Identity and access
management lays the foundations for trusted
environments. It is essential that companies move to an
identity-centric approach to user and systems protection, where
the focus is on authentication to reduce risk, rather than
relying on the current mechanisms of perimeter control and
detection.
Ongoing moves to internet-based business processes and
collaboration frameworks mean it is not a question of if, but when,
enterprises must implement integrated security systems that are
based on the principles of identity and trust.
Whoever we are, whatever our role within an organisation, we all
make use of our identities to authenticate ourselves to public and
private information services. We make systems requests, we pay for
goods and services, and we add to the information silos that
commercial organisations maintain.
Significant challenge
Business success and efficiency is empowered by the availability
of information - and the most significant challenge organisations
face is one of control. There is a need to build trusted
environments where the identity of each user can be proved before
access rights are granted.
Trusted environments where customers and citizens can gain
on-request access to personal and account information, without risk
of identity theft where employees are able to gain unencumbered
access to corporate networks, systems and applications,
irrespective of where their chosen place of work happens to be and
where business partners and suppliers can be provided with
certified access channels to collaborative information sources.
Access management
These are the goals that have been set for identity and access
management, and these are the levels of achievement that software
providers need to aspire to.
The real value-to-business proposition that the integrated use
of identity and access management can deliver comes from the
technologies' ability to deal with all the key identity, sign-on,
authentication, provisioning, access control and administration
issues, and to deliver these as a service that can meet the needs
of all user groups.
The components each organisation selects can vary significantly.
What is seen as a key authentication tool in one area of a business
may be seen as overkill in another.
The primary role of identity and access management is twofold it
is about achieving a balance between the information protection
needs of an organisation and its users, while servicing the access
rights that are needed to support the efficient delivery of normal
activities.
Identity and access management is about protecting business
systems and their users, and at the same time protecting business
systems from their users.
● Andy Kellett is senior research analyst at Butler Group.
He will be part of the expert panel on identity management at
Infosecurity Europe
Infosecurity preview: Knowledge is power
>>
Infosecurity preview: Mobilising single sign-on
>>
Infosecurity preview: Bridging the reality gap
>>
Infosecurity preview: When a year is a lifetime
>>
More
information on the show, including free entry >>
Infosecurity Europe keynote sessions
>>
David Lacey’s security blog >>The
latest ideas, best practices, and business issues associated with
managing security
Stuart King’s risk management blog
>>
Dealing with the operational challenges of information security and
risk management
Comment on this article:
computer.weekly@rbi.co.uk