authenticate, and authorize people, groups of
people, or software applications through attributes including user access
rights and restrictions based on their identities.
Identity management works hand-in-hand with identity and access
management (IAM) systems. Identity management is focused on authentication,
while access management is aimed at authorization.
The main goal of identity management is to ensure only authenticated
users are granted access to the specific applications, systems or IT
environments for which they are authorized. This includes control
over user provisioning and the process of onboarding new users such
as employees, partners, clients and other stakeholders.
Identity management also includes control over the process of authorizing
system or network permissions for existing users and the offboarding of users
who are no longer authorized to access organization systems.
Identity management is an important part of the enterprise security plan,
as it is linked to both the security and productivity of the organization.
Using identity management, organizations can safeguard their corporate
assets against many threats including hacking, ransomware, phishing and
other malware attacks.
Identity management systems add an additional layer of protection by
ensuring user access policies and rules are applied consistently across an
organization.
Web services will be
the easiest and most affordable way to integrate one or more PACS (physical access control system)
to an IDMS, enabling enterprise-wide, policy-driven access management. While
Web services technologies and standards are still evolving, most of the
challenges that remain are in the realm of Internet-based services intended for
widespread general use and business-to-business e-commerce.
A Web services
“wrapper” can be used as appropriate for the various access control system
interface capabilities. (A wrapper is software code that changes an existing
interface to an application without substantially increasing its
functionality.)
Implementation
of an enterprise-wide identity management system
The implementation of
an enterprise-wide identity management system is of great interest to corporate
security for several reasons.
• An IDMS will close IT
security gaps related to enrolling and terminating employees.
• The deployment of an
IDMS is typically accompanied by a role-based access control (RBAC) scheme for
the information systems. Once roles are jointly defined by human resources and
business managers, and once IT security privileges are assigned to the roles,
security privileges can be automatically granted upon enrollment in the IDMS.
Privileges are also automatically changed when an employee's position changes,
and revoked automatically upon the employee's termination.
• Physical security can
leverage the HR enrollment of employees by integrating the physical access
control system (PACS) with the IDMS, so that access control privileges are
managed automatically along with IT privileges as HR enrolls, re-assigns and
terminates employees.
Using an IDMS as a
common point of reference, physical and IT access control can be synchronized.
And using role-based access control to establish privileges based upon job functions,
both physical and IT access control can be policy-driven.
No comments:
Post a Comment